hxxps://blooketbot[.]glitch[.]me

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
08/04/2024, 17:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://blooketbot.glitch.me

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 17 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133570706704760600"	chrome.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "156"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-983155329-280873152-1838004294-1000\{F493C755-CF2B-4A67-AE26-FD34F24A62AF}	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1388	chrome.exe
1388	chrome.exe

Suspicious behavior: LoadsDriver 64 IoCs

pid	Process
3636	Process not Found
4556	Process not Found
1368	Process not Found
4644	Process not Found
4484	Process not Found
1620	Process not Found
4832	Process not Found
2436	Process not Found
5324	Process not Found
5448	Process not Found
5496	Process not Found
5508	Process not Found
5536	Process not Found
5540	Process not Found
5544	Process not Found
5552	Process not Found
5504	Process not Found
5592	Process not Found
2128	Process not Found
2204	Process not Found
4408	Process not Found
376	Process not Found
3996	Process not Found
4032	Process not Found
5656	Process not Found
5644	Process not Found
5636	Process not Found
3184	Process not Found
3916	Process not Found
2524	Process not Found
4880	Process not Found
3980	Process not Found
5624	Process not Found
5632	Process not Found
5608	Process not Found
5600	Process not Found
5588	Process not Found
232	Process not Found
5564	Process not Found
5680	Process not Found
5660	Process not Found
5668	Process not Found
5688	Process not Found
4776	Process not Found
3704	Process not Found
64	Process not Found
1312	Process not Found
5832	Process not Found
5816	Process not Found
5804	Process not Found
5776	Process not Found
5768	Process not Found
5760	Process not Found
5752	Process not Found
5744	Process not Found
5736	Process not Found
5724	Process not Found
5720	Process not Found
5712	Process not Found
5704	Process not Found
5696	Process not Found
5820	Process not Found
2460	Process not Found
5380	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: 33	2004	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2004	AUDIODG.EXE
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1200	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1388 wrote to memory of 4888	1388	chrome.exe	86
PID 1388 wrote to memory of 4888	1388	chrome.exe	86
PID 1388 wrote to memory of 4968	1388	chrome.exe	89
PID 1388 wrote to memory of 4968	1388	chrome.exe	89
PID 1388 wrote to memory of 4968	1388	chrome.exe	89
PID 1388 wrote to memory of 4968	1388	chrome.exe	89
PID 1388 wrote to memory of 4968	1388	chrome.exe	89
PID 1388 wrote to memory of 4968	1388	chrome.exe	89
PID 1388 wrote to memory of 4968	1388	chrome.exe	89
PID 1388 wrote to memory of 4968	1388	chrome.exe	89
PID 1388 wrote to memory of 4968	1388	chrome.exe	89
PID 1388 wrote to memory of 4968	1388	chrome.exe	89
PID 1388 wrote to memory of 4968	1388	chrome.exe	89
PID 1388 wrote to memory of 4968	1388	chrome.exe	89
PID 1388 wrote to memory of 4968	1388	chrome.exe	89
PID 1388 wrote to memory of 4968	1388	chrome.exe	89
PID 1388 wrote to memory of 4968	1388	chrome.exe	89
PID 1388 wrote to memory of 4968	1388	chrome.exe	89
PID 1388 wrote to memory of 4968	1388	chrome.exe	89
PID 1388 wrote to memory of 4968	1388	chrome.exe	89
PID 1388 wrote to memory of 4968	1388	chrome.exe	89
PID 1388 wrote to memory of 4968	1388	chrome.exe	89
PID 1388 wrote to memory of 4968	1388	chrome.exe	89
PID 1388 wrote to memory of 4968	1388	chrome.exe	89
PID 1388 wrote to memory of 4968	1388	chrome.exe	89
PID 1388 wrote to memory of 4968	1388	chrome.exe	89
PID 1388 wrote to memory of 4968	1388	chrome.exe	89
PID 1388 wrote to memory of 4968	1388	chrome.exe	89
PID 1388 wrote to memory of 4968	1388	chrome.exe	89
PID 1388 wrote to memory of 4968	1388	chrome.exe	89
PID 1388 wrote to memory of 4968	1388	chrome.exe	89
PID 1388 wrote to memory of 4968	1388	chrome.exe	89
PID 1388 wrote to memory of 4968	1388	chrome.exe	89
PID 1388 wrote to memory of 4968	1388	chrome.exe	89
PID 1388 wrote to memory of 4968	1388	chrome.exe	89
PID 1388 wrote to memory of 4968	1388	chrome.exe	89
PID 1388 wrote to memory of 4968	1388	chrome.exe	89
PID 1388 wrote to memory of 4968	1388	chrome.exe	89
PID 1388 wrote to memory of 4968	1388	chrome.exe	89
PID 1388 wrote to memory of 4968	1388	chrome.exe	89
PID 1388 wrote to memory of 3896	1388	chrome.exe	90
PID 1388 wrote to memory of 3896	1388	chrome.exe	90
PID 1388 wrote to memory of 2272	1388	chrome.exe	91
PID 1388 wrote to memory of 2272	1388	chrome.exe	91
PID 1388 wrote to memory of 2272	1388	chrome.exe	91
PID 1388 wrote to memory of 2272	1388	chrome.exe	91
PID 1388 wrote to memory of 2272	1388	chrome.exe	91
PID 1388 wrote to memory of 2272	1388	chrome.exe	91
PID 1388 wrote to memory of 2272	1388	chrome.exe	91
PID 1388 wrote to memory of 2272	1388	chrome.exe	91
PID 1388 wrote to memory of 2272	1388	chrome.exe	91
PID 1388 wrote to memory of 2272	1388	chrome.exe	91
PID 1388 wrote to memory of 2272	1388	chrome.exe	91
PID 1388 wrote to memory of 2272	1388	chrome.exe	91
PID 1388 wrote to memory of 2272	1388	chrome.exe	91
PID 1388 wrote to memory of 2272	1388	chrome.exe	91
PID 1388 wrote to memory of 2272	1388	chrome.exe	91
PID 1388 wrote to memory of 2272	1388	chrome.exe	91
PID 1388 wrote to memory of 2272	1388	chrome.exe	91
PID 1388 wrote to memory of 2272	1388	chrome.exe	91
PID 1388 wrote to memory of 2272	1388	chrome.exe	91
PID 1388 wrote to memory of 2272	1388	chrome.exe	91
PID 1388 wrote to memory of 2272	1388	chrome.exe	91
PID 1388 wrote to memory of 2272	1388	chrome.exe	91

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://blooketbot.glitch.me
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffad3cf9758,0x7ffad3cf9768,0x7ffad3cf9778
  2⤵
  PID:4888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=332 --field-trial-handle=1632,i,620171337359972881,7292927588014717370,131072 /prefetch:2
  2⤵
  PID:4968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1632,i,620171337359972881,7292927588014717370,131072 /prefetch:8
  2⤵
  PID:3896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1632,i,620171337359972881,7292927588014717370,131072 /prefetch:8
  2⤵
  PID:2272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3000 --field-trial-handle=1632,i,620171337359972881,7292927588014717370,131072 /prefetch:1
  2⤵
  PID:4240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3008 --field-trial-handle=1632,i,620171337359972881,7292927588014717370,131072 /prefetch:1
  2⤵
  PID:1084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5032 --field-trial-handle=1632,i,620171337359972881,7292927588014717370,131072 /prefetch:8
  2⤵
  PID:5052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 --field-trial-handle=1632,i,620171337359972881,7292927588014717370,131072 /prefetch:8
  2⤵
  PID:3204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5256 --field-trial-handle=1632,i,620171337359972881,7292927588014717370,131072 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5448 --field-trial-handle=1632,i,620171337359972881,7292927588014717370,131072 /prefetch:1
  2⤵
  PID:208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4876 --field-trial-handle=1632,i,620171337359972881,7292927588014717370,131072 /prefetch:1
  2⤵
  PID:2184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5748 --field-trial-handle=1632,i,620171337359972881,7292927588014717370,131072 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5276 --field-trial-handle=1632,i,620171337359972881,7292927588014717370,131072 /prefetch:8
  2⤵
  PID:1396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6072 --field-trial-handle=1632,i,620171337359972881,7292927588014717370,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:6072

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4664

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x33c 0x32c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2004

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa39ae055 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:1200

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
744B

MD5
1d6040091065d2a3e95c4f121cad95e5

SHA1
885c2449db953f3a28c859496c532f0aa7e33f21

SHA256
a6fa68f89338fbf43fc2d218e07e184815b958a9a0edbfb6b275aa042ff1582f

SHA512
c728341e1534b475f7b9454929eb34cfbefda565b8735978e7fbefe79f4cfe6c34fe35715bfa454953bf769d380c6a62cd5bf27ca769205a0b955b71b1d91891

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
1f7321ffeec8ea1ed7b1d1ebbd530d2f

SHA1
7a2dd328b6f0519800dabade6694ad79cf5732bc

SHA256
a2d98f560a1318dfea27546f039693c2e7d8941c0829b62c7d6901b3dddd150d

SHA512
a0bace4bec014c9e3da2e83971b2b0a513e499ad92a2487d8681711c582c73484d4e87a7b2e11edadc047c7a760cd018c7f79d5271ae095a97049ebe36bc57cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
79f38cc6dee50553fc86f1b6128123fb

SHA1
7d314078563daad171a49cf8e7c307ca0ac2bf70

SHA256
24a5f3a7a94c7e4fe441d56fdd5a13b681684f5d96abcd2e7336e68ea5ee8102

SHA512
202978b4bd287fbf7f6d02c11d0a6c9164bd3159ee59bfedf3b2835dd47787924f12d9de9912252acdcbf6d7687d1e7ffe4b35eadf341b67b0eafb82d99549f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
dc65d614404e0df9962830b1146d49f3

SHA1
2e5a6e701e1276a6fc934a29d7649b857f697167

SHA256
102f6d2437f6e98ce18fd2adad48f7d520cdd4f8f4e88bcc10eac1e8c5f4e734

SHA512
ab72fa96d345ed646e5046ff1eddf243bc7d584f54593df136337c4159560574aab1a7aea4e5f2c5539283492fe738933505cb0c06830341c0a0bc6855780798

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
eaaece2358a21a779e2ebc0318aa892c

SHA1
1ba816b0461475b8439a693918882c4890134461

SHA256
b9ff429fd246e3993ce6daca57407b1dcfbf01ee0032b461cbd7aa9f19b9f6d9

SHA512
90733936c8e1acc3b8dff7060f14470b9b5bc3d5ec5beee3d00415e367fe61f386ab9243fe1408833e28002268b60511904552c4017e46946efe83aa92adc14f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5fa8dac7bf4e90f9f3230f53105712eb

SHA1
6b94dae1b7a783546433526d1bcb8b48f97b463c

SHA256
7e3045a25bdd892e3b13f79ec9a41450fc57b82503cde8f41893ba4641227b94

SHA512
943ed3cfcdff03ac35afb101cea5eb6503b99285300cc2ef69fc129e81dbaeaead9c9bb5dc3a94ff500d95f1f893b495be811bc942052070617cab415d2f774c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
d5a32786b1b09a6f0b834d75fb1a937a

SHA1
92301d2d306ceef2ed1dd69d5217b1dc6c945ded

SHA256
ff1b35e0722564bfb0db4eeeb6473765346909876f2de1212b9f2d19051703b2

SHA512
89a4b0a99b0fa186c2c2cb2431983b017f62f56db053cc6661a2559badc73ceddb197bdf274c3f67e58c5ef19f9c4f9d07ed6f37ab7ec6940ace084593afbd54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c50d37bf102ad527f0192902b8df80b4

SHA1
2cde40a2f6dea0f31f9502201a5b17195f121cdb

SHA256
4703068552c0cfe7ab5d65b16448f15c7c144d3f8d385258d33e17f3cd1409b8

SHA512
b9e7a3a39a23da70df0957672eca34f7cac82e50ce52ac603a63986d9a18a4b3e3d7e34fb6d860a93994beabc7ad4aa7dfc0610dd15f29696ae5197a1c1089f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
975c7fac3ead76ad0ac30cb045a25ec5

SHA1
22e52a2e625f66eeb683e83882d1042c6cfbdb3a

SHA256
548bad954d3bf92286b207b36c172aa86c82a315c5298648717b220f2ea24913

SHA512
45072dc43d2fe22acdb0372a1a1dfbcdc86f139a6d57858b40378077a476c3d095f24e813888bc56bb6dd81caa758a41c9a728d09a7ff82eb2a8b1202857a831

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
30ba42531881afc8e9ad0d84bf3db9aa

SHA1
0e7cd5f04fd469c49235a56d581bafe6ce2c1569

SHA256
b6f9f2dd657d7604c381151c413c94799a0b21212ddf06e2b44a34dd230b67c0

SHA512
1c30d7446424934ee0a5c0510f2f1e241c0ccb192f8c7800a785ecdd96c0bf057607b9ade3256c9ec262612d6970772f6b07478ab23007cd71800e5af10bea21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\537ab2f3-6d64-486e-a7fc-47e02e30f18a\index-dir\the-real-index

Filesize
2KB

MD5
2f51990950919b364e1930cdfd6b4ad2

SHA1
038fca6dc25456bad882d52d7bba7fbdf98af633

SHA256
d3780c63c64c586a07b637fa18934ebe4c2fcaea31fd7fff8c2904d97853e9f6

SHA512
40195ab786168d4b05567edac74893d7c52b0705b4f07cb1ea99c04141bfd757b27a070a2612d42c1bfa43afceb2d8c6f8d08b027de0325dd1c8e7d332b6b7a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\537ab2f3-6d64-486e-a7fc-47e02e30f18a\index-dir\the-real-index~RFe582cb8.TMP

Filesize
48B

MD5
ae13bc12a0c601326bcd45851603ab28

SHA1
e83fb0b754209732af6bf27fb5beaf3d558b233a

SHA256
aa787fa4851cb8bf89552ea6f594ce846856dafcf2af2db40311dc07d2be3ab4

SHA512
481f5a682be1576ed60a18fd5fcba675cebc1b68d11021aaa702cf46b3106a9ccc13dd910e35241bd83e429db9b13f183bf86486c99191277499342899a5570d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c6878eaf-0d9d-4220-84a7-8f78b3bc1bfb\index-dir\the-real-index

Filesize
624B

MD5
1a3b5aa7e4e9c8db87cd0b95b58b6d5c

SHA1
55ac35ac2e9736343900eef9a334b365b21cb738

SHA256
dfe7a14fee12a3d9c0ecfc442534a121c681ad78a693b39cc7c72afdad11f9bb

SHA512
db76aa49c070564ce7868a9691cd215ab5eb185c0cd14defa2f09565151d9280bee4f4b1d067ae5b379b8a5da1d7bdecd4b400e184d082462133b067e0c94ef1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c6878eaf-0d9d-4220-84a7-8f78b3bc1bfb\index-dir\the-real-index~RFe580b07.TMP

Filesize
48B

MD5
2a7df62c98ddc9432b06c1aad786c21c

SHA1
4ed623c26f23575f3b51dd645c86717f1dc614c9

SHA256
2556fd5ab75f5d0215ce848eeaa2ee2b490aa01ccceec63b8cb444705b67d596

SHA512
fe641d29adc84267409eda4378b7c0b96bdaab5a01011aea9ca9e50fb43eb81df86a79625c593e7bb80c68495883ade76692fdec2d3605cdc3b107a2729896c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
fcd3bb79292c06662d34d0e4cb15c9cc

SHA1
2a0c3fc485b7babaf53002d3e1eb04ee2527f300

SHA256
51b52754828ba182f07777a6186c9af6aae854a4166dbf593d4fcf2807f14cba

SHA512
791b169a26c8e3a5670db1250241da76a7f6bc2edb32d74c2720863de4f8afc4a81d01f05ce16f20e00c5c98bc9ccc79df1664f71fcdbfd797c49955abe81afd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
185B

MD5
c559b8845ccc3c226d02a6f4abaa55a1

SHA1
1c343ddc82d6e3881518070570cfb9143f080f31

SHA256
22111dd0ba8fed3800cc7fef1db3a7f61e4810b1322b39a78bc3ad39d3087ed0

SHA512
0ac292beaa45b68d472fa71b577d292374aeff6ef7f6c826f4a1c86d773fe099c53dab59afaf52b815f651c57eb4c05b9ac9dc9baa9c7b541681decb454d9918

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
183B

MD5
e768824098405cec23c6560116337535

SHA1
2372b7c0a264f5d833512c17bfc2a48c60bef336

SHA256
eb79a02a8b1be4064b6cdece8a7d0afe6718078fc13575d1d48be85014b1c267

SHA512
cda9ec60537dc262cf74710fc0f05d04298059435a3eeed7b1ddeeeb91d089e4476be73aa1efcba680d927cb129ddb949abb06258af7e6d35c5fbd3a7c349123

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
8bd57a8e14a9fec7677011d63ff03a4a

SHA1
5cbcc462269cc69dc382e80e352c70babdb69703

SHA256
346da9eb36058c7b6475784802fb6ff8fdd6fcd3ea976583ce1470a544399e68

SHA512
52b269fc3a082a9b6adf0c7a0dd8a4cd21a7a6b6c456cae8d03ec8e645b2d91c68d42753d304c7341d2b822fbfd09a2654d672491f5ca39b524a7968aa7b6e70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57adf3.TMP

Filesize
119B

MD5
de3d58296603d0a5c64c3b363ae944d4

SHA1
ec6f84f3f3441b8a91dbd51a2a5cf2abad085301

SHA256
cfab9065890e6c91d9e35b6fc18f93718393d41dba1f374727bf37df30b6c0a6

SHA512
8753f6577b67db7f1d3aadfff1be309a228b1007345dec0d9cd061b8a4e94019eede0b974afabe0b628122a0e836b24a34044f878d68cb66b76147623d81e190

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
5b1c88ca5212134b5ce40f321cb532b2

SHA1
31ec1fb5be7740d862625ccf77bcab95acc15677

SHA256
724925aa72f464f8820cffd9b05cac72ea98f33073e0800166a608f47871d7f7

SHA512
db125f698287409aa1532197a66ebd677b95ac832f26ccd2fede2b9fb60be859d12854670cf08732b3f8d25e030cc1d609d48fa20296c5a639acd734da900b30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57fe94.TMP

Filesize
48B

MD5
3d2dd74ae418f133a4b229fbdbd33bf4

SHA1
2616d3bea48ff057a6e813b2d13a8eaf1894610f

SHA256
fc6d9971b8cd1f2501aacfa83d3b0327923b3a03191b578fc6de995876b599ec

SHA512
a9f5a58d3460f6f982c59292e5a450a92d593e2ffa32f374c8da5b97827fb65fc45695ee8eb5ec1fa78fe62c6b57c127805e65139919706678bc664312d3a49e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir1388_1190115245\Shortcuts Menu Icons\Monochrome\0\512.png

Filesize
2KB

MD5
12a429f9782bcff446dc1089b68d44ee

SHA1
e41e5a1a4f2950a7f2da8be77ca26a66da7093b9

SHA256
e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37

SHA512
1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir1388_1190115245\Shortcuts Menu Icons\Monochrome\1\512.png

Filesize
10KB

MD5
7f57c509f12aaae2c269646db7fde6e8

SHA1
969d8c0e3d9140f843f36ccf2974b112ad7afc07

SHA256
1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f

SHA512
3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir1388_581667787\Icons Monochrome\16.png

Filesize
216B

MD5
a4fd4f5953721f7f3a5b4bfd58922efe

SHA1
f3abed41d764efbd26bacf84c42bd8098a14c5cb

SHA256
c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3

SHA512
7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
fa2c5e6d2d35cfa1adf25a77f39e3547

SHA1
b2a6cebe4cf9a0e2a1e40919a5bce695b2dedf2a

SHA256
ca6d1ac2402ce1571bf237060b25e68376cb10f47cfa76a8a8e22e258d62eb90

SHA512
cbfd23e4c55968bbb3760a7897441f90a913f5fa0c2a58768e9d5d4a3687ebc644e1945ae397d49228091f91a66a59facbb16fea25487f2075178191a1ed0cf4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
1775a6c80a183bd0266ba9be0e4c0b2e

SHA1
ea54f42b4aecefdc6632c297eb8d04eb71c7ae17

SHA256
3da1df7b9653022f050db882663c51c7e615a7f269a01dfbac5bd87f7a547db9

SHA512
0ca320bede8494e7c49ecc0a9629debf487a7628afc210db22f87535e76f2486d15783e70576be785becb554fb06cff1f1db28d61c2dc043b2a8f2f3c74457f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit