hxxps://d5lq2404[.]na1[.]hubspotlinksstarter[.]com/Ctc/GI+113/d5lQ2404/VVJcrt6tSfmMW5V3_8L17T38FW93kvSZ5bnjjmN5wYXQM5kBVqW5BWr2F6lZ3m3W6nKD_32JTx1xW5kd7PB2w8K6hW6nby169cB7sVW6djvKS87pB_0W7KXrfN9ctpXBN26pw-x2vkKYW6FW4S22VG6qzW1xl1cQ47b2KgW8V5VWg3x-gjcN1FFQ7LV2hW9W41gbRC4g74j8VmQMCy9dmPwmW5803H01mV42GVkzcQg9bM7mxW30J_-c5tqk-DW4FM9_S97_DfnV2Xb293sDKp5W4JB_Nk1CR-w4N814hlwLzC0ZW45jF6T4v8n2DN11dMz0r1lcmW7WNHd47jYpN2VQJsqy5MJYH8W45yY_T5vv6W6N8PJTHsRJs1_W1GFHVk79byYCW1J1Fjb6y109ZW37K4L21HpDzKW1TP7kV389nf5W3Z5d5c9cst58W4R_Gj52HLs6tW1fyWQH67DW68VkTXZz4dhjpdVpsrF55vvdM7d97cR-04

Analysis

max time kernel
154s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
07/03/2024, 22:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://d5lq2404.na1.hubspotlinksstarter.com/Ctc/GI+113/d5lQ2404/VVJcrt6tSfmMW5V3_8L17T38FW93kvSZ5bnjjmN5wYXQM5kBVqW5BWr2F6lZ3m3W6nKD_32JTx1xW5kd7PB2w8K6hW6nby169cB7sVW6djvKS87pB_0W7KXrfN9ctpXBN26pw-x2vkKYW6FW4S22VG6qzW1xl1cQ47b2KgW8V5VWg3x-gjcN1FFQ7LV2hW9W41gbRC4g74j8VmQMCy9dmPwmW5803H01mV42GVkzcQg9bM7mxW30J_-c5tqk-DW4FM9_S97_DfnV2Xb293sDKp5W4JB_Nk1CR-w4N814hlwLzC0ZW45jF6T4v8n2DN11dMz0r1lcmW7WNHd47jYpN2VQJsqy5MJYH8W45yY_T5vv6W6N8PJTHsRJs1_W1GFHVk79byYCW1J1Fjb6y109ZW37K4L21HpDzKW1TP7kV389nf5W3Z5d5c9cst58W4R_Gj52HLs6tW1fyWQH67DW68VkTXZz4dhjpdVpsrF55vvdM7d97cR-04

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133543258484930574"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2256	chrome.exe
2256	chrome.exe
5524	chrome.exe
5524	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe
Token: SeShutdownPrivilege	2256	chrome.exe
Token: SeCreatePagefilePrivilege	2256	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2256 wrote to memory of 3380	2256	chrome.exe	88
PID 2256 wrote to memory of 3380	2256	chrome.exe	88
PID 2256 wrote to memory of 5060	2256	chrome.exe	90
PID 2256 wrote to memory of 5060	2256	chrome.exe	90
PID 2256 wrote to memory of 5060	2256	chrome.exe	90
PID 2256 wrote to memory of 5060	2256	chrome.exe	90
PID 2256 wrote to memory of 5060	2256	chrome.exe	90
PID 2256 wrote to memory of 5060	2256	chrome.exe	90
PID 2256 wrote to memory of 5060	2256	chrome.exe	90
PID 2256 wrote to memory of 5060	2256	chrome.exe	90
PID 2256 wrote to memory of 5060	2256	chrome.exe	90
PID 2256 wrote to memory of 5060	2256	chrome.exe	90
PID 2256 wrote to memory of 5060	2256	chrome.exe	90
PID 2256 wrote to memory of 5060	2256	chrome.exe	90
PID 2256 wrote to memory of 5060	2256	chrome.exe	90
PID 2256 wrote to memory of 5060	2256	chrome.exe	90
PID 2256 wrote to memory of 5060	2256	chrome.exe	90
PID 2256 wrote to memory of 5060	2256	chrome.exe	90
PID 2256 wrote to memory of 5060	2256	chrome.exe	90
PID 2256 wrote to memory of 5060	2256	chrome.exe	90
PID 2256 wrote to memory of 5060	2256	chrome.exe	90
PID 2256 wrote to memory of 5060	2256	chrome.exe	90
PID 2256 wrote to memory of 5060	2256	chrome.exe	90
PID 2256 wrote to memory of 5060	2256	chrome.exe	90
PID 2256 wrote to memory of 5060	2256	chrome.exe	90
PID 2256 wrote to memory of 5060	2256	chrome.exe	90
PID 2256 wrote to memory of 5060	2256	chrome.exe	90
PID 2256 wrote to memory of 5060	2256	chrome.exe	90
PID 2256 wrote to memory of 5060	2256	chrome.exe	90
PID 2256 wrote to memory of 5060	2256	chrome.exe	90
PID 2256 wrote to memory of 5060	2256	chrome.exe	90
PID 2256 wrote to memory of 5060	2256	chrome.exe	90
PID 2256 wrote to memory of 5060	2256	chrome.exe	90
PID 2256 wrote to memory of 5060	2256	chrome.exe	90
PID 2256 wrote to memory of 5060	2256	chrome.exe	90
PID 2256 wrote to memory of 5060	2256	chrome.exe	90
PID 2256 wrote to memory of 5060	2256	chrome.exe	90
PID 2256 wrote to memory of 5060	2256	chrome.exe	90
PID 2256 wrote to memory of 5060	2256	chrome.exe	90
PID 2256 wrote to memory of 5060	2256	chrome.exe	90
PID 2256 wrote to memory of 1040	2256	chrome.exe	91
PID 2256 wrote to memory of 1040	2256	chrome.exe	91
PID 2256 wrote to memory of 2096	2256	chrome.exe	92
PID 2256 wrote to memory of 2096	2256	chrome.exe	92
PID 2256 wrote to memory of 2096	2256	chrome.exe	92
PID 2256 wrote to memory of 2096	2256	chrome.exe	92
PID 2256 wrote to memory of 2096	2256	chrome.exe	92
PID 2256 wrote to memory of 2096	2256	chrome.exe	92
PID 2256 wrote to memory of 2096	2256	chrome.exe	92
PID 2256 wrote to memory of 2096	2256	chrome.exe	92
PID 2256 wrote to memory of 2096	2256	chrome.exe	92
PID 2256 wrote to memory of 2096	2256	chrome.exe	92
PID 2256 wrote to memory of 2096	2256	chrome.exe	92
PID 2256 wrote to memory of 2096	2256	chrome.exe	92
PID 2256 wrote to memory of 2096	2256	chrome.exe	92
PID 2256 wrote to memory of 2096	2256	chrome.exe	92
PID 2256 wrote to memory of 2096	2256	chrome.exe	92
PID 2256 wrote to memory of 2096	2256	chrome.exe	92
PID 2256 wrote to memory of 2096	2256	chrome.exe	92
PID 2256 wrote to memory of 2096	2256	chrome.exe	92
PID 2256 wrote to memory of 2096	2256	chrome.exe	92
PID 2256 wrote to memory of 2096	2256	chrome.exe	92
PID 2256 wrote to memory of 2096	2256	chrome.exe	92
PID 2256 wrote to memory of 2096	2256	chrome.exe	92

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://d5lq2404.na1.hubspotlinksstarter.com/Ctc/GI+113/d5lQ2404/VVJcrt6tSfmMW5V3_8L17T38FW93kvSZ5bnjjmN5wYXQM5kBVqW5BWr2F6lZ3m3W6nKD_32JTx1xW5kd7PB2w8K6hW6nby169cB7sVW6djvKS87pB_0W7KXrfN9ctpXBN26pw-x2vkKYW6FW4S22VG6qzW1xl1cQ47b2KgW8V5VWg3x-gjcN1FFQ7LV2hW9W41gbRC4g74j8VmQMCy9dmPwmW5803H01mV42GVkzcQg9bM7mxW30J_-c5tqk-DW4FM9_S97_DfnV2Xb293sDKp5W4JB_Nk1CR-w4N814hlwLzC0ZW45jF6T4v8n2DN11dMz0r1lcmW7WNHd47jYpN2VQJsqy5MJYH8W45yY_T5vv6W6N8PJTHsRJs1_W1GFHVk79byYCW1J1Fjb6y109ZW37K4L21HpDzKW1TP7kV389nf5W3Z5d5c9cst58W4R_Gj52HLs6tW1fyWQH67DW68VkTXZz4dhjpdVpsrF55vvdM7d97cR-04
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff98d419758,0x7ff98d419768,0x7ff98d419778
  2⤵
  PID:3380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1708 --field-trial-handle=1828,i,15451165588702681561,17930765823569138656,131072 /prefetch:2
  2⤵
  PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1828,i,15451165588702681561,17930765823569138656,131072 /prefetch:8
  2⤵
  PID:1040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1828,i,15451165588702681561,17930765823569138656,131072 /prefetch:8
  2⤵
  PID:2096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2932 --field-trial-handle=1828,i,15451165588702681561,17930765823569138656,131072 /prefetch:1
  2⤵
  PID:1736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2960 --field-trial-handle=1828,i,15451165588702681561,17930765823569138656,131072 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4900 --field-trial-handle=1828,i,15451165588702681561,17930765823569138656,131072 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4604 --field-trial-handle=1828,i,15451165588702681561,17930765823569138656,131072 /prefetch:8
  2⤵
  PID:4524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4784 --field-trial-handle=1828,i,15451165588702681561,17930765823569138656,131072 /prefetch:8
  2⤵
  PID:2596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5132 --field-trial-handle=1828,i,15451165588702681561,17930765823569138656,131072 /prefetch:1
  2⤵
  PID:2400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3944 --field-trial-handle=1828,i,15451165588702681561,17930765823569138656,131072 /prefetch:1
  2⤵
  PID:5228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5564 --field-trial-handle=1828,i,15451165588702681561,17930765823569138656,131072 /prefetch:1
  2⤵
  PID:5756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5000 --field-trial-handle=1828,i,15451165588702681561,17930765823569138656,131072 /prefetch:1
  2⤵
  PID:5976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5700 --field-trial-handle=1828,i,15451165588702681561,17930765823569138656,131072 /prefetch:8
  2⤵
  PID:6004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4732 --field-trial-handle=1828,i,15451165588702681561,17930765823569138656,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5524

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1372

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2cc 0x4fc
1⤵
PID:6072

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
a5ba7abcf35c8ca0353b43cb4c29a10e

SHA1
f846e692103ad9a137168d771f50284a6fee44d6

SHA256
9fb58a94b791e8204ef91173dc6b0038a50d1bcb9f6980d5d4c83c331443d6f3

SHA512
633ecaf70be28f9c441cd274e903f6592d0a073e2813d6ac0b787502327566d46319dc4cd704f04000b1810ce3516d650bc4b2e086ac58d1f27154b45989957e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
40440c0588c1c0627fe69de20ef4a4bc

SHA1
398ebeb4c5f413908f2d5f154ef346cb3d0aee9d

SHA256
bb3fb7db0cf81e6bfd2ebcb1dbc374bd15e0e5f635f6b76405bdd8e388de6f70

SHA512
8c28348993edb460bc679e660f249786d2c64498a2f83a078880a6cc0d40ecd5d9506402bf5052eb06937db9998aaf1238bab2445d9b6b321dbf2c96dd794581

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
6e9c6d85a8b46e7e7ce0b9d230cfcbf4

SHA1
8dbac543d99003f959210a376f1986fba76f9ea6

SHA256
21e851b392ddcb5242dda79b4e659929e71ce85dc0b9d872cdbe195fbd4c1098

SHA512
86f4a5c7371f0508f921e80c334d39da33f5642cbfe47f5e2c6113302ab87d0a17bccfbb413aacf8ca79581592f6c4f7be14973c7b1566c54ab4114e49a9ec48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
4952c57c6abaa74406c5e900b359466e

