97f4edf1775eed410448a7a45b79e0f191b7609bfedb3979c0005e1ada87a96d

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
25-04-2024 12:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ass.vbs
Size

1KB
MD5

07edb399c2dc4dfb266a482cc04ab171
SHA1

fcafc22aab69c7e8ecccaf8a3f9c3afbe7e0166a
SHA256

97f4edf1775eed410448a7a45b79e0f191b7609bfedb3979c0005e1ada87a96d
SHA512

349b8c24f0ef75c8a74286c5d77a75b3e8eb5d6a2a25160d5ad547a2c3a5878e29ea0d4c8d17ca8157bd812d088989dea323cb305e8a1ed6b6bb48c3ae53d0a0

Score

8^/10

evasion

Malware Config

Signatures

Disables RegEdit via registry modification 1 IoCs

evasion

Processes:

reg.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1"	reg.exe

Disables Task Manager via registry modification
evasion
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.

Query Registry
T1012

System Information Discovery
T1082

Processes:

WScript.exe

description ioc process

Key value queried \REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000\Control Panel\International\Geo\Nation WScript.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2177723727-746291240-1644359950-1000\Control Panel\International\Geo\Nation	WScript.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133585208615043771"	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2177723727-746291240-1644359950-1000\{D3A98552-817B-4F28-B7FA-C56604AF5B13}	chrome.exe

Modifies registry key 1 TTPs 2 IoCs

Modify Registry
T1112

Processes:

reg.exereg.exe

pid process

2620 reg.exe
3800 reg.exe
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

4864 chrome.exe
4864 chrome.exe
2816 chrome.exe
2816 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

Processes:

chrome.exe

pid process

4864 chrome.exe
4864 chrome.exe
4864 chrome.exe
4864 chrome.exe

pid	process
2620	reg.exe
3800	reg.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exeAUDIODG.EXE

description	pid	process
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: 33	3212	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3212	AUDIODG.EXE
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

WScript.exechrome.exe

description	pid	process	target process
PID 532 wrote to memory of 2620	532	WScript.exe	reg.exe
PID 532 wrote to memory of 2620	532	WScript.exe	reg.exe
PID 532 wrote to memory of 3800	532	WScript.exe	reg.exe
PID 532 wrote to memory of 3800	532	WScript.exe	reg.exe
PID 532 wrote to memory of 4864	532	WScript.exe	chrome.exe
PID 532 wrote to memory of 4864	532	WScript.exe	chrome.exe
PID 4864 wrote to memory of 4912	4864	chrome.exe	chrome.exe
PID 4864 wrote to memory of 4912	4864	chrome.exe	chrome.exe
PID 4864 wrote to memory of 5116	4864	chrome.exe	chrome.exe
PID 4864 wrote to memory of 5116	4864	chrome.exe	chrome.exe
PID 4864 wrote to memory of 5116	4864	chrome.exe	chrome.exe
PID 4864 wrote to memory of 5116	4864	chrome.exe	chrome.exe
PID 4864 wrote to memory of 5116	4864	chrome.exe	chrome.exe
PID 4864 wrote to memory of 5116	4864	chrome.exe	chrome.exe
PID 4864 wrote to memory of 5116	4864	chrome.exe	chrome.exe
PID 4864 wrote to memory of 5116	4864	chrome.exe	chrome.exe
PID 4864 wrote to memory of 5116	4864	chrome.exe	chrome.exe
PID 4864 wrote to memory of 5116	4864	chrome.exe	chrome.exe
PID 4864 wrote to memory of 5116	4864	chrome.exe	chrome.exe
PID 4864 wrote to memory of 5116	4864	chrome.exe	chrome.exe
PID 4864 wrote to memory of 5116	4864	chrome.exe	chrome.exe
PID 4864 wrote to memory of 5116	4864	chrome.exe	chrome.exe
PID 4864 wrote to memory of 5116	4864	chrome.exe	chrome.exe
PID 4864 wrote to memory of 5116	4864	chrome.exe	chrome.exe
PID 4864 wrote to memory of 5116	4864	chrome.exe	chrome.exe
PID 4864 wrote to memory of 5116	4864	chrome.exe	chrome.exe
PID 4864 wrote to memory of 5116	4864	chrome.exe	chrome.exe
PID 4864 wrote to memory of 5116	4864	chrome.exe	chrome.exe
PID 4864 wrote to memory of 5116	4864	chrome.exe	chrome.exe
PID 4864 wrote to memory of 5116	4864	chrome.exe	chrome.exe
PID 4864 wrote to memory of 5116	4864	chrome.exe	chrome.exe
PID 4864 wrote to memory of 5116	4864	chrome.exe	chrome.exe
PID 4864 wrote to memory of 5116	4864	chrome.exe	chrome.exe
PID 4864 wrote to memory of 5116	4864	chrome.exe	chrome.exe
PID 4864 wrote to memory of 5116	4864	chrome.exe	chrome.exe
PID 4864 wrote to memory of 5116	4864	chrome.exe	chrome.exe
PID 4864 wrote to memory of 5116	4864	chrome.exe	chrome.exe
PID 4864 wrote to memory of 5116	4864	chrome.exe	chrome.exe
PID 4864 wrote to memory of 5116	4864	chrome.exe	chrome.exe
PID 4864 wrote to memory of 2776	4864	chrome.exe	chrome.exe
PID 4864 wrote to memory of 2776	4864	chrome.exe	chrome.exe
PID 4864 wrote to memory of 1232	4864	chrome.exe	chrome.exe
PID 4864 wrote to memory of 1232	4864	chrome.exe	chrome.exe
PID 4864 wrote to memory of 1232	4864	chrome.exe	chrome.exe
PID 4864 wrote to memory of 1232	4864	chrome.exe	chrome.exe
PID 4864 wrote to memory of 1232	4864	chrome.exe	chrome.exe
PID 4864 wrote to memory of 1232	4864	chrome.exe	chrome.exe
PID 4864 wrote to memory of 1232	4864	chrome.exe	chrome.exe
PID 4864 wrote to memory of 1232	4864	chrome.exe	chrome.exe
PID 4864 wrote to memory of 1232	4864	chrome.exe	chrome.exe
PID 4864 wrote to memory of 1232	4864	chrome.exe	chrome.exe
PID 4864 wrote to memory of 1232	4864	chrome.exe	chrome.exe
PID 4864 wrote to memory of 1232	4864	chrome.exe	chrome.exe
PID 4864 wrote to memory of 1232	4864	chrome.exe	chrome.exe
PID 4864 wrote to memory of 1232	4864	chrome.exe	chrome.exe
PID 4864 wrote to memory of 1232	4864	chrome.exe	chrome.exe
PID 4864 wrote to memory of 1232	4864	chrome.exe	chrome.exe
PID 4864 wrote to memory of 1232	4864	chrome.exe	chrome.exe
PID 4864 wrote to memory of 1232	4864	chrome.exe	chrome.exe
PID 4864 wrote to memory of 1232	4864	chrome.exe	chrome.exe
PID 4864 wrote to memory of 1232	4864	chrome.exe	chrome.exe
PID 4864 wrote to memory of 1232	4864	chrome.exe	chrome.exe
PID 4864 wrote to memory of 1232	4864	chrome.exe	chrome.exe
PID 4864 wrote to memory of 1232	4864	chrome.exe	chrome.exe

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\ass.vbs"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:532

C:\Windows\System32\reg.exe
"C:\Windows\System32\reg.exe" add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
2⤵
- Modifies registry key
PID:2620

C:\Windows\System32\reg.exe
"C:\Windows\System32\reg.exe" add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 1 /f
2⤵
- Disables RegEdit via registry modification
- Modifies registry key
PID:3800

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/watch?v=BbeeuzU5Qc8&ab_channel=MetroGirlzStation
2⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4864

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9bfd6ab58,0x7ff9bfd6ab68,0x7ff9bfd6ab78
3⤵
PID:4912

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1820 --field-trial-handle=1780,i,17709789758111791304,7743050796015237693,131072 /prefetch:2
3⤵
PID:5116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1780,i,17709789758111791304,7743050796015237693,131072 /prefetch:8
3⤵
PID:2776

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2192 --field-trial-handle=1780,i,17709789758111791304,7743050796015237693,131072 /prefetch:8
3⤵
PID:1232

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3076 --field-trial-handle=1780,i,17709789758111791304,7743050796015237693,131072 /prefetch:1
3⤵
PID:2536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3092 --field-trial-handle=1780,i,17709789758111791304,7743050796015237693,131072 /prefetch:1
3⤵
PID:4940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4316 --field-trial-handle=1780,i,17709789758111791304,7743050796015237693,131072 /prefetch:1
3⤵
PID:2384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3344 --field-trial-handle=1780,i,17709789758111791304,7743050796015237693,131072 /prefetch:1
3⤵
PID:1896

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4640 --field-trial-handle=1780,i,17709789758111791304,7743050796015237693,131072 /prefetch:8
3⤵
PID:2420

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4492 --field-trial-handle=1780,i,17709789758111791304,7743050796015237693,131072 /prefetch:8
3⤵
- Modifies registry class
PID:3112

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5092 --field-trial-handle=1780,i,17709789758111791304,7743050796015237693,131072 /prefetch:8
3⤵
PID:5180

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4976 --field-trial-handle=1780,i,17709789758111791304,7743050796015237693,131072 /prefetch:8
3⤵
PID:5192

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5016 --field-trial-handle=1780,i,17709789758111791304,7743050796015237693,131072 /prefetch:8
3⤵
PID:5288

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1780,i,17709789758111791304,7743050796015237693,131072 /prefetch:2
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:2816

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4408

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x404 0x49c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007
Filesize
46KB

MD5
fc61620b49e35cb359b1f0cf208f6a87

SHA1
54d6ad78961f356ae02cf52144e2baed96f97485

SHA256
65cf192b867dddedcb10ee782d29d0989c00395fc6ff6a0923e23756ab8e0eba

SHA512
17ae00dcb2a9293e33007c623ebb462ba4961e345255733b03b1dcd4bbecf34db280e77b57813e5b5c42467ec0a7c7af1b40fb038650fe526be380f4624dea17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
504B

MD5
f3d1609442623e8093f0327507ef24d7

SHA1
804fba41c9d98507cdcb22e9be12e3c215051881

SHA256
fc740d56fcb62a2ac0112c0a247f8c05507108c8d57bf695465a48df03280a64

SHA512
d96dc27e7abba49b3f85cf0050c363b4dc1049e1248ff40f28d7b27f4c2c06be431ce04cac7e76281f09e3f7d3197c92688e0b0002cc777fbd0b652d0bf5e035

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
2a52bc42eb808cda91b0ac8a0fc1f519

SHA1
154680d6f6b2a1b92806ecdbb0f0619ea8e45ba6

SHA256
1d27e0a1b6a6e1f5be09fb6f26c62023c03f9a105e78661dd46ae027df474877

SHA512
604bb2b98c51e8546501d6b02784cf3e4725b1014d794048b8f69ab32ad454627bbc145fdb294e929a639f3e0b35cf29cc3508cdd3ea023ba73418bcb860c9b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
04035e5e1c789a18647a7d9969d71209

SHA1
0fbe51a6341f1368a0678e39587518f5c4212204

SHA256
a6490e20aa34b4e2ab8183c9d3bb78e07e1ec409cb2dfcef51a4ed0d37cd4634

SHA512
171dc796fd74c4d6e4fa8b7ca5beb48f68d06da68568b9e35f96145ed4a9a5e9fd669be1f192f2e8751fc45b94df0d532ca2a2edd2d747dce613f493221e39be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
259eb96348c3ae8e0009491bbef893cc

SHA1
6d24abfeb3cdc1586082feb8eb568038022b5f48

SHA256
83aab301f2422b30e5be7fc91f282423b2c8d73534bdd93aa982ca82bb485dd8

SHA512
9abfcd3d1b74d459b0fb504de068cd0c386d837fd13b1d0b3dc37248b4c50dae5e07d6dc0ea6f6903caf35a49a94d9f947c3a60f0885f390da250474cd97f751

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
ca6335c8bf12f791294fcd2f6dacb2bb

SHA1
00f078012e87a4df38106beb5cc34e39bc720088

SHA256
253873f4580de5841c53b6428b0dbbe3465a72fe390a9d445bf88d1b0e2cbb07

SHA512
6fb020c848a8210cfdb752f5866cb0ac6316a7eebaace0438990adee45da04d057013695fc405575ccd146cf7b3249ff7379635b85da83872d9219d763e6efd7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
cc1ab41696793b798b63e096be432366

SHA1
cefa9d82310d53fe9c11138c96ef5b5b4f5f751a

SHA256
33b684656327b35f99a0c959c40d365ee40d44bb5c07c33d627a270a0b597dcf

SHA512
40ba68756b25bb656f8a8d8eabc6ea4d7b35028a4613d197001d74140a9555339c9a479bad9962cf781606c473440f3bf60e5a07fc0e266585f75928afff48f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
16KB

MD5
a82e1119523c04ecd6eff5f6e6a4c169

SHA1
75ef469784e7a05f54682b6915294883ae729036

SHA256
8945ebc0374a1622c2c2cca00cd9011af06169850ad970979ab80dbbc9e0422b

SHA512
6cf989c45025a6bf471187e71d3219b66fc030e4c0c6dfdf3e26ce25f675a899b222e2510c40a3b71e2a74271c76f45230aba0817ab4938d13dfa87ccabce706

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\68635f4f-f6f0-4727-896a-7fcf87a55242\index-dir\the-real-index
Filesize
624B

MD5
1410a302e98278600bd6afddf872e9ec

SHA1
27edd96b9fa1ad997e4abbc1083996056e8af836

SHA256
da1db78da94cc3289088eb6b473cba878abcf7ff996a44ccd1b47ebed482ca2f

SHA512
aebca8616aa4a5f511c8bc50597ec7cac084d3417af1e5778f2a13998aeae19d844cb107eff160ca066095053ca08706d7d178abfd2706557d6d1b126a412c66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\68635f4f-f6f0-4727-896a-7fcf87a55242\index-dir\the-real-index~RFe57a086.TMP
Filesize
48B

MD5
fecac046be0fbd464cafac1c900e871e

SHA1
4a690dfef7b28635824f3e95bfcb7425db51867e

SHA256
50f9d656c1915997a4140737ea5db311418665b66443d2ebe067f3b83c40a367

SHA512
bff1af2e43ae8c9542e2e3257a15fea7439ac34afdcd940092d1c83ffa522205581f932f2dc46580cdeeec2f2aaf5b27ac6c39c9a655a20a09c2b6e457efad2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ae1ab2bd-b3da-4630-a935-623386515b3a\index-dir\the-real-index
Filesize
2KB

MD5
0e6e0c089f2c066c7e2eebd39a52f3f1

SHA1
e307b77fbf869d12bde890e8792f11c8ae362bfd

SHA256
f453ba21b7f6a5f93fc5659dca5d26cac9ec5f6cb440db9aa56d260c716718e8

SHA512
bff6eac497196999e708fc9ef3ea0aa8a7f93eaa64e6aac9cbe1a732a00b4ddac79f9c99594bae8dc7c21d7d27fd86e3393f0887037de9ee6c7718c3d87d43bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ae1ab2bd-b3da-4630-a935-623386515b3a\index-dir\the-real-index~RFe579dc6.TMP
Filesize
48B

MD5
dd975702e5ea4cf9882d9ac40c731c0c

SHA1
c7b772c4ee3cdbac53de4936ef599ce1f29fffe0

SHA256
6efa3df6813f6e1ee245a35b62a3aea973938e98b3a53bb0d05c404c835c5519

SHA512
78071d946e74adf2a0fd9a47675c3b7b63fae87079fd4467c673d4907cb330e9cc287e5088a1dbfcc025d4750d32527eaa010a687ce0eafd719d2bceb8e490af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
176B

MD5
9e849873e6efbfb6b597b8e56d377cbb

SHA1
af65824f2a717c61d6050a34d5db4c0563f7add9

SHA256
65967864290fc31fb5e7da468a928abd3d851b998cb4d4d4d859bf0a0e78b743

SHA512
a3d584abe086e5f5ac65b746a5373e26522b79cb798d07160cd0f875abab8a4984cc4ef7994f7c9ce4dc012e880b1dd172077fcbe1668eaffc11cf317116c051

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
112B

MD5
73979d5a28dd6ab8f1c51c5fc4869bce

SHA1
4bb8ac4cb22e1fe391c2937c1236c2a81bc9b18f

SHA256
6746fca706d8719fb8247f863862f6dd719f08251828e593beacb4681b7b0ca6

SHA512
0f632a45cea7387ff9563ee20f810b1cb6b3f10e316b92eb2408afa4eb36869e404e33245df80ec4a166a4b72eb4e6f6b2a9fee139aa709c9904fe4f02bd4adf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
185B

MD5
2b789056f9d574ff698525a73fbf8528

SHA1
6cee8b20293fbc54761a1a03dc52ead2fedf1738

SHA256
ebb5806217ba334b0ca41d8220c8a258e7c71c9bdea3e3b5d8fa45f5ac0a1b8b

SHA512
6ddaabd2f0544c5be6c6def27140a070a486bc29ff007dc85e506be3ea5e97e61322772761f2ba17b71b9283e92e2fa60525f7de01fa6c354efa8d35f3afa409

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
183B

MD5
5b08bc17039552388224f19d2c2d809f

SHA1
528c9ba160d2ba33cc1d66bb9a5b26cac94eeff4

SHA256
a85a27c58ed2d29c6d283a68592932c5ac2a6a509e5fce59a52b6c56cdc5385f

SHA512
98772793ccb4d6d56f110a4060bda7dc6479fa37c1fa39437859353bfa564c4784e9430ac1cf19af23bd03556ee03ea96cc497431318317de9234a1643fafa1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe573ff7.TMP
Filesize
119B

MD5
a98145ba28c42199c0c9c99def53ddd2

SHA1
5fbf2291582613975c93ca4e6dbb939640d76332

SHA256
f00e4a62ed55514c3cd9ad08a95384ab422fcbb31ef08c5b9790b8846d3e09ca

SHA512
f07efb23a132851b5716487dd2df1ee6959821b55a8de243ce3dc3e75a1f0871184ad14b9ffb7c2b1d2c5b74a0141de14b01c1586e34edea63abb539e5b33eda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
96B

MD5
48391302d51939f5bb8e945162ba2de8

SHA1
eeab4edf1a61e70c02796aa8d401ea72a39b34a6

SHA256
7e6d0d4ac3c94ac8b41684f610b21b707568421788cdb5061751bec7b964d106

SHA512
67491614d249ca802c35e839fcf20bb74a67083934bcd49e27d1e3d245fac39ce2656e7310c231ceada0a6e8c2d1844340dc1c0e8412e377b48183c561dda336

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe579431.TMP
Filesize
48B

MD5
45505083da4d7c8e1cf1b9dd3b055f94

SHA1
bcf17d9928917e7f30d725c153cffabe194c1586

SHA256
cefb386cb9e448250eafd6d8532e89cf8bdf3de5a613d2b3dcd2fabd8140abaa

SHA512
0e9a77672cca832fa0fb27789f393cd48b50d4a77c20d91734bfb5162a10f8db8937ce9629324964f9b1336bbc5a4c242619f8fd7a65b9045b6eca7b9708a3dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\32.png
Filesize
673B

MD5
88dfa96f9642297ff88909ca4e0f7330

SHA1
ed8655bf13e6cc49395da4c760168c4148454b7c

SHA256
5e5eb084cf1a650b2e122f53d36f85b67ce6e39069e399a46a25dbd34f7be286

SHA512
cc2deedfeacf9f26e48cbb26e222a219905888b95634c7d91d6393b84248305ce8940816bdb3bff0f5384b9dad90f4e3905b229e06ce4b1023a1439293b240dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4864_1249221806\Shortcuts Menu Icons\Monochrome\0\512.png
Filesize
2KB

MD5
12a429f9782bcff446dc1089b68d44ee

SHA1
e41e5a1a4f2950a7f2da8be77ca26a66da7093b9

SHA256
e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37

SHA512
1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4864_1249221806\Shortcuts Menu Icons\Monochrome\1\512.png
Filesize
10KB

MD5
7f57c509f12aaae2c269646db7fde6e8

SHA1
969d8c0e3d9140f843f36ccf2974b112ad7afc07

SHA256
1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f

SHA512
3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4864_2075722701\Icons Monochrome\16.png
Filesize
216B

MD5
a4fd4f5953721f7f3a5b4bfd58922efe

SHA1
f3abed41d764efbd26bacf84c42bd8098a14c5cb

SHA256
c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3

SHA512
7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
253KB

MD5
a1a2c78afc249e92e38e02ebbeb24c4d

SHA1
e7bec9c0d16422e17afeb051d2bcf1d9c4a7b97a

SHA256
3119ed0c57356b21c2a5c25393861cb514f780f1eec9e84541a6d290d9c04a6c

SHA512
03c31160b6bc520be061b7e18dfde30fde7c54310d2216dbfd45acfa09212acb8c33c13bc06f712c342cbde9c01bf7e3b43f92a11b0dd98c85bd11d8fb1411f9

Download Submit
\??\pipe\crashpad_4864_SNKDHFCHBBYXVDZG
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit