Resubmissions
08-02-2025 11:41
250208-ntjjystngr 1008-02-2025 11:24
250208-nhpltstkar 808-02-2025 10:52
250208-myteaasjcn 8Analysis
-
max time kernel
599s -
max time network
589s -
platform
windows10-ltsc 2021_x64 -
resource
win10ltsc2021-20250207-en -
resource tags
-
submitted
08-02-2025 10:52
General
-
Target
https://github.com/Endermanch/MalwareDatabase
Malware Config
Signatures
-
Boot or Logon Autostart Execution: Active Setup 2 TTPs 7 IoCs
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Downloads MZ/PE file 1 IoCs
-
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE 10 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Installs/modifies Browser Helper Object 2 TTPs 8 IoCs
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Drops file in System32 directory 1 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 36 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs
Adversaries may check for Internet connectivity on compromised systems.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies Internet Explorer settings 1 TTPs 24 IoCs
-
Modifies data under HKEY_USERS 3 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious behavior: EnumeratesProcesses 8 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 26 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 4 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Endermanch/MalwareDatabase1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ffd3a88cc40,0x7ffd3a88cc4c,0x7ffd3a88cc582⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1872,i,15550572704134111459,440747798506109614,262144 --variations-seed-version=20250206-180041.353000 --mojo-platform-channel-handle=1900 /prefetch:22⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2128,i,15550572704134111459,440747798506109614,262144 --variations-seed-version=20250206-180041.353000 --mojo-platform-channel-handle=2380 /prefetch:32⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2160,i,15550572704134111459,440747798506109614,262144 --variations-seed-version=20250206-180041.353000 --mojo-platform-channel-handle=2388 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,15550572704134111459,440747798506109614,262144 --variations-seed-version=20250206-180041.353000 --mojo-platform-channel-handle=3168 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,15550572704134111459,440747798506109614,262144 --variations-seed-version=20250206-180041.353000 --mojo-platform-channel-handle=3196 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4664,i,15550572704134111459,440747798506109614,262144 --variations-seed-version=20250206-180041.353000 --mojo-platform-channel-handle=4492 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4888,i,15550572704134111459,440747798506109614,262144 --variations-seed-version=20250206-180041.353000 --mojo-platform-channel-handle=4832 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NTk3MzhENUMtRTBCNy00RkQ5LThCODgtRURCMzQyRjZEM0MxfSIgdXNlcmlkPSJ7OUYyQTNGMzktNEM1Qi00ODQ4LUEwMzItN0JFNTU1OTNENENFfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7NjhFODUxMzYtNDFGNS00MzFELTk0NDEtMDNBNDRDQUJBQjEyfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NC40NTI5IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iMTI1IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M2MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIxMjMuMC42MzEyLjEyMyIgbmV4dHZlcnNpb249IiIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMCIgaW5zdGFsbGRhdGV0aW1lPSIxNzM4OTM1NTAwIiBvb2JlX2luc3RhbGxfdGltZT0iMTMzODM0MDgwNDYzMTQwMDAwIj48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMjE3OTg2MiIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTM3Njc5MTgxMiIvPjwvYXBwPjwvcmVxdWVzdD41⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6D67F9CF-17DE-46DB-873A-E291AB089D2F}\MicrosoftEdge_X64_132.0.2957.140.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6D67F9CF-17DE-46DB-873A-E291AB089D2F}\MicrosoftEdge_X64_132.0.2957.140.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable1⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6D67F9CF-17DE-46DB-873A-E291AB089D2F}\EDGEMITMP_4D4C6.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6D67F9CF-17DE-46DB-873A-E291AB089D2F}\EDGEMITMP_4D4C6.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6D67F9CF-17DE-46DB-873A-E291AB089D2F}\MicrosoftEdge_X64_132.0.2957.140.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable2⤵
- Boot or Logon Autostart Execution: Active Setup
- Executes dropped EXE
- Installs/modifies Browser Helper Object
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- System policy modification
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6D67F9CF-17DE-46DB-873A-E291AB089D2F}\EDGEMITMP_4D4C6.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6D67F9CF-17DE-46DB-873A-E291AB089D2F}\EDGEMITMP_4D4C6.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=132.0.6834.160 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6D67F9CF-17DE-46DB-873A-E291AB089D2F}\EDGEMITMP_4D4C6.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=132.0.2957.140 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff75cb3a818,0x7ff75cb3a824,0x7ff75cb3a8303⤵
- Executes dropped EXE
- Drops file in Windows directory
-
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6D67F9CF-17DE-46DB-873A-E291AB089D2F}\EDGEMITMP_4D4C6.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6D67F9CF-17DE-46DB-873A-E291AB089D2F}\EDGEMITMP_4D4C6.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=13⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6D67F9CF-17DE-46DB-873A-E291AB089D2F}\EDGEMITMP_4D4C6.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6D67F9CF-17DE-46DB-873A-E291AB089D2F}\EDGEMITMP_4D4C6.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=132.0.6834.160 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{6D67F9CF-17DE-46DB-873A-E291AB089D2F}\EDGEMITMP_4D4C6.tmp\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=132.0.2957.140 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff75cb3a818,0x7ff75cb3a824,0x7ff75cb3a8304⤵
- Executes dropped EXE
- Drops file in Windows directory
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\132.0.2957.140\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\132.0.2957.140\Installer\setup.exe" --msedge --channel=stable --register-package-identity --verbose-logging --system-level3⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\132.0.2957.140\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\132.0.2957.140\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=132.0.6834.160 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\132.0.2957.140\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=132.0.2957.140 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff63ce0a818,0x7ff63ce0a824,0x7ff63ce0a8304⤵
- Executes dropped EXE
- Drops file in Windows directory
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\132.0.2957.140\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\132.0.2957.140\Installer\setup.exe" --msedge --channel=stable --remove-deprecated-packages --verbose-logging --system-level3⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Drops file in Windows directory
-
C:\Program Files (x86)\Microsoft\Edge\Application\132.0.2957.140\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\132.0.2957.140\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=132.0.6834.160 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\132.0.2957.140\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=132.0.2957.140 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff63ce0a818,0x7ff63ce0a824,0x7ff63ce0a8304⤵
- Executes dropped EXE
- Drops file in Windows directory
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\132.0.2957.140\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\132.0.2957.140\Installer\setup.exe" --msedge --channel=stable --update-game-assist-package --verbose-logging --system-level3⤵
- Executes dropped EXE
- Drops file in Windows directory
-
C:\Program Files (x86)\Microsoft\Edge\Application\132.0.2957.140\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\132.0.2957.140\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=132.0.6834.160 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\132.0.2957.140\Installer\setup.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=132.0.2957.140 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff63ce0a818,0x7ff63ce0a824,0x7ff63ce0a8304⤵
- Executes dropped EXE
- Drops file in Windows directory
-
-
-
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k AppReadiness -p -s AppReadiness1⤵
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NTk3MzhENUMtRTBCNy00RkQ5LThCODgtRURCMzQyRjZEM0MxfSIgdXNlcmlkPSJ7OUYyQTNGMzktNEM1Qi00ODQ4LUEwMzItN0JFNTU1OTNENENFfSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9Ins1NjQ5QzI5Mi1DNDYzLTRFRUItQTIyNS1GQ0MzNDRENzNEMzF9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iMiIgcGh5c21lbW9yeT0iNCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQ0LjQ1MjkiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSIxMjUiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O1ZQUW9QMUYrZnExNXdSemgxa1BMNFBNcFdoOE9STUI1aXp2ck9DL2NoalE9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xOTUuNDMiIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIwIiBjb2hvcnQ9InJyZkAwLjI0Ij48dXBkYXRlY2hlY2svPjxwaW5nIHI9IjEiIHJkPSI2NjEyIiBwaW5nX2ZyZXNobmVzcz0iezFERkE3NzA1LURFMjktNENBNS05Q0NCLTY2QjM3NUFCRjk2OH0iLz48L2FwcD48YXBwIGFwcGlkPSJ7NTZFQjE4RjgtQjAwOC00Q0JELUI2RDItOEM5N0ZFN0U5MDYyfSIgdmVyc2lvbj0iOTIuMC45MDIuNjciIG5leHR2ZXJzaW9uPSIxMzIuMC4yOTU3LjE0MCIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSIwIiBsYXN0X2xhdW5jaF9jb3VudD0iMSIgbGFzdF9sYXVuY2hfdGltZT0iMTMzODM0MTE5MzY5NDcxMjYwIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjEyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1Mzg5MTM1NzI1IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjUzODkxMzU3MjUiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjAiIGVycm9yY29kZT0iLTIxNDcwMjM4MzgiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjU4NDc4ODU2ODAiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImRvIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy8wNzQwMDM2YS00ZTE4LTQ1NmQtOTZmYS1kMWQ5YzRjYTQ2NzY_UDE9MTczOTYxNzg1OCZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1uYkdpYW1EZ3pueHVqOGY0aGxqQWFaWlB2RDdGQ0F4a2pzaTV1bFlkeTN5QXZQdk9FZHR4RXlVUGdhaE4wJTJmWG9GTmRrWWVUM2k2YVdEM2thODVjbSUyZlElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIwIiB0b3RhbD0iMCIgZG93bmxvYWRfdGltZV9tcz0iMCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1ODQ3ODg1NjgwIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy8wNzQwMDM2YS00ZTE4LTQ1NmQtOTZmYS1kMWQ5YzRjYTQ2NzY_UDE9MTczOTYxNzg1OCZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1uYkdpYW1EZ3pueHVqOGY0aGxqQWFaWlB2RDdGQ0F4a2pzaTV1bFlkeTN5QXZQdk9FZHR4RXlVUGdhaE4wJTJmWG9GTmRrWWVUM2k2YVdEM2thODVjbSUyZlElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNzcxODAyMTYiIHRvdGFsPSIxNzcxODAyMTYiIGRvd25sb2FkX3RpbWVfbXM9IjM5NzM0Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjU4NDgwNDIxMzgiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTg2MTMyMzI5NiIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5Njc1NyIgc3lzdGVtX3VwdGltZV90aWNrcz0iNjQxNDYwNDgyNSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9Ijc2NSIgZG93bmxvYWRfdGltZV9tcz0iNDU4OTEiIGRvd25sb2FkZWQ9IjE3NzE4MDIxNiIgdG90YWw9IjE3NzE4MDIxNiIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iNTUzMTMiLz48cGluZyBhY3RpdmU9IjEiIGE9IjEiIHI9IjEiIGFkPSI2NjEyIiByZD0iNjYxMiIgcGluZ19mcmVzaG5lc3M9Ins3NzMwRjIzQy0yMDc1LTQ0Q0YtQkJBQi1DQzc0QTExN0RCMUR9Ii8-PC9hcHA-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IjEzMi4wLjI5NTcuMTQwIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMCIgaW5zdGFsbGRhdGU9IjY2MDgiIGNvaG9ydD0icnJmQDAuODYiPjx1cGRhdGVjaGVjay8-PHBpbmcgcj0iMSIgcmQ9IjY2MTIiIHBpbmdfZnJlc2huZXNzPSJ7RjRBRDBFNjgtRDNDNC00QjFDLThEOEMtNkFCNDM0QkFGNEU3fSIvPjwvYXBwPjwvcmVxdWVzdD41⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Active Setup
1Browser Extensions
1Event Triggered Execution
1Component Object Model Hijacking
1Privilege Escalation
Boot or Logon Autostart Execution
1Active Setup
1Event Triggered Execution
1Component Object Model Hijacking
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
6.6MB
MD5b4c8ad75087b8634d4f04dc6f92da9aa
SHA17efaa2472521c79d58c4ef18a258cc573704fb5d
SHA256522a25568bb503cf8b44807661f31f0921dee91d37691bf399868733205690bf
SHA5125094505b33a848badcffd6b3b93aad9ad73f391e201dee052376c4f8573ba351f0b8c102131216088ffb38d0ed7b5fe70ba95c3ac2c33a50c993584fe7c435e3
-
Filesize
573KB
MD567ea1fb4d7fedf3aa9fadb7ce9165d0c
SHA13af53d66d8126bbf51e8974ddabd9843f0e8a35f
SHA256727569d83d1fda66cbd46f34f8fa5f5ad678fad17eea10d26928e8b564805bec
SHA512b63d8bdc430ea790bd46e0ad6155743e0faa2cb32d58bab789929e355739911cc903a89790f3cf85111bfcb0a16323f9947812e7f074a0609821dad61d0573e4
-
Filesize
1KB
MD56f32d7a19b2fcfd7c551ae8f1e9b8683
SHA14b3001d77ec91db177c574527de0552f3755e934
SHA25642dc977fe7ee40690ff16b431aa38cd44e65410418dc961b601145e547b2b7f8
SHA512b961227f9f2faae3630f6bbd9e2394ac829e18b23b0aeff9ba4bc2a3364a7a65e8f76bde6d44b8b519eed4df1ab5d118c6b471364dc65576901d2178407d4203
-
Filesize
3KB
MD540adb29d7d8f3c3c2e245a2d404910b2
SHA1b4a267fdd9b2c6e61e129bbbc0b40092cd0528ba
SHA25637116db30ec6cd963a31a3938405f83f1f4bff194d989555fda2365003e58787
SHA512ad372cd4605ef5530a8acd628aae0d22db582c78ce036aadbe0b78737c35e62ddd683d62756e62b4f3deb45e931ca645b9e75f5fbec21503e85636ac757c19fe
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
1KB
MD54a45458ee614e12c3221d20ebe50a6fa
SHA1215c7fb4e4485538681d6ce2caf7f9f897066ee3
SHA2560f6bf58a16f82a052964fc80dd886055c9ca8296d1f6e886086563cf13156959
SHA51268ab60776eeaa56a6a6efd4daef8f0fdf83a989159003e07ea407d2f43906106ab60346a88a21fe134996d0c617e4a6f56b5326ebeefb9eb5e0362e65938f366
-
Filesize
8KB
MD5afd5d5645981b65e4eafeda8ffa47dce
SHA1125307aedc3a0a25b030c0dd1f1c881d0c66e62a
SHA2565ded0414fbbee516e949a5fb5a1bf257f6e4f906eef5cea8ffde6177bd7d2f09
SHA512a171a544c468a2d64454973cce44b2616e188cc50aa5b808be29d786ae6289e69b22a8274850fe92da4d2f5164bd07cbb701776b49dae69cb386dee28f0f65c4
-
Filesize
8KB
MD5f23be5ceb7b222d1f233d01a9934b270
SHA1ec25ab177994560a4408a84965bae12163a4d37a
SHA25631920081fbb7311191aca4e2ade1cbc036b81fa3af8d8fd66b79c42941b9e193
SHA512e7fd7031c61f9ed5898aaa50e05ea3c359b6c97f32d990ad2e71fb91dbe421229b89c026343132346ff7d11726c655f820325a1e88d5d10103de5e223965761c
-
Filesize
8KB
MD58e159e0a677d1d32ccfce1466ce89ed8
SHA12e5d3c83c577ef018c62716e7c193556f0aa0f2c
SHA2560fbae765232f83d0c82e462d5bf27c893e65d1c6ba7a45379cd89c6b21697cc4
SHA512744a4272f45dce24a86a6ffed55f0e9e2b61b45bedd5afcfd4a6609998a235381373b10e51eb0bb24c764388d3db116821464f9f4fbb6eee82c4ef3515a187d3
-
Filesize
8KB
MD53f49a25edead5b5510f574f995ba2423
SHA181811b6d670ea510946f76a97eec202216d80815
SHA256d11e86bf3f632aea59005374531e4ff81b7726704128fb3308ea9a14ba5272f7
SHA512cea4dee62328763d462c391742730d719b9c80855f540b62b5d01da9d191fafedae45743ad131ea13e5469caf782a576decb3ed9f36d7ae5bd31cc51cfebb23d
-
Filesize
8KB
MD56c97decd5dcf8c15e20b45b172b33074
SHA10e93990a94ec2a3170a221bc77e0161f46c5012d
SHA256aa55b43bdeb3f933e929bc837c9bebed6bb4ebbafb7a6dc40c96e0a237f6ae66
SHA512349714f660987c6a06272b6651cc0e88b84527fef056c37c2375d098f217dc4122d1a23333f31aa3f9502ac33cd301bab2a25af1b82e41d708f6b184a9237874
-
Filesize
8KB
MD5d10b62cd122d20b658d6f8b044020406
SHA1f9633b0c571aebd9fd3d3d7775f2b8e1c7c828fe
SHA2566defc30a9a51f1a91d445cbba3ba05f981c051db70b4fc135e34b6bde1566270
SHA51289c23ce4d5138f04589cd991725d09b6c8bd48a1f695087432b71ba1ad2a2d2c459ae697240eec8ae733cb437c04161cdb6ab7011869003082af1a62e2c1938c
-
Filesize
8KB
MD575213fdbcffd74420573cc72ec98329f
SHA176a5692ebe12e336f9bdfdc00779071572d216ea
SHA2561da4e32472d0e13407d5ff18554de8f313d4454aa19328b54ca7bd59fea806ef
SHA5122db2949d2987d9a78d5bea779a294b7b7db7d0eb43cd3e97a4865c0be5517087038b0455b1d930d8efbd06b68de765a46ef013dd021dba1a651e8b45f6084aa5
-
Filesize
8KB
MD555131bcfd9b9ba11c4cfab3ebcfcd9eb
SHA183dde621b633ea677496e2f7f63fe03f8d1f0537
SHA25649c07054768485954cbfe13881d2772f8cc06252e3edacd5f650b81faaae607b
SHA51274f300206beaa4208aebc1a4a4a89994226c0004d4ad9616ab9e246ee3c047388d67914ec4f98ee5cfeea506923fc9fa6da04a2a8da4c71b31240947b4b560a9
-
Filesize
8KB
MD534ba12d43143ab64014d29a8f62df58c
SHA15124d534937013fb86d2d89582cee276017e70d1
SHA256881776668f05d9e7571a2b1ff2d79e2d3c3af5c0479c8f5455b0f1a2fec5a0d0
SHA5123c7f55a6cdc0349aa0662a707ad997e56f698ae4cc48d3ed3b2bbed9eef7a9a76f5d3edc96830c047e5128cd4639a1afd554203113e71d5430021670b95e3f96
-
Filesize
8KB
MD5ed27b74c8ecc5223f21a27dfa73dfaa0
SHA1daf49f82e99d4eab71948c1085ea95ba02cb3ee5
SHA256efcd366990810433c6bf5a167b6b3658953d72f8da4762d4520085cede1611b1
SHA512a82c9a64bf53770371bbe39d457b60869c63dcfb10d07dcff1b0b0a674006ffb6a7779f1f27a692512f1b7bf47e46675470ce4b77ce157f172fde881d344cb5f
-
Filesize
8KB
MD5f405a5fc72f8e42aa5547a281f3a296d
SHA1ea33376b1045894060064c809238324d13361448
SHA25642f0198fe554de78ca5916b936fd1428973fa2e0a8d7e3338c7ab8727514e185
SHA512aff7d452f6056d8bd15c7c94ac854ae4efeec8baecb152a49987f93cd98e9638258ca9a41bc67034a43bfca0fb78db07cedd23d608d1b066a3be75389c79df7e
-
Filesize
8KB
MD588edfb7f9990b9d0d37f6b8688fb4193
SHA1be158caeb2c56644a6f0f57e4f30356e1ebcb702
SHA25682f7b0b9748bfa50bd1952b155cee7e472ebf1a19cca45935d9c2c76fb4a51fc
SHA5128d1f8a4e30e7fd0f3ee935ca5db606428d61d3f9c0507d4e18af84716a3c308e154e21115f7b3f9b0c5bb5780604562131b669c2edc02b5dc16dde78b8ec46e9
-
Filesize
8KB
MD5041ecf090d59fc3b4625c1b2127ec463
SHA16eb826cd8b49796a917b3f62505204410e9927c7
SHA256f5f101aa7ae556d8a965a9f61611c861a24820ef6eb3e2133ef2f1a0da3315a7
SHA51244685f610bd29b6ffbc9d411af2e37d8118e3ee85f5ae9249d1272d03980f8764725216ecc3598a63b408dc856bce6f11aebf33f6265b3e291744ec1353bfa80
-
Filesize
8KB
MD5cc158aa18897e103258c80958475fcaa
SHA14d28c08f19c7ae586153b1a07fa8438b0517233c
SHA25640d347ac3a846b75f319d02e2254322dbcf3dd4e035fbc1be29306bacf16dea3
SHA512de4967fb426341c2a9926b250d2d9ca1a958d619f28d3087584a2e6463a3596a2aa3b3ac52d7dcee836cf12d5d940b47ecb72707c90f465a46b974dd68736354
-
Filesize
8KB
MD5e960ee4f79e1525a62956d62bc65c430
SHA10015e43d526b069cd16379bc72b6c9c2a3d94f05
SHA2564f07027946d7620c319ebab637b2576c40438c0886bd9e1d84ddb363a8d21f32
SHA51250fbf88f68e77322dfcac1514de301bb2f91cc3317e581f46b9c3a8ccca3439338ffbfd8bd84b85aebff2a19a4c272bfed8a610cea4df76203cadba9b9e4b5ce
-
Filesize
8KB
MD5238b32613095d29285247507bcfac368
SHA1eb60fa67a31554cd11bf867e389e1cfc893f8865
SHA256362e5924d591ccc16fe6df8b0546c006ab7b73a87bfb65a2a5afccc9d9271716
SHA51293b43de00f3ed48aa25b2a42e43d520ab323f8ecc0c1c932b871104932708c2f868445023bc2737115a88f60f3cb94ae86ae85fa5807822f8619b63596b6064c
-
Filesize
8KB
MD58a26ef50326138a4982bc5df9a16e044
SHA182ef9acea6966b126c00fb352885718410b09a2a
SHA256c1e455f2d332ac110299fcfa67d16e6011bd83d558e01ed62e92e162b939a8fa
SHA51230c02866b17cb1bc97dd1b713988ac06436ca2e35583ea180ddc340b5fd8a0ad3653774ffc8eb02543653974a6096310c8b630d1768f62049cf1f02f92029482
-
Filesize
123KB
MD51e58fdcd43029063ecf5c5fb0a7e49eb
SHA11951f6f4c9d06c371bf667ad6156e6fb5654751c
SHA2563e2fed72659d73e874a7c3f6de64383b82a63af64bd24bdc4bd6b03ca321e590
SHA51256a081faa8957f370d63432574a160919f1da9fcccb82d42eb3fc84b7b51a09fee566ec8ebc7cc6c392216d045fa04abd3c7752552435b63b9801c5b82840676
-
Filesize
123KB
MD5854166fabaf281a7d0fdacc448aef2cc
SHA14121f350d705730510a6e75bbda461f165857220
SHA256dfdb81194ae599462e0ee3857cee7bb842fb686a941ae5fea8d0d334d00136e5
SHA5122146ddc4940ca32f5e3647dc75dd23899dbb4e3e2c68e82d4c073964bc88dfe8509a08566dc21653e07ca671480fef01eaeff60439fbe9477bbef770bf75f4e4
-
Filesize
72KB
MD54871c87732a4d6e576d145284aabccd4
SHA17da5bf6db66e908e469022a2418a3b708d069e32
SHA256ca42dfd0e2c6a9ae34b556c979d815c5ff42d4d77a894459338d3685be22ac16
SHA512c98cc0c0da8ff741dcf266cccce2ee1f41e3cb8c37689d155608f41b4dc98b2dcc982a7a3c015034678f1b296cdac98131e6b893b6e215b3e5f0e1478ee3accb
-
Filesize
96KB
MD596b27f83f05437a9bfddc83c5a23e8c2
SHA1e7394188c502995445151ac709ca6ef8b031d2d1
SHA256cdd7d9f8a38f4c83881c42ae5f7ab09af53f99fc4875ecfd720d5092ff39b5d2
SHA512eddc07ca0353dcb70db81928ec8c620e034c24f04f0a7a8c4a114cd3d1bef58f0d1580c526a0188dbb1860430a63650df8983aab490c95323f1dc69198f9a5e1
-
Filesize
101KB
MD576d1f01389b057ddb2ad9fbe3b3562a7
SHA182e07c2589306539c623c2151a1c5281c16cd192
SHA256140e4eceaee8a4bb423bb5c3b4a58ed31b28aaac7379e7eb354bc6d7a12965ef
SHA51270dc7e4a4f5c90414f5d96f1602c5934f37f32315d4296e84007113deeb2ddb92ff49cbafcf23e725f7fe82627b46e7ff640df94c0c04b930104c6d6714002ec
-
Filesize
101KB
MD5b7a44d91fb6b53da67b16d746afee4dd
SHA1c39870a70fa264861c64b2a7d0a4fda07d384a04
SHA2567ce13b106126ea2d263965daa343ce820143105f721cbe77e6b7383711adf390
SHA5121c645622bc91b4df69f3fdb6d86268c343e0c3b8a984a25aecc50c3b63c4aa013fd93f65e76bc6df7e5c8e01fdfa3640aee5b937ae93ee275a002cffb367320f