hxxps://www[.]youtube[.]com/redirect?event=channel_banner&redir_token=QUFFLUhqbWthUXR1ZDlGMXRZbHk3aFB2NDBYYl9Ea01hZ3xBQ3Jtc0trdFN3NlQ1aHNJU011TW5pdHJDRzBHREdkZVRDMGR6UHhEamxNNmg4YlJMa0VDNXJKcHd0M2NvU1Zrd01sY0JremFEVHQ3LWRNSE9jWnh6cjB3YXhfdlU0Qko2Y3JQYjFzb1VEQmpkUm1QdTYyS2MyRQ&q=cute18[.]us%2Fgirl%2F%3FLive

Analysis

max time kernel
150s
max time network
152s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
01/04/2023, 17:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/redirect?event=channel_banner&redir_token=QUFFLUhqbWthUXR1ZDlGMXRZbHk3aFB2NDBYYl9Ea01hZ3xBQ3Jtc0trdFN3NlQ1aHNJU011TW5pdHJDRzBHREdkZVRDMGR6UHhEamxNNmg4YlJMa0VDNXJKcHd0M2NvU1Zrd01sY0JremFEVHQ3LWRNSE9jWnh6cjB3YXhfdlU0Qko2Y3JQYjFzb1VEQmpkUm1QdTYyS2MyRQ&q=cute18.us%2Fgirl%2F%3FLive

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133248508900375958"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3900	chrome.exe
3900	chrome.exe
5020	chrome.exe
5020	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3900 wrote to memory of 4092	3900	chrome.exe	66
PID 3900 wrote to memory of 4092	3900	chrome.exe	66
PID 3900 wrote to memory of 4296	3900	chrome.exe	68
PID 3900 wrote to memory of 4296	3900	chrome.exe	68
PID 3900 wrote to memory of 4296	3900	chrome.exe	68
PID 3900 wrote to memory of 4296	3900	chrome.exe	68
PID 3900 wrote to memory of 4296	3900	chrome.exe	68
PID 3900 wrote to memory of 4296	3900	chrome.exe	68
PID 3900 wrote to memory of 4296	3900	chrome.exe	68
PID 3900 wrote to memory of 4296	3900	chrome.exe	68
PID 3900 wrote to memory of 4296	3900	chrome.exe	68
PID 3900 wrote to memory of 4296	3900	chrome.exe	68
PID 3900 wrote to memory of 4296	3900	chrome.exe	68
PID 3900 wrote to memory of 4296	3900	chrome.exe	68
PID 3900 wrote to memory of 4296	3900	chrome.exe	68
PID 3900 wrote to memory of 4296	3900	chrome.exe	68
PID 3900 wrote to memory of 4296	3900	chrome.exe	68
PID 3900 wrote to memory of 4296	3900	chrome.exe	68
PID 3900 wrote to memory of 4296	3900	chrome.exe	68
PID 3900 wrote to memory of 4296	3900	chrome.exe	68
PID 3900 wrote to memory of 4296	3900	chrome.exe	68
PID 3900 wrote to memory of 4296	3900	chrome.exe	68
PID 3900 wrote to memory of 4296	3900	chrome.exe	68
PID 3900 wrote to memory of 4296	3900	chrome.exe	68
PID 3900 wrote to memory of 4296	3900	chrome.exe	68
PID 3900 wrote to memory of 4296	3900	chrome.exe	68
PID 3900 wrote to memory of 4296	3900	chrome.exe	68
PID 3900 wrote to memory of 4296	3900	chrome.exe	68
PID 3900 wrote to memory of 4296	3900	chrome.exe	68
PID 3900 wrote to memory of 4296	3900	chrome.exe	68
PID 3900 wrote to memory of 4296	3900	chrome.exe	68
PID 3900 wrote to memory of 4296	3900	chrome.exe	68
PID 3900 wrote to memory of 4296	3900	chrome.exe	68
PID 3900 wrote to memory of 4296	3900	chrome.exe	68
PID 3900 wrote to memory of 4296	3900	chrome.exe	68
PID 3900 wrote to memory of 4296	3900	chrome.exe	68
PID 3900 wrote to memory of 4296	3900	chrome.exe	68
PID 3900 wrote to memory of 4296	3900	chrome.exe	68
PID 3900 wrote to memory of 4296	3900	chrome.exe	68
PID 3900 wrote to memory of 4296	3900	chrome.exe	68
PID 3900 wrote to memory of 1736	3900	chrome.exe	69
PID 3900 wrote to memory of 1736	3900	chrome.exe	69
PID 3900 wrote to memory of 1472	3900	chrome.exe	70
PID 3900 wrote to memory of 1472	3900	chrome.exe	70
PID 3900 wrote to memory of 1472	3900	chrome.exe	70
PID 3900 wrote to memory of 1472	3900	chrome.exe	70
PID 3900 wrote to memory of 1472	3900	chrome.exe	70
PID 3900 wrote to memory of 1472	3900	chrome.exe	70
PID 3900 wrote to memory of 1472	3900	chrome.exe	70
PID 3900 wrote to memory of 1472	3900	chrome.exe	70
PID 3900 wrote to memory of 1472	3900	chrome.exe	70
PID 3900 wrote to memory of 1472	3900	chrome.exe	70
PID 3900 wrote to memory of 1472	3900	chrome.exe	70
PID 3900 wrote to memory of 1472	3900	chrome.exe	70
PID 3900 wrote to memory of 1472	3900	chrome.exe	70
PID 3900 wrote to memory of 1472	3900	chrome.exe	70
PID 3900 wrote to memory of 1472	3900	chrome.exe	70
PID 3900 wrote to memory of 1472	3900	chrome.exe	70
PID 3900 wrote to memory of 1472	3900	chrome.exe	70
PID 3900 wrote to memory of 1472	3900	chrome.exe	70
PID 3900 wrote to memory of 1472	3900	chrome.exe	70
PID 3900 wrote to memory of 1472	3900	chrome.exe	70
PID 3900 wrote to memory of 1472	3900	chrome.exe	70
PID 3900 wrote to memory of 1472	3900	chrome.exe	70

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://www.youtube.com/redirect?event=channel_banner&redir_token=QUFFLUhqbWthUXR1ZDlGMXRZbHk3aFB2NDBYYl9Ea01hZ3xBQ3Jtc0trdFN3NlQ1aHNJU011TW5pdHJDRzBHREdkZVRDMGR6UHhEamxNNmg4YlJMa0VDNXJKcHd0M2NvU1Zrd01sY0JremFEVHQ3LWRNSE9jWnh6cjB3YXhfdlU0Qko2Y3JQYjFzb1VEQmpkUm1QdTYyS2MyRQ&q=cute18.us%2Fgirl%2F%3FLive
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffe96159758,0x7ffe96159768,0x7ffe96159778
  2⤵
  PID:4092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1624 --field-trial-handle=1764,i,12101522088150783560,6045148725309696660,131072 /prefetch:2
  2⤵
  PID:4296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1764,i,12101522088150783560,6045148725309696660,131072 /prefetch:8
  2⤵
  PID:1736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2076 --field-trial-handle=1764,i,12101522088150783560,6045148725309696660,131072 /prefetch:8
  2⤵
  PID:1472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2980 --field-trial-handle=1764,i,12101522088150783560,6045148725309696660,131072 /prefetch:1
  2⤵
  PID:3712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2956 --field-trial-handle=1764,i,12101522088150783560,6045148725309696660,131072 /prefetch:1
  2⤵
  PID:2300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4644 --field-trial-handle=1764,i,12101522088150783560,6045148725309696660,131072 /prefetch:1
  2⤵
  PID:1692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4808 --field-trial-handle=1764,i,12101522088150783560,6045148725309696660,131072 /prefetch:8
  2⤵
  PID:4760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4896 --field-trial-handle=1764,i,12101522088150783560,6045148725309696660,131072 /prefetch:8
  2⤵
  PID:4784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4648 --field-trial-handle=1764,i,12101522088150783560,6045148725309696660,131072 /prefetch:8
  2⤵
  PID:4672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3740 --field-trial-handle=1764,i,12101522088150783560,6045148725309696660,131072 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5044 --field-trial-handle=1764,i,12101522088150783560,6045148725309696660,131072 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4748 --field-trial-handle=1764,i,12101522088150783560,6045148725309696660,131072 /prefetch:8
  2⤵
  PID:828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4528 --field-trial-handle=1764,i,12101522088150783560,6045148725309696660,131072 /prefetch:1
  2⤵
  PID:2820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5388 --field-trial-handle=1764,i,12101522088150783560,6045148725309696660,131072 /prefetch:1
  2⤵
  PID:2068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5048 --field-trial-handle=1764,i,12101522088150783560,6045148725309696660,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5316 --field-trial-handle=1764,i,12101522088150783560,6045148725309696660,131072 /prefetch:1
  2⤵
  PID:1476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4808 --field-trial-handle=1764,i,12101522088150783560,6045148725309696660,131072 /prefetch:1
  2⤵
  PID:2996