SHA1
f3ae0894ccc9023086705b2e463f869714b6562b

SHA256
fca2a4ccf001d2f29ad3daaa57f42bd5aeee881f424b6b2045ab3200c21fb0a5

SHA512
bdd6a8841aa42fa5e6cc06666fbde91fe405a6b2303e1ade7db59c65be0b2e188578ea6619bd02abd07093e7c12724232574ef344087c91847e22ba82e5b546f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
703B

MD5
7577ac545566d7e55fd95878f44bb7ef

SHA1
c3a6c1de9d56afa8c4bd19956aeba1d61f198cd0

SHA256
84ce28c0460340068790ab3c8de09e1a04d8121059f9469e406253cbaaf5b926

SHA512
c8adf001740aa2bf0c503b1fc8a8cfb59403e1e2296725c317150019d70890cc0d257c000f88662c7255e6fd41e3023c0a57cea7aae02c968df02ed28d4585ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
5024c77d80dba7bc9da83b87d0648c47

SHA1
b4e1b56d216880dd5fa6bbd52c8d758b5080856b

SHA256
119621e465aac1cc240f323268a60dfdbd24301a35c8df1f26537af86f5992ec

SHA512
b7494102d47ffb55515ea92fecbed81b97df73cff2a61257e6127b61ef558364d3515ebd2d59ef52dbea5ca9df6373b69510705c7daacb33b4d4780f53af6100

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
d9d878cdeb29d93828d18f89f3bd584b

SHA1
8c4fd3b8ad1f0de854720b92aa9c8860a8318dbd

SHA256
51c8fb9cbfac03d01b4815c00664bf40a5349743e05c30c1b4e92bbf334accec

SHA512
941c594ceebdb0c1389a7392c9e06c062ed5ebd02181b9da3f52588145fe59ac5f986b573d942b9c023770a792f38a4e70ec3651aa35f16f4dcc98038e7f08a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
f93323f8dc4cd37ba54e01b38c8ef7d5

SHA1
89ee694d90db053a5ab48c2f917036da491dbdde

SHA256
778d3c2f0b5d11ec93ba308b664df70c7a8b28351bf268aac0b5f62e54d8ec09

SHA512
bffb7e6bd855a333780bfdca19737cc0a1c46c116523f7486286b81437bf68105a5230cf7c9dc8fd1bf3d3174f0fe9005ca623011c4958c34b09f186c7e16523

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
ad41c05db940b82d108545970a13b21a

SHA1
de90739afd24e9a98f44fb733dde60526b7de44e

SHA256
f01683ade39758d95f7b3c11545a8aa7b82e60526650924303efec08a4693cd7

SHA512
d50adfeb65afc0fe3bb256c30a21d67b22f49cfb7b73d97d730f4ff510f0f5746271ab72cb0053c1c5c6b3490ff7691c655e85c5ac4c844ba7ba2a192b53b2ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
25e975b7b2e632c396160edf0ff3f357

SHA1
af6e601bcf5917aa04cbaea9239be7e7c33ed187

SHA256
badeebcdb7d6cb39830245294cd2201dc5bc4f9d14850b99a7cb431bc39c7501

SHA512
5ffe035a7662b9ff2bd922f117f13a2c4e25b1bcc4ff2ea3707cea62905a0aed7a59d1640e3b204d76234c034a1a83d699d70450f0acdb981fe8824d2c21d1df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
9659d36086502ae02eecb044eb97bb0f

SHA1
c93611d9c771cee33a308706bdd304c2f2493015

SHA256
bec7aa5d2f90be10dd9a0803b77ae24682e01194acf8e5320a1f67b4a795dfd4

SHA512
7d4a1c63f5862f4db4429f3284b9e358aa90c4d9a27e065eaabd9324f5df850b114b355e47e3b0fd3bc793775a4eea9e84ed942101684198e79f5fb7fefd11d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
edbf1cc5247a0a1ac5f39a41e334e1e6

SHA1
971ac1442096a22a9bee1eb729c71a418b7fb6ea

SHA256
b47ca2f248211c1d538200dec25baa08a2fbad31a203ad16fcc1e7c51b267bf4

SHA512
d3d4dd8745ed54df2497e6fab354b7841a0c82d72e1d43fb4e9518a2a98295b574613d9f08fec3095118b60d8ab32ab9bd61f8e5f547f93d0674ba5598701345

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit