61a1a079c7ba48f567c1df072d891a2ca0ca19bcfe96ff6c7a663e8d8cda6dfa

Analysis

max time kernel
155s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
25-04-2024 06:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.js
Size

82KB
MD5

da3c6c152841134817c3857b53bd183d
SHA1

bb69b7e64d38f5dcc4039b6fef157b99d771ea1e
SHA256

61a1a079c7ba48f567c1df072d891a2ca0ca19bcfe96ff6c7a663e8d8cda6dfa
SHA512

75a12c15e46396a68ed9ef3abb28458289e6e2eb755ecc414a59b1a5f589d56cca79322c10a7460f30a92f2e0b3cfa7211fbb1ea3c719dba2717b39eefb85134
SSDEEP

1536:pqcEYq4NOFYWvjpA8KQkeSVN0NtsHjMty3gRW:YcEYqmOjpyjag

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133584986754543935"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2132	chrome.exe
2132	chrome.exe
3212	chrome.exe
3212	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe
Token: SeShutdownPrivilege	2132	chrome.exe
Token: SeCreatePagefilePrivilege	2132	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2132 wrote to memory of 4320	2132	chrome.exe	90
PID 2132 wrote to memory of 4320	2132	chrome.exe	90
PID 2132 wrote to memory of 1572	2132	chrome.exe	92
PID 2132 wrote to memory of 1572	2132	chrome.exe	92
PID 2132 wrote to memory of 1572	2132	chrome.exe	92
PID 2132 wrote to memory of 1572	2132	chrome.exe	92
PID 2132 wrote to memory of 1572	2132	chrome.exe	92
PID 2132 wrote to memory of 1572	2132	chrome.exe	92
PID 2132 wrote to memory of 1572	2132	chrome.exe	92
PID 2132 wrote to memory of 1572	2132	chrome.exe	92
PID 2132 wrote to memory of 1572	2132	chrome.exe	92
PID 2132 wrote to memory of 1572	2132	chrome.exe	92
PID 2132 wrote to memory of 1572	2132	chrome.exe	92
PID 2132 wrote to memory of 1572	2132	chrome.exe	92
PID 2132 wrote to memory of 1572	2132	chrome.exe	92
PID 2132 wrote to memory of 1572	2132	chrome.exe	92
PID 2132 wrote to memory of 1572	2132	chrome.exe	92
PID 2132 wrote to memory of 1572	2132	chrome.exe	92
PID 2132 wrote to memory of 1572	2132	chrome.exe	92
PID 2132 wrote to memory of 1572	2132	chrome.exe	92
PID 2132 wrote to memory of 1572	2132	chrome.exe	92
PID 2132 wrote to memory of 1572	2132	chrome.exe	92
PID 2132 wrote to memory of 1572	2132	chrome.exe	92
PID 2132 wrote to memory of 1572	2132	chrome.exe	92
PID 2132 wrote to memory of 1572	2132	chrome.exe	92
PID 2132 wrote to memory of 1572	2132	chrome.exe	92
PID 2132 wrote to memory of 1572	2132	chrome.exe	92
PID 2132 wrote to memory of 1572	2132	chrome.exe	92
PID 2132 wrote to memory of 1572	2132	chrome.exe	92
PID 2132 wrote to memory of 1572	2132	chrome.exe	92
PID 2132 wrote to memory of 1572	2132	chrome.exe	92
PID 2132 wrote to memory of 1572	2132	chrome.exe	92
PID 2132 wrote to memory of 1572	2132	chrome.exe	92
PID 2132 wrote to memory of 3088	2132	chrome.exe	93
PID 2132 wrote to memory of 3088	2132	chrome.exe	93
PID 2132 wrote to memory of 832	2132	chrome.exe	94
PID 2132 wrote to memory of 832	2132	chrome.exe	94
PID 2132 wrote to memory of 832	2132	chrome.exe	94
PID 2132 wrote to memory of 832	2132	chrome.exe	94
PID 2132 wrote to memory of 832	2132	chrome.exe	94
PID 2132 wrote to memory of 832	2132	chrome.exe	94
PID 2132 wrote to memory of 832	2132	chrome.exe	94
PID 2132 wrote to memory of 832	2132	chrome.exe	94
PID 2132 wrote to memory of 832	2132	chrome.exe	94
PID 2132 wrote to memory of 832	2132	chrome.exe	94
PID 2132 wrote to memory of 832	2132	chrome.exe	94
PID 2132 wrote to memory of 832	2132	chrome.exe	94
PID 2132 wrote to memory of 832	2132	chrome.exe	94
PID 2132 wrote to memory of 832	2132	chrome.exe	94
PID 2132 wrote to memory of 832	2132	chrome.exe	94
PID 2132 wrote to memory of 832	2132	chrome.exe	94
PID 2132 wrote to memory of 832	2132	chrome.exe	94
PID 2132 wrote to memory of 832	2132	chrome.exe	94
PID 2132 wrote to memory of 832	2132	chrome.exe	94
PID 2132 wrote to memory of 832	2132	chrome.exe	94
PID 2132 wrote to memory of 832	2132	chrome.exe	94
PID 2132 wrote to memory of 832	2132	chrome.exe	94
PID 2132 wrote to memory of 832	2132	chrome.exe	94
PID 2132 wrote to memory of 832	2132	chrome.exe	94
PID 2132 wrote to memory of 832	2132	chrome.exe	94
PID 2132 wrote to memory of 832	2132	chrome.exe	94
PID 2132 wrote to memory of 832	2132	chrome.exe	94
PID 2132 wrote to memory of 832	2132	chrome.exe	94
PID 2132 wrote to memory of 832	2132	chrome.exe	94

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\sample.js
1⤵
PID:3964

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa32fdab58,0x7ffa32fdab68,0x7ffa32fdab78
  2⤵
  PID:4320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1688 --field-trial-handle=1928,i,7096264327253162341,5016269955840613307,131072 /prefetch:2
  2⤵
  PID:1572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1928,i,7096264327253162341,5016269955840613307,131072 /prefetch:8
  2⤵
  PID:3088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2192 --field-trial-handle=1928,i,7096264327253162341,5016269955840613307,131072 /prefetch:8
  2⤵
  PID:832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3060 --field-trial-handle=1928,i,7096264327253162341,5016269955840613307,131072 /prefetch:1
  2⤵
  PID:4956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3096 --field-trial-handle=1928,i,7096264327253162341,5016269955840613307,131072 /prefetch:1
  2⤵
  PID:540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4172 --field-trial-handle=1928,i,7096264327253162341,5016269955840613307,131072 /prefetch:1
  2⤵
  PID:2920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3496 --field-trial-handle=1928,i,7096264327253162341,5016269955840613307,131072 /prefetch:8
  2⤵
  PID:4396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4196 --field-trial-handle=1928,i,7096264327253162341,5016269955840613307,131072 /prefetch:8
  2⤵
  PID:2348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4436 --field-trial-handle=1928,i,7096264327253162341,5016269955840613307,131072 /prefetch:8
  2⤵
  PID:4684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4512 --field-trial-handle=1928,i,7096264327253162341,5016269955840613307,131072 /prefetch:8
  2⤵
  PID:1768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4076 --field-trial-handle=1928,i,7096264327253162341,5016269955840613307,131072 /prefetch:8
  2⤵
  PID:3244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4988 --field-trial-handle=1928,i,7096264327253162341,5016269955840613307,131072 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5108 --field-trial-handle=1928,i,7096264327253162341,5016269955840613307,131072 /prefetch:8
  2⤵
  PID:4916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3512 --field-trial-handle=1928,i,7096264327253162341,5016269955840613307,131072 /prefetch:1
  2⤵
  PID:1144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3208 --field-trial-handle=1928,i,7096264327253162341,5016269955840613307,131072 /prefetch:1
  2⤵
  PID:208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4392 --field-trial-handle=1928,i,7096264327253162341,5016269955840613307,131072 /prefetch:8
  2⤵
  PID:4364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5268 --field-trial-handle=1928,i,7096264327253162341,5016269955840613307,131072 /prefetch:8
  2⤵
  PID:2568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4260 --field-trial-handle=1928,i,7096264327253162341,5016269955840613307,131072 /prefetch:1
  2⤵
  PID:1288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4940 --field-trial-handle=1928,i,7096264327253162341,5016269955840613307,131072 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3180 --field-trial-handle=1928,i,7096264327253162341,5016269955840613307,131072 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=856 --field-trial-handle=1928,i,7096264327253162341,5016269955840613307,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3212

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1428

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x49c 0x4f4
1⤵
PID:180

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\3ccd7a4b-6c83-4b1d-87ec-d4a1bd3bfa02.tmp

Filesize
8KB

MD5
a01c7ed5d2b2c07e4432b0fb4608e403

SHA1
9a3c6237995c0c1df5a8ea470b4666554707da81

SHA256
46a014ee5c86de0cbb4810034b2bc013a0e8ec45c350ce5ebf67f2cdd48202d2

SHA512
e6a9d049de018d797d825f42d7311727bcbf6dfae95f66545b97d60b5a4d424acb974cee04f984897fcbc3a1a4b6325d04b5626e6c584589ba08aabc3fb93e14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
c3d98603a1f2e879c09eff455d380e11

SHA1
192cd90abf8a445d036e65afbffae5174d18ba31

SHA256
d5694e5d01bea0cc0fe6afd55430f0f45b91ecc59e67ef90a49efacd3b1d8f11

SHA512
9af7d1f17a3b4fa31a1f7a47fd1ec52d9063053e01467777fced0c359e99726b0496a0a50d9b377afe115ae1e72b28e5efba0ecd488e6fa15fe6bcb7450a655f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
e47e93d78357269a81dfc366dd48792d

SHA1
cedaaeb8b266bec3babc4f702422e610420c05a0

SHA256
7d847794dfb79bbfa2e12f0f7baae4222901052c4ae513d97eb37cfa8be25441

SHA512
f4f55f77a09ed94898e506156bf3780c61b474994d64a006aa29cb8e598caae0cb111f756acb623a6d1c229e160b5816cccd75744d8ea6d03b5b2e0511694eb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
1f996575d112441f724fb4fe94905470

SHA1
f96564ec3c00f19a1cdf1de4271e1d5927b938c5

SHA256
eb266663f7d18934993a04653635d69a9474daeb8029a1a77b50b8daf3b67ad9

SHA512
6b31287813b9c5264346dd02ddeac7ddbd60ffe87f4c62050a24fb4e1e4bb82eebacccda85ef0c3375847511c782379421754b4597183508ce3b8d81debefee0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_meatspin.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
117bd0238c97fa5fb935935eccee196f

SHA1
5335b0528dc2d46c029e686c0846d1a88e544a73

SHA256
5edee43857af8df07cba12a004cd955d0a332b5302f0ff595665df87db801c89

SHA512
39398462a95cc73daef911ebc6df08019a9ad6b865fc329b6e393752d0a3f08fc3fb89d6409ef4189b9bb1bc646fd36a758c79018ba6b61a41ae5e1f6be27e12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
6af72107ba9c2abc2cca941d27488060

SHA1
2264a9d4c929516b5c85afa0235f348038129992

SHA256
3637370219de42b743c1fec9aaa91f4a0d5eaadd5cc95b1adbef630e3d200f98

SHA512
d7b4884de3c0d2ec8eb0859f3fcf5a96dccb1f438caf142f3826859516c0fa613bc1ee72d2b2bb5226c6d177cb5339d74a7ec459b73b8bd03ce2a913e297eaee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ecc1c111120ba5239f20ab24ce1c4cc2

SHA1
0c97ec247b1d34e287deac52b9791fdd9b19bb85

SHA256
167784f581ec19b71c502ec87a7d8f2aabe73df65cc68e883c7d218eea964108

SHA512
eb2342f65ff09e687b582832f35b2cfe891f1bc9d9ae6272edf876d46da18368761f5272c5d1452f8dfb5fc4ccd920b78e27a7c6ee9716b699774340e775a8b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8cdd8f059ec68c935431c89dc36aea36

SHA1
a58347f320ddcf4011e8d7590a08db02e6d19ac4

SHA256
c485dbd1bd4f74b12f6754c85de73868c604f3a75ddb18af4a8b1e63b93102be

SHA512
92ad75bdc63f6c05026ff4716afd0dd1f746af260cfe49860b74b307d61f49819af58942727e1d92f2490eae9a1eb4af6d062cfa33737bb5e8db68f3c9da1da9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
5ee527161c5d040591b2868be4963b2e

SHA1
420ec97318544374fcfb6cf23efe2619a7f843f7

SHA256
85247897e90abec1b8ab780906a9510e64c8fd5e165652872d6417f9a3f65b41

SHA512
2e796f60e96d55e4905c7f29908ff5ecb3070f46e28c38d131625ab27e67371ad5d0b5420e06661a1c5237448128709fe665ae0ac2cdfa9315926402472830bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
4a9253b2b97cebbab20641decf87fdb3

SHA1
13ef10e6ed5234c69ed419236b40e6cd0767c015

SHA256
37138e6d3e3598efe9e823f80edaaea2d3ee787a8cc14172561b56978ec8e8b0

SHA512
ddf9a6c379d1ed1d6f00902b1f3187305ea7a2a65c24806010f9f7f242e14a962a277725af7b82af113c54525794ee96ab8ea52f98f88d2ff758646423b590f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b3dd42fbc1dc60d8b146df84a555c6b6

SHA1
6621aebae4e9deb999a20c0a166086ac914e981e

SHA256
9aa531c3385a47a0164dfe04024a7dbe95a6124877f76d02ef423e49a37c5de1

SHA512
7be115c7a76479357725ac64195a16e6c4375b9dce1147a49dc1de2fd5f78b649eab084d1d6c14a9f7e56166c68d52fe65de105761a62f6d34b790ae43daeb95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3c9d487798cdeddb2d0eb41dc96622f4

SHA1
279522cb03590159f5ebb8fef357396a2952db3e

SHA256
7fffcd08f59884e18fd205a611076fc57e5c7d444f38015b6713a64ee0a20cdb

SHA512
aac73130ee3a37e7420046d284c8348e1a7ea4a16ea195f23f27e36c27656b7f7e3e6dd52ce035fd24041cca2bbbdd7d67a281d889924876997418a24df2dbe6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
140991a7d73049e405621b6df0ae7319

SHA1
f5bf27996db1570be321f309caae3705ffdb22c0

SHA256
c0bedba4bfc6f83f39aee3bb15c3ec8da118a70e3d72898b5bfb6133295ab3f6

SHA512
d47a7b49d4ba34ff540d80489b51a05cfd29172f4c7b6d36a2fe78f58eeccb76a7642c023e078757b51d2c6e1aa600a4c802b32bd9f4b1d20c7e707881f328c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
4a59d5017e4994ee19ee2c1daf156c4b

SHA1
01fdaa8b29bede0d51dffdfde98197ddc775778b

SHA256
9cee0564f68ed95f89473de7492d9ad8e80a114002c240a7fa0adced3228670e

SHA512
31b32ceddf3095d3e5d05e6a07a689be908fe5a3292d1a32c74496339f521a9180152521a95cab046caad7835517e08fe4c4e9791cc3923d08235a20914c9703

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
ee8a26257228db2b40bdb41c9fcb7a04

SHA1
271c49f59e2e218d8069977243b1ca88c7816a6b

SHA256
04a5c57f5e4828b10e8507875a8425aed8ec4214d382ac1aa9201606364298ba

SHA512
12d34d8a67f786f87473cd9190be482259e12be000e7b9098ed731a7b4ed0c17a274cc12f3bdef639ce7fc3b50d88da9ad1cabfb1bd2fda40277f16451b9c050

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
ce200b329fa35e012ba915c45f3dffc3

SHA1
c64f9f6692feeabeb358642ad22f385ef9fd0a8b

SHA256
08bf12fba9873ac206ffd0a8183a462bd7126e54c357fac555c0a95be6b35352

SHA512
a40f4dc0c900254d6e4be7f40369d65157a03bcbdd9e288e0373d4c9993b760af9cd8a6c82c81555a966fac0a116bd90d02ff3f6172f17a84c6167b66e0fa385

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
c0a1b2b383548ae7cc745a0e7dcbe0d3

SHA1
22781e6c387b4e708c2a3434b9ba61cfab5b54f9

SHA256
58f0fb63cb8bc7df7009b550ec01a203ed304ac48485648da019b5c13bc46e10

SHA512
5d3ba6813f6c3a459505598c264bbc2f351d94b4d5383920ee51bb65c71325e0f7de3bffca875c5717081684b5415d69051821e464dce29ec830080fe673ee9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
0a215abc725b938e0a43520de33faccb

SHA1
968693f682c06293db3c5426cf54d4019ab50f93

SHA256
57a5db1feac844e1555b3d6903b72e82c129e0fadf225acbb98577333876f7f3

SHA512
ec682ecfc1852190c33ef7045cf0d7cf520686195fcdb8d1f3ac1f1dfbadbb90bf01185d396ed58f40d7c29d1c94bbfa6574a2e346d5e2467ec762c3c89bb759

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
3671e57c5e5fbb6513daff87dd7fdc0e

SHA1
fef481c22c3b1784eac89a7f40d5bc7e1b775472

SHA256
45b252d3d6d5cd3b60f371faedb94f99ae00d6391d159b7a656dc993ef7fccfe

SHA512
49c4ede131f785bb683bd728140163e82c79305149da8c46a566a0d4db1e7bde8ee0713d113aa9536fa36f839f3e611e923b68ddd2ae3295681bce14aa51a2c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57c832.TMP

Filesize
48B

MD5
76a418261f11777e4947b34f566eca19

SHA1
feeff8f042b871bd6602f71fe4acf2cfb366d94b

SHA256
648e1877ed7493772457f3aa2fde529675cfa6cf2ee928e1d92f69aa4e9d2129

SHA512
90f119b55f325ba6638ca0e180946c3224caecdced97c8925df5fc933386b1ddddc05413a4f10234f9eb32602e7801dcd2b387854396032316a8f4a2eafdcd95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
253KB

MD5
22ad9cec8dbfadaedbfdefdeecdc4986

SHA1
d8f5e5b0e60be9dd7d5fe12c8ec28fbc0068e8f8

SHA256
ff5b1bc2feac1caf61b1c50206d7b61a2b5406496ce06d6aa27dc08b23276ff0

SHA512
ac77c202d5d9e50766976c1cbdb5e06f7ef967b06852833c816f632861ea9d9cd9b04ba099b935b06fb0716fd62448bc4230ee76839c89e00fbcac104a63305e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
253KB

MD5
7aec5f22bacf052d27e49b5c54a699f4

SHA1
930339255991cc79294007a8e9b1c32361800d11

SHA256
ded30ce96cecc345a1394cfc43fda05a28e056fd209b6e77bea91c70a6f3dceb

SHA512
554620e62818ce6c07188e9fb5a9e756433a151267a8ca19ce1c2a9c6dcd86e5fb488f28b428f77ca4f586ba6bcdfd4124b815793d7897c20e31d7b8adfba2d2

Download Submit