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4144

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3f4
1⤵
PID:1488

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:220

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
25KB

MD5
23e68336906da155b7656f6d204fcfbb

SHA1
6d666ef20261bf676549fbb5df548ca5ca6c7a39

SHA256
f3731f460ec9754bbd5652c6bd5aca2a1cad2f815f41b333df37847e989c62e6

SHA512
b5cdb87e2fbc3edd656cd64f47e739d02dbf5718426d0bd6ac019c1c70318357f363548a609f09334f4b6972c23999a7f3446116a2b1c37c39479340cceb6d91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
25KB

MD5
7d54af67f8ed1b8a0b1698272d1e02cf

SHA1
6c9cdaf1d9193f1d7f077286531a890fde3a1b91

SHA256
5cfb135c5c7a2ed537035316b3ef1a75f7d46eeb2dc1f9080883936aee2060dd

SHA512
32553654abb6c8743e28ce0618498cb0d8d409a79747f37fe39599f93c9392bdfd8b34ea6a87fd6308f7de56d4136cc49ffecc55a85145023fbfcfd50db755a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
1024KB

MD5
6456fe49650ee899b44d38c44c7e1fab

SHA1
93d6c522d769cf7b44d87715dcf2cb64419e1819

SHA256
0363876bd47caab38f6103634c63abbe229183bd1ca3842a699d239ac791fc72

SHA512
0388be71f277f764ff912ea44f0f57a1670e21e20b8646bf9c11ffe133328cfad02eb171926afdbba23b7d1e3379c08068ce86c0009261cc1fc00427aca3bfde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
816B

MD5
88a701db7ea80db6f018192fe6c55019

SHA1
fd5aa60f53f76797aa2cc31e92dcc5a0365e27b6

SHA256
d8122c36526afe1d4f25b99eb0ba47e55da2a4dfee2bc04663d4d040e562bbab

SHA512
909e5e8bb37a5af5bd6350d5274df4ac01a9960f7f3627f51d9327c32a804f522e5e84bbd7d80140e35a90806fe9121a6cdc6da20af3fde642792205ff27eb64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
efba13b3c14a126c787c4b3a1330c0c9

SHA1
121181217ce8182de365a4267fb4e5f2a725f9ee

SHA256
93c6fc6aefada1901d8a39873e48293aeeab5f40a483e38432f915e587ca4091

SHA512
415284fe9c0db4cf503d353c484280052ef501e54b13458c9d4b89c8370e1a4b7e5b0e4a61e6c164dc201e1980083451ed110b97a831b06f6c43b66433dbf799

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
d247b5ca5b6a49f2b12da5b59b4d3c6e

SHA1
59298bf9d84e42f7f32a7f3f2ad34e644ab5b69a

SHA256
9f4f015588f013802d25e9fcc402ddebebfbee68418d3c52311c54470f3b40af

SHA512
2bfc507edd5d640e7e669a0b983fd9c4294fc3596e9b96d64e560cdcf94f9f676b5d2c59457804feb8ab41b8dde1fa69ed5dee7821fac97368c4973ccd1660bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
3fe4cd170f63244ae7969fbbd287491f

SHA1
0d819149614ad81aaa798709a8a18517e3158f6f

SHA256
ec4986bdb685610bda75ac10d9e729a4bebc8a2aa66946596a4f0ba72aed7904

SHA512
387f0317d1768d742956d46af992432d90b5faeec450f4509886275f985a6a68be0a0ac61ab71b1dc4850210c5fe6fd8dcf1278a1fb0291a5e03d0d3e4600925

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
9de8bc73347b7fc509b19478206498d7

SHA1
965adb229c775daf3592b09d4bdcd1417e352af1

SHA256
a53ac5fc2276e950b9ac17ec99c90197381bda2eaafd182d29495a5fa4a6e78d

SHA512
57d6c5fe2f3f6a0b3583f85c88c50dda664ddc0702ed0a1488c913de950cfce553b6d0b66809af339a60d353db03203f19852697f474bd4a409ede0a8e5239b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c5cba62b0fd4037f8af76990599127a3

SHA1
6dd9027042b717fe8fd57ea049234cf3249f6866

SHA256
4c5e3dcb193a40bf0613bcbc015f510837e95b415e03a5a48c74ab8016fb4818

SHA512
eec67631b1c2bd3964003eee1612b263808e6d38057b057fb1f3de4bf539ac7ec546826fdf67458844f7e8f99bcda511cba4744c026e49cff9e6f31f0e8f0d1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c3b3fec6d6c900807b3d486a6a5bb1dd

SHA1
b1321f4a84821856ea4ffbc4bbe86f7c2b062dad

SHA256
2e648b19f498936839070f8c7473d06d17c483a80d96ab6e97f0751dc1ea140d

SHA512
d17034fc34f7802bdb20b982e19996ad0ff47d582bcc28d789918850f9062424e8f32b372fe11f000dd6e53e7a5821a7942892e98395581504f969cce3bf2f37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
58f21f7ef9a442cb717aceb48cf759de

SHA1
ec89aa05c574b9afb6da875190bd7c2a5b69f875

SHA256
4ab512efc9dddbe5e3cfabcca12b63bcc3644841453d63d363488ed383322485

SHA512
bd6e82b166352d78d0fdb9649cdff9255b268d1b59306bb12cafd480c778d33d46df8894da984a7173015f1407fd40024f837b95328e38c2361ac98308df69b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b149367b1f73bb89cce49bae593e4f00

SHA1
3ef7a7b4318cf7c7da67d92c27833eb88a96f6fa

SHA256
d6a5a75692ffd870bff9c483c625cb1c4aa10c177065d29c25ee56bdcc276d6d

SHA512
77dd58fa3ef67d7feba0cc93384b65ed1912871c83118d014b7aedbd01a32270415f167b10954ae5f28ece249512f6613bcacae8e2a250cd613bf48b0524914b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bace15be56943ead940f8935d2c7d0d5

SHA1
ca1ff66c838dfd83abcd064461e36dc5b7b6c8ae

SHA256
797f65034768ae877b5e95fc042d9e036afcc1c88f7ee5bf5ef3ce292335d5ca

SHA512
c3515ea91446e6c45d1a53e8a7d5c4425e59c9e406a01d76567cb2ffada465b349543d086d967f027d87a60607a769d4f04a8608da53c28ff322b2f12e5cc224

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e01a6ace014c0d7388656e6973f9ab1a

SHA1
33e00811064a3e35892a779bdebffaff27ae224b

SHA256
40130aa239df923dc593466f1e533101ddc14b55e0c643bfce85aba4783cb3c1

SHA512
73cad191dee75613735226d30511e5764d0cb8bfdf0baad4f403463827158f68cf591e340fa0dabea5a2a0d92f22d539eb0a810c59793d2e9d1fb220b1c9d346

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
caf64b308efbab8ac6410d0696657081

SHA1
abc78d09d3726ed0c7137f8b3b1042bd03a719ca

SHA256
f435c4751cf8b9eee9db539e67e0614c7baf4ba0cf9e31fd1400b117773c4aa1

SHA512
71fcb151a45bb9eef1ca3fb8a10982f52d5656c55b67a118580adf69fa2a4a475f0d1e7943d8f79655ed4361ba994ca57974ae1a79d21c2f0e26f4e0498add1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
65d56458f87ee72f6244e2d3626c7dc2

SHA1
c5122b2733adaba9a3c157ed440e08259d248f44

SHA256
098df8a18b57cbba567fb93df87a514be449af4d98ee78e3548e38e751eb4ae6

SHA512
3187350028269e64bc37c6e87d180c6f8dd27b13390d7d387ceb4cb4424bdf069f505eb31e0a66fa57d7895432ed328e2922c6461021d536d75ff3c130b47686

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
d1e99ce2cd85b07da43e664e1e22d8df

SHA1
83fe2a97b5ad50815f69ab99a2ba2aa7dd69b309

SHA256
102dd490cdd63a04d0b20c9a0d93eae5349957e29c27fda509970f61b423ba28

SHA512
b681c3bc3ffedba89c97e9ab77e46b76155e06550a95bc14826aec5cf40136ccc07233e7988fb6ddeca62c5083b93e77c1c51747724c7f37b97756ef68f062c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
2a29409e1b3bb8f30276fcaa680a5c54

SHA1
99f66c1b1a8551506f76f0035d23610a80fb1359

SHA256
70fa181e798ae6cdf12dab762c47e4d98647145a793939e30cc398ca9329227f

SHA512
d0bbb8e62eeaf6f8087ffaa3f025fdf19780965aa0a1024f94bf711bb5251a5ce3c310bcecea84751996b5dd337b8addfba8c2f441e9a44b8b0a46ade3d4d96c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe570bd7.TMP

Filesize
72B

MD5
44c9eb4a2f4ce598d370f6652427296f

SHA1
fddd4a1a407d88301172d2973d72d1dceed0bea6

SHA256
bdcb94587c2ef10de48d56f58d71f1996b1fc8af2a7f5e0f9f8a7f52af499586

SHA512
892e4a5baf7788b5e4c6a1d3d7464793942eaf81d3c7fac35a4a41410b63d47fd7eee6f315f3c2cd3d2249067fdee79d65cd2462959c404dcaa2616b31f8c598

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
173KB

MD5
f89d120123db5ff5ce9ba1b600ef09be

SHA1
a74e1274483f2593583cadf66c4aa1496d221071

SHA256
3b2c9c4daa2d401130aba5e4827f768732c884f8b84af4e1af1ae86ed5e3d176

SHA512
d66a9ac87ce17d2b064193702c2153451cb82a89d4c7e55f8d8978a3222ae5d19bd94ca13ab878c2a397a7132aa2cf7367e58d3e6c6e087253b4e93998f2cc16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
173KB

MD5
4aace27e2584a9e2d4a5d3d3e4be87fd

SHA1
65f2daca1f28ab655c267f138e0fa4de636c3d41

SHA256
76f26328e1ad3094b2ccb30815bd66ffbc2cad8c15ff7bb6ae4b4e092f28aecf

SHA512
bdd40b1ce2ccbf25530913255bd9224cd1c80f225c8d71687a21f5b1edf73c93d7215f75664d81ad6db9bfeb717826f95381b3853509d62dcbd53170c5a28c6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
173KB

MD5
bd7c199700f2b82d2174a6cc43a51182

SHA1
3a8ea0a1c6c67864db46932d5705859910bf9956

SHA256
379bc70af24a4f1a0769fa257a8d2196a2279748f6b72212172eabeb685a54a2

SHA512
07b04d0bffd291b359c2b28383c1b515f6e02a3f27343e864811c46d70e4414fbd87b3866b15ceacbaeeedaaf31ed10b5fcd21fc8c2a9a740d9b257f82271fa7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit