ced0f5da2879a3610cff667339936365f823cc495d0057b4d46f8f8445207a12

Analysis

max time kernel
111s
max time network
113s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
14-05-2024 02:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ava.config.js
Size

44B
MD5

9f8d0cb641497de6aab69fa3c01b0732
SHA1

c72078b4d414ab35a5f27422592a5f3ce8d77c3a
SHA256

ced0f5da2879a3610cff667339936365f823cc495d0057b4d46f8f8445207a12
SHA512

6f0a12753b2095b3a57897671f038a938b743dd0f94180294401834cd5f46a0ea14a001c1d92adb85ae6e45f967633892f2389ffbe8227ba7d9eec6dacf3ed15

Score

3^/10

execution

Malware Config

Signatures

Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 17 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133601267434191579"	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "235"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
4268	vlc.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1496	chrome.exe
1496	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4268	vlc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe

Suspicious use of FindShellTrayWindow 41 IoCs

pid	Process
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
4268	vlc.exe
4268	vlc.exe
4268	vlc.exe
4268	vlc.exe
4268	vlc.exe
4268	vlc.exe
4268	vlc.exe
4268	vlc.exe
4268	vlc.exe
4268	vlc.exe
4268	vlc.exe
4268	vlc.exe
4268	vlc.exe
4268	vlc.exe

Suspicious use of SendNotifyMessage 25 IoCs

pid	Process
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
4268	vlc.exe
4268	vlc.exe
4268	vlc.exe
4268	vlc.exe
4268	vlc.exe
4268	vlc.exe
4268	vlc.exe
4268	vlc.exe
4268	vlc.exe
4268	vlc.exe
4268	vlc.exe
4268	vlc.exe
4268	vlc.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4268	vlc.exe
5020	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1496 wrote to memory of 2368	1496	chrome.exe	84
PID 1496 wrote to memory of 2368	1496	chrome.exe	84
PID 1496 wrote to memory of 1196	1496	chrome.exe	85
PID 1496 wrote to memory of 1196	1496	chrome.exe	85
PID 1496 wrote to memory of 1196	1496	chrome.exe	85
PID 1496 wrote to memory of 1196	1496	chrome.exe	85
PID 1496 wrote to memory of 1196	1496	chrome.exe	85
PID 1496 wrote to memory of 1196	1496	chrome.exe	85
PID 1496 wrote to memory of 1196	1496	chrome.exe	85
PID 1496 wrote to memory of 1196	1496	chrome.exe	85
PID 1496 wrote to memory of 1196	1496	chrome.exe	85
PID 1496 wrote to memory of 1196	1496	chrome.exe	85
PID 1496 wrote to memory of 1196	1496	chrome.exe	85
PID 1496 wrote to memory of 1196	1496	chrome.exe	85
PID 1496 wrote to memory of 1196	1496	chrome.exe	85
PID 1496 wrote to memory of 1196	1496	chrome.exe	85
PID 1496 wrote to memory of 1196	1496	chrome.exe	85
PID 1496 wrote to memory of 1196	1496	chrome.exe	85
PID 1496 wrote to memory of 1196	1496	chrome.exe	85
PID 1496 wrote to memory of 1196	1496	chrome.exe	85
PID 1496 wrote to memory of 1196	1496	chrome.exe	85
PID 1496 wrote to memory of 1196	1496	chrome.exe	85
PID 1496 wrote to memory of 1196	1496	chrome.exe	85
PID 1496 wrote to memory of 1196	1496	chrome.exe	85
PID 1496 wrote to memory of 1196	1496	chrome.exe	85
PID 1496 wrote to memory of 1196	1496	chrome.exe	85
PID 1496 wrote to memory of 1196	1496	chrome.exe	85
PID 1496 wrote to memory of 1196	1496	chrome.exe	85
PID 1496 wrote to memory of 1196	1496	chrome.exe	85
PID 1496 wrote to memory of 1196	1496	chrome.exe	85
PID 1496 wrote to memory of 1196	1496	chrome.exe	85
PID 1496 wrote to memory of 1196	1496	chrome.exe	85
PID 1496 wrote to memory of 1196	1496	chrome.exe	85
PID 1496 wrote to memory of 3820	1496	chrome.exe	86
PID 1496 wrote to memory of 3820	1496	chrome.exe	86
PID 1496 wrote to memory of 2616	1496	chrome.exe	87
PID 1496 wrote to memory of 2616	1496	chrome.exe	87
PID 1496 wrote to memory of 2616	1496	chrome.exe	87
PID 1496 wrote to memory of 2616	1496	chrome.exe	87
PID 1496 wrote to memory of 2616	1496	chrome.exe	87
PID 1496 wrote to memory of 2616	1496	chrome.exe	87
PID 1496 wrote to memory of 2616	1496	chrome.exe	87
PID 1496 wrote to memory of 2616	1496	chrome.exe	87
PID 1496 wrote to memory of 2616	1496	chrome.exe	87
PID 1496 wrote to memory of 2616	1496	chrome.exe	87
PID 1496 wrote to memory of 2616	1496	chrome.exe	87
PID 1496 wrote to memory of 2616	1496	chrome.exe	87
PID 1496 wrote to memory of 2616	1496	chrome.exe	87
PID 1496 wrote to memory of 2616	1496	chrome.exe	87
PID 1496 wrote to memory of 2616	1496	chrome.exe	87
PID 1496 wrote to memory of 2616	1496	chrome.exe	87
PID 1496 wrote to memory of 2616	1496	chrome.exe	87
PID 1496 wrote to memory of 2616	1496	chrome.exe	87
PID 1496 wrote to memory of 2616	1496	chrome.exe	87
PID 1496 wrote to memory of 2616	1496	chrome.exe	87
PID 1496 wrote to memory of 2616	1496	chrome.exe	87
PID 1496 wrote to memory of 2616	1496	chrome.exe	87
PID 1496 wrote to memory of 2616	1496	chrome.exe	87
PID 1496 wrote to memory of 2616	1496	chrome.exe	87
PID 1496 wrote to memory of 2616	1496	chrome.exe	87
PID 1496 wrote to memory of 2616	1496	chrome.exe	87
PID 1496 wrote to memory of 2616	1496	chrome.exe	87
PID 1496 wrote to memory of 2616	1496	chrome.exe	87
PID 1496 wrote to memory of 2616	1496	chrome.exe	87

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\ava.config.js
1⤵
PID:3412

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb7339ab58,0x7ffb7339ab68,0x7ffb7339ab78
  2⤵
  PID:2368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1856,i,16057800332179331938,9102956525162124328,131072 /prefetch:2
  2⤵
  PID:1196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=1856,i,16057800332179331938,9102956525162124328,131072 /prefetch:8
  2⤵
  PID:3820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2216 --field-trial-handle=1856,i,16057800332179331938,9102956525162124328,131072 /prefetch:8
  2⤵
  PID:2616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3080 --field-trial-handle=1856,i,16057800332179331938,9102956525162124328,131072 /prefetch:1
  2⤵
  PID:1468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3100 --field-trial-handle=1856,i,16057800332179331938,9102956525162124328,131072 /prefetch:1
  2⤵
  PID:704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4264 --field-trial-handle=1856,i,16057800332179331938,9102956525162124328,131072 /prefetch:1
  2⤵
  PID:3384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4276 --field-trial-handle=1856,i,16057800332179331938,9102956525162124328,131072 /prefetch:8
  2⤵
  PID:3480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4408 --field-trial-handle=1856,i,16057800332179331938,9102956525162124328,131072 /prefetch:8
  2⤵
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4712 --field-trial-handle=1856,i,16057800332179331938,9102956525162124328,131072 /prefetch:8
  2⤵
  PID:4340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4184 --field-trial-handle=1856,i,16057800332179331938,9102956525162124328,131072 /prefetch:8
  2⤵
  PID:3744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4860 --field-trial-handle=1856,i,16057800332179331938,9102956525162124328,131072 /prefetch:8
  2⤵
  PID:1032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4248 --field-trial-handle=1856,i,16057800332179331938,9102956525162124328,131072 /prefetch:1
  2⤵
  PID:3708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4044 --field-trial-handle=1856,i,16057800332179331938,9102956525162124328,131072 /prefetch:1
  2⤵
  PID:4840

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3076

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:4340

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,Control_RunDLL C:\Windows\System32\srchadmin.dll ,
1⤵
PID:2304

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\DenyPush.DVR-MS"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4268

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3969055 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:5020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
1b871df8b4644ef25e98a25dd472f1f6

SHA1
941bc2ea18146bb8c1c827ad32e665595d6f7ff2

SHA256
f230e9e3a6196339b3dc409efa7b35cf3c07a76fb450cac329ef6c19c7c4fc8a

SHA512
3ad3887c14870d85fdc49a22987ecd817244df4a8e2b3d9c93957b6fcf7c1fdb4ebb7e837cf1af00b10e8f56d208aedc735aeac3314cc5bebcd09ae2acc7147b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
c84675692c4134a60c6d8ff8f89ac02e

SHA1
bb2529bd23aeeed04d9433fdc7f26303213dcdfd

SHA256
56d43fdfd5b640140596df753a2129c1def6b3e4cf89291e3f32faa99d3336d4

SHA512
8a79de4fcd3eb496ec0ea826904d8d33300361aa3bc28859bae2a6b552f6e0ce0d9fed60856319678b829d9772c7bb9e8f4779545696724f36708853616fccc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\2c83f1cc-cfd2-4269-86e3-9a359681ca7b.tmp

Filesize
3KB

MD5
4782c8a4738f79c59e4ccbaef81a7b48

SHA1
c5050685579323f9bc6c0c4c6f33a4af25a3b527

SHA256
1f27c3a588625ce41cd918ff97b98c5b72982e6d7b0fe599230cbc00b7e39e36

SHA512
acff22788bc64980633c202fd973ab2394042ef1bab2d6661f221520ecd2baa6c340aca41079809b2b9189904c3864d5b29a77714377dacdecef3f94b1c87257

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
a152d421bad0ae3e0bb28482399f7ef8

SHA1
b4f080e59550887f5dc01354f1c9bd26b6d52d6c

SHA256
78d6c89be68979e41524fb00d6aab14ddabf184fc9246d07bedb8b88100271b7

SHA512
bec3a3cbedcc4ad8b58a434b88e069d77d636924bf8b8ed0f24dfd7a6e362906f76a1c23262045b96bd2ea9446072332b619e6b1ebdaff423c242e19b3f903d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
13bb126717b4d1bdaddf96972b2a3cac

SHA1
c293db65caa0aa111a5d86d4215855e8faaf8d3f

SHA256
2746221cde397da966a9904519eaf526032947252b43328f3a9ceabdd11dc455

SHA512
55ad60cb45eb1ff054c9bd7efcda3b7b346ca80ae550a3973a1b4917469e6c7556529598a928e1c1fad59da1ae77d2e8f598f150ffd49d53f13d80d985cfca44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
eb2484604e7c6eb2e1e055ce6bb96a23

SHA1
8467d5e83cdceb57dbe9354f1b8107430d0f5bef

SHA256
a38338c58d62702adcdf64943d9782a29193138a62bb048412e77f6959e2154c

SHA512
195c91706a947604cf6499620b038263bc4bb0b26698131e501e6ead87aeef0246c29e2c9b97ce621204a794515c0c1de9617410c7b7ab08f14d40263434077a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
fb3606d484713ba64d6f57b5ee2642a6

SHA1
5c3d8cba85b9e0102624f10d5491697212add7bf

SHA256
ce914b3bc5fa4de20f5bdd8489ea727e9d1af13bf19106d174663a2c3497f60c

SHA512
4453e31f8b768f4d411ef4aad8b0ce826703ebaa7e8880ad75cfc3954b8da7d030c4801faf73516eb818be06d55ccbe24c4e50b6ae53c4fc4360b6d3268d8e2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b5b4b4869655d51e867f6b2579ffb63d

SHA1
34f900c76992cc7e7f3a002b380c1307a8bcf79d

SHA256
1bb1ae22d88de2c617a1966542e57ced7329e12af605f4c2deb4bab4e729c1eb

SHA512
b5871322d654adc3a8dba70be312d519afb67a1a9a61db69ab47a480c305f421ae6cdadd472742c99c7b384aae0939b5a03650354ad7fe8e3c1cccbb982c2741

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
01f976601e67913153c0c00f2d5af543

SHA1
2904461d1d50e7aa6af03bb6066216244bb83499

SHA256
2bebc206cc4ee449d1fbdd737740b417b177a66e3939170986491ceece01b6a6

SHA512
9f905b79d9a39882c721376d76d2a87b7b085d557d84788e8e2d4b88f55e771f423567158cd53fe1b12c8fcbf1146f20e64737e026cf8b707d0e00315d7977d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
258KB

MD5
be6a83f375457766e047ab5699058918

SHA1
f43bc23bed30cf415f7861067b07789d99100391

SHA256
40aed74dc077828406c7b5d50e48d7760b362cca789178d07912a873b7474beb

SHA512
01b4cafdcb959bbc8013460861163da347e734d8a0c1b22b4b76277fd9d9c96a563b24d46a7f437366a42baaa6b10b5de87ba8930ce10ab9621eff497b247160

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\c0fb41e5-6339-4599-acb7-8c355d0a972b.tmp

Filesize
258KB

MD5
f305b1eaf71b0c99d99838cf322fad0e

SHA1
3b8e2185c929d2c5a4ab9014314a136160dee8f2

SHA256
556227b74c22633a77e75ae4af1642e0d122f259950d47385c94a3948c0e42ee

SHA512
b9686553c670f31b4c6d225c27ec03f9b30bf9830b0e62fca251ee87f4d0f842707bc2f67c04a674b183970600c60ad3b372e5698b14eba6638bd0b1d82b051b

Download Submit
memory/4268-267-0x00007FFB84150000-0x00007FFB8416D000-memory.dmp

Filesize
116KB

Download
memory/4268-281-0x00007FFB73730000-0x00007FFB73797000-memory.dmp

Filesize
412KB

Download
memory/4268-261-0x00007FFB72FA0000-0x00007FFB73256000-memory.dmp

Filesize
2.7MB

Download
memory/4268-269-0x00007FFB84130000-0x00007FFB84141000-memory.dmp

Filesize
68KB

Download
memory/4268-271-0x00007FFB84100000-0x00007FFB84121000-memory.dmp

Filesize
132KB

Download
memory/4268-270-0x00007FFB84020000-0x00007FFB84061000-memory.dmp

Filesize
260KB

Download
memory/4268-272-0x00007FFB84000000-0x00007FFB84018000-memory.dmp

Filesize
96KB

Download
memory/4268-259-0x00007FF69FCF0000-0x00007FF69FDE8000-memory.dmp

Filesize
992KB

Download
memory/4268-284-0x00007FFB73650000-0x00007FFB736A7000-memory.dmp

Filesize
348KB

Download
memory/4268-268-0x00007FFB72B60000-0x00007FFB72D6B000-memory.dmp

Filesize
2.0MB

Download
memory/4268-283-0x00007FFB78500000-0x00007FFB78511000-memory.dmp

Filesize
68KB

Download
memory/4268-282-0x00007FFB736B0000-0x00007FFB7372C000-memory.dmp

Filesize
496KB

Download
memory/4268-273-0x00007FFB71AB0000-0x00007FFB72B60000-memory.dmp

Filesize
16.7MB

Download
memory/4268-260-0x00007FFB84CC0000-0x00007FFB84CF4000-memory.dmp

Filesize
208KB

Download
memory/4268-280-0x00007FFB79320000-0x00007FFB79350000-memory.dmp

Filesize
192KB

Download
memory/4268-279-0x00007FFB80430000-0x00007FFB80448000-memory.dmp

Filesize
96KB

Download
memory/4268-278-0x00007FFB80450000-0x00007FFB80461000-memory.dmp

Filesize
68KB

Download
memory/4268-277-0x00007FFB83ED0000-0x00007FFB83EEB000-memory.dmp

Filesize
108KB

Download
memory/4268-276-0x00007FFB83F40000-0x00007FFB83F51000-memory.dmp

Filesize
68KB

Download
memory/4268-275-0x00007FFB83F90000-0x00007FFB83FA1000-memory.dmp

Filesize
68KB

Download
memory/4268-274-0x00007FFB83FE0000-0x00007FFB83FF1000-memory.dmp

Filesize
68KB

Download
memory/4268-266-0x00007FFB84170000-0x00007FFB84181000-memory.dmp

Filesize
68KB

Download
memory/4268-265-0x00007FFB84190000-0x00007FFB841A7000-memory.dmp

Filesize
92KB

Download
memory/4268-264-0x00007FFB841B0000-0x00007FFB841C1000-memory.dmp

Filesize
68KB

Download
memory/4268-263-0x00007FFB846C0000-0x00007FFB846D7000-memory.dmp

Filesize
92KB

Download
memory/4268-262-0x00007FFB84960000-0x00007FFB84978000-memory.dmp

Filesize
96KB

Download
memory/4268-287-0x00007FFB72FA0000-0x00007FFB73256000-memory.dmp

Filesize
2.7MB

Download
memory/4268-299-0x00007FFB71AB0000-0x00007FFB72B60000-memory.dmp

Filesize
16.7MB

Download