36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Analysis

max time kernel
59s
max time network
151s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
22-05-2023 03:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

qt.conf
Size

1B
MD5

7215ee9c7d9dc229d2921a40e899ec5f
SHA1

b858cb282617fb0956d960215c8e84d1ccf909c6
SHA256

36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068
SHA512

f90ddd77e400dfe6a3fcf479b00b1ee29e7015c5bb8cd70f5f15b4886cc339275ff553fc8a053f8ddc7324f45168cffaf81f8c3ac93996f6536eef38e5e40768

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies registry class 2 IoCs

Processes:

rundll32.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000_Classes\Local Settings	rundll32.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

880 chrome.exe
880 chrome.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

rundll32.exe

pid process

1164 rundll32.exe

pid	process
1164	rundll32.exe

Suspicious use of AdjustPrivilegeToken 62 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe

Suspicious use of FindShellTrayWindow 42 IoCs

Processes:

chrome.exe

pid	process
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

chrome.exe

pid	process
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

cmd.exechrome.exe

description	pid	process	target process
PID 2024 wrote to memory of 1164	2024	cmd.exe	rundll32.exe
PID 2024 wrote to memory of 1164	2024	cmd.exe	rundll32.exe
PID 2024 wrote to memory of 1164	2024	cmd.exe	rundll32.exe
PID 880 wrote to memory of 832	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 832	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 832	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 988	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 988	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 988	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 988	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 988	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 988	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 988	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 988	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 988	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 988	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 988	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 988	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 988	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 988	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 988	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 988	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 988	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 988	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 988	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 988	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 988	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 988	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 988	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 988	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 988	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 988	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 988	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 988	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 988	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 988	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 988	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 988	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 988	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 988	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 988	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 988	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 988	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 988	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 988	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 1804	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 1804	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 1804	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 432	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 432	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 432	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 432	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 432	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 432	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 432	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 432	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 432	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 432	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 432	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 432	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 432	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 432	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 432	880	chrome.exe	chrome.exe
PID 880 wrote to memory of 432	880	chrome.exe	chrome.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\qt.conf
1⤵
- Suspicious use of WriteProcessMemory
PID:2024
- C:\Windows\system32\rundll32.exe
  "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\qt.conf
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  PID:1164

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6669758,0x7fef6669768,0x7fef6669778
  2⤵
  PID:832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1220 --field-trial-handle=1344,i,18302648031776122777,17313236021295125691,131072 /prefetch:2
  2⤵
  PID:988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1536 --field-trial-handle=1344,i,18302648031776122777,17313236021295125691,131072 /prefetch:8
  2⤵
  PID:1804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1620 --field-trial-handle=1344,i,18302648031776122777,17313236021295125691,131072 /prefetch:8
  2⤵
  PID:432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2340 --field-trial-handle=1344,i,18302648031776122777,17313236021295125691,131072 /prefetch:1
  2⤵
  PID:544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2300 --field-trial-handle=1344,i,18302648031776122777,17313236021295125691,131072 /prefetch:1
  2⤵
  PID:556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=3568 --field-trial-handle=1344,i,18302648031776122777,17313236021295125691,131072 /prefetch:2
  2⤵
  PID:2092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1448 --field-trial-handle=1344,i,18302648031776122777,17313236021295125691,131072 /prefetch:8
  2⤵
  PID:2172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3664 --field-trial-handle=1344,i,18302648031776122777,17313236021295125691,131072 /prefetch:8
  2⤵
  PID:2212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=1488 --field-trial-handle=1344,i,18302648031776122777,17313236021295125691,131072 /prefetch:1
  2⤵
  PID:2248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3720 --field-trial-handle=1344,i,18302648031776122777,17313236021295125691,131072 /prefetch:8
  2⤵
  PID:2360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3932 --field-trial-handle=1344,i,18302648031776122777,17313236021295125691,131072 /prefetch:8
  2⤵
  PID:2368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3904 --field-trial-handle=1344,i,18302648031776122777,17313236021295125691,131072 /prefetch:1
  2⤵
  PID:2456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4480 --field-trial-handle=1344,i,18302648031776122777,17313236021295125691,131072 /prefetch:1
  2⤵
  PID:2672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2768 --field-trial-handle=1344,i,18302648031776122777,17313236021295125691,131072 /prefetch:1
  2⤵
  PID:2908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2468 --field-trial-handle=1344,i,18302648031776122777,17313236021295125691,131072 /prefetch:1
  2⤵
  PID:2384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4480 --field-trial-handle=1344,i,18302648031776122777,17313236021295125691,131072 /prefetch:1
  2⤵
  PID:2552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2792 --field-trial-handle=1344,i,18302648031776122777,17313236021295125691,131072 /prefetch:1
  2⤵
  PID:2760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5412 --field-trial-handle=1344,i,18302648031776122777,17313236021295125691,131072 /prefetch:8
  2⤵
  PID:2288

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1168

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2980

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x180
1⤵
PID:2100

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

T1102

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\11bd79d8-a6ca-42d6-89bb-5a639f256f29.tmp

Filesize
4KB

MD5
c2e388414a992d5242aa73ac5d5bb828

SHA1
e38052e34a08a5934132831edab48206d62a5f17

SHA256
f1217d7a923ec5a80dfb17c296ba9a9517400d4578ac124334b01f7af7577bf5

SHA512
f782a2a1fa5dc586bb2831fb85f338dda4087b66569b430c8f0f808213fdb7524389e728cfe788f69d2092ec2eca2d4ad4c1d0b78b220c002da84b20941e03f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\84c7fb80-982d-4f45-8b0e-a4c936d6b5f8.tmp

Filesize
5KB

MD5
c44b101ddc64c5ea29f04248b9d22f18

SHA1
cdb7f743280ad9245360b86a9cf6153bbe42120e

SHA256
7b416c9f632bc64dc7c02f683fa293e87d161db3ee717b508a04f2505470eee3

SHA512
94a23edb625ba7fa070e81b006f81a9222c2275c11c092caf152a04fd86755ae71830549603de18e2726bb27cee8632a1af6d2cc534ccdc98544b3e9c5441567

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
37KB

MD5
519005befdbc6eedc73862996b59a9f7

SHA1
e9bad4dc75c55f583747dbc4abd80a95d5796528

SHA256
603abe3532b1cc1eb1c3da44f3679804dd463d07d4430d55c630aba986b17c44

SHA512
b210b12a78c6134d66b14f46f924ebc95328c10f92bfed22a361b2554eca21ee7892f7d9718ae7415074d753026682903beba2bd40b35a4eeb60bf186dcdf589

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RF6cb674.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
527B

MD5
455c8bba803121ee24d67f62de9efbc1

SHA1
43396900b5e478654ae3026962293353d0df7092

SHA256
437b6c6dfb84c48c78dba8e55891c05436699898d72779b6b281e810f855badd

SHA512
2c4b11d63394b932448b805d46d6d921a2961f0beb9e431e0280e03a20e4f809c18fb49d1866a0040a2d2843915b3f7a36be18c6c6713a267b3eb62403257681

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
b24a0250d3764a7b3ea4975864ac00fc

SHA1
eeeab856cab4078245523e473c8bb3199a0e21da

SHA256
eacc47312950bc9da6e743fabfd14f56da1a7c4de2982b4645f160db007da5c9

SHA512
1fa8a414e4d4bac057c8cb057ba8b1eb4e510b0976059c4bb36c508524c91111cdddb186adf467abf1a9f8ac98ad453100817125843b7a32726b3c58ef8d96ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000004.dbtmp

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\Downloads\mmc-develop-win32.zip.crdownload

Filesize
13.5MB

MD5
9b2e681bbcdd4037f898cad037ad5b5e

SHA1
73c0493dfd936b50d9f35b334927204b9a020565

SHA256
dbd08f4f80964861b6a378e40952b361cea5cdabdeb6cf7bb56897714b2b411a

SHA512
742d6247cad659893d12b1221d203a9ecc0196c93f9f37dac332268a7687157d22cb60b01abb408f0a838957df88f2cc43125a67f6f9cdab28f2c854966a7997

Download Submit
\??\pipe\crashpad_880_GMLJUZXMLUIVIDGE

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit