hxxps://voicemeeter[.]net/

Analysis

max time kernel
149s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
09/08/2024, 14:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://voicemeeter.net/

Score

5^/10

discovery persistence privilege_escalation

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133676870149822638"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2016	chrome.exe
2016	chrome.exe
32	chrome.exe
32	chrome.exe
32	chrome.exe
32	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2016	chrome.exe
Token: SeCreatePagefilePrivilege	2016	chrome.exe
Token: SeShutdownPrivilege	2016	chrome.exe
Token: SeCreatePagefilePrivilege	2016	chrome.exe
Token: SeShutdownPrivilege	2016	chrome.exe
Token: SeCreatePagefilePrivilege	2016	chrome.exe
Token: SeShutdownPrivilege	2016	chrome.exe
Token: SeCreatePagefilePrivilege	2016	chrome.exe
Token: SeShutdownPrivilege	2016	chrome.exe
Token: SeCreatePagefilePrivilege	2016	chrome.exe
Token: SeShutdownPrivilege	2016	chrome.exe
Token: SeCreatePagefilePrivilege	2016	chrome.exe
Token: SeShutdownPrivilege	2016	chrome.exe
Token: SeCreatePagefilePrivilege	2016	chrome.exe
Token: SeShutdownPrivilege	2016	chrome.exe
Token: SeCreatePagefilePrivilege	2016	chrome.exe
Token: SeShutdownPrivilege	2016	chrome.exe
Token: SeCreatePagefilePrivilege	2016	chrome.exe
Token: SeShutdownPrivilege	2016	chrome.exe
Token: SeCreatePagefilePrivilege	2016	chrome.exe
Token: SeShutdownPrivilege	2016	chrome.exe
Token: SeCreatePagefilePrivilege	2016	chrome.exe
Token: SeShutdownPrivilege	2016	chrome.exe
Token: SeCreatePagefilePrivilege	2016	chrome.exe
Token: SeShutdownPrivilege	2016	chrome.exe
Token: SeCreatePagefilePrivilege	2016	chrome.exe
Token: SeShutdownPrivilege	2016	chrome.exe
Token: SeCreatePagefilePrivilege	2016	chrome.exe
Token: SeShutdownPrivilege	2016	chrome.exe
Token: SeCreatePagefilePrivilege	2016	chrome.exe
Token: SeShutdownPrivilege	2016	chrome.exe
Token: SeCreatePagefilePrivilege	2016	chrome.exe
Token: SeShutdownPrivilege	2016	chrome.exe
Token: SeCreatePagefilePrivilege	2016	chrome.exe
Token: SeShutdownPrivilege	2016	chrome.exe
Token: SeCreatePagefilePrivilege	2016	chrome.exe
Token: SeShutdownPrivilege	2016	chrome.exe
Token: SeCreatePagefilePrivilege	2016	chrome.exe
Token: SeShutdownPrivilege	2016	chrome.exe
Token: SeCreatePagefilePrivilege	2016	chrome.exe
Token: SeShutdownPrivilege	2016	chrome.exe
Token: SeCreatePagefilePrivilege	2016	chrome.exe
Token: SeShutdownPrivilege	2016	chrome.exe
Token: SeCreatePagefilePrivilege	2016	chrome.exe
Token: SeShutdownPrivilege	2016	chrome.exe
Token: SeCreatePagefilePrivilege	2016	chrome.exe
Token: SeShutdownPrivilege	2016	chrome.exe
Token: SeCreatePagefilePrivilege	2016	chrome.exe
Token: SeShutdownPrivilege	2016	chrome.exe
Token: SeCreatePagefilePrivilege	2016	chrome.exe
Token: SeShutdownPrivilege	2016	chrome.exe
Token: SeCreatePagefilePrivilege	2016	chrome.exe
Token: SeShutdownPrivilege	2016	chrome.exe
Token: SeCreatePagefilePrivilege	2016	chrome.exe
Token: SeShutdownPrivilege	2016	chrome.exe
Token: SeCreatePagefilePrivilege	2016	chrome.exe
Token: SeShutdownPrivilege	2016	chrome.exe
Token: SeCreatePagefilePrivilege	2016	chrome.exe
Token: SeShutdownPrivilege	2016	chrome.exe
Token: SeCreatePagefilePrivilege	2016	chrome.exe
Token: SeShutdownPrivilege	2016	chrome.exe
Token: SeCreatePagefilePrivilege	2016	chrome.exe
Token: SeShutdownPrivilege	2016	chrome.exe
Token: SeCreatePagefilePrivilege	2016	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2876	osk.exe
2876	osk.exe
2876	osk.exe
2876	osk.exe
2876	osk.exe
2876	osk.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe
2016	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2016 wrote to memory of 4148	2016	chrome.exe	81
PID 2016 wrote to memory of 4148	2016	chrome.exe	81
PID 2016 wrote to memory of 3612	2016	chrome.exe	82
PID 2016 wrote to memory of 3612	2016	chrome.exe	82
PID 2016 wrote to memory of 3612	2016	chrome.exe	82
PID 2016 wrote to memory of 3612	2016	chrome.exe	82
PID 2016 wrote to memory of 3612	2016	chrome.exe	82
PID 2016 wrote to memory of 3612	2016	chrome.exe	82
PID 2016 wrote to memory of 3612	2016	chrome.exe	82
PID 2016 wrote to memory of 3612	2016	chrome.exe	82
PID 2016 wrote to memory of 3612	2016	chrome.exe	82
PID 2016 wrote to memory of 3612	2016	chrome.exe	82
PID 2016 wrote to memory of 3612	2016	chrome.exe	82
PID 2016 wrote to memory of 3612	2016	chrome.exe	82
PID 2016 wrote to memory of 3612	2016	chrome.exe	82
PID 2016 wrote to memory of 3612	2016	chrome.exe	82
PID 2016 wrote to memory of 3612	2016	chrome.exe	82
PID 2016 wrote to memory of 3612	2016	chrome.exe	82
PID 2016 wrote to memory of 3612	2016	chrome.exe	82
PID 2016 wrote to memory of 3612	2016	chrome.exe	82
PID 2016 wrote to memory of 3612	2016	chrome.exe	82
PID 2016 wrote to memory of 3612	2016	chrome.exe	82
PID 2016 wrote to memory of 3612	2016	chrome.exe	82
PID 2016 wrote to memory of 3612	2016	chrome.exe	82
PID 2016 wrote to memory of 3612	2016	chrome.exe	82
PID 2016 wrote to memory of 3612	2016	chrome.exe	82
PID 2016 wrote to memory of 3612	2016	chrome.exe	82
PID 2016 wrote to memory of 3612	2016	chrome.exe	82
PID 2016 wrote to memory of 3612	2016	chrome.exe	82
PID 2016 wrote to memory of 3612	2016	chrome.exe	82
PID 2016 wrote to memory of 3612	2016	chrome.exe	82
PID 2016 wrote to memory of 3612	2016	chrome.exe	82
PID 2016 wrote to memory of 3312	2016	chrome.exe	83
PID 2016 wrote to memory of 3312	2016	chrome.exe	83
PID 2016 wrote to memory of 2568	2016	chrome.exe	84
PID 2016 wrote to memory of 2568	2016	chrome.exe	84
PID 2016 wrote to memory of 2568	2016	chrome.exe	84
PID 2016 wrote to memory of 2568	2016	chrome.exe	84
PID 2016 wrote to memory of 2568	2016	chrome.exe	84
PID 2016 wrote to memory of 2568	2016	chrome.exe	84
PID 2016 wrote to memory of 2568	2016	chrome.exe	84
PID 2016 wrote to memory of 2568	2016	chrome.exe	84
PID 2016 wrote to memory of 2568	2016	chrome.exe	84
PID 2016 wrote to memory of 2568	2016	chrome.exe	84
PID 2016 wrote to memory of 2568	2016	chrome.exe	84
PID 2016 wrote to memory of 2568	2016	chrome.exe	84
PID 2016 wrote to memory of 2568	2016	chrome.exe	84
PID 2016 wrote to memory of 2568	2016	chrome.exe	84
PID 2016 wrote to memory of 2568	2016	chrome.exe	84
PID 2016 wrote to memory of 2568	2016	chrome.exe	84
PID 2016 wrote to memory of 2568	2016	chrome.exe	84
PID 2016 wrote to memory of 2568	2016	chrome.exe	84
PID 2016 wrote to memory of 2568	2016	chrome.exe	84
PID 2016 wrote to memory of 2568	2016	chrome.exe	84
PID 2016 wrote to memory of 2568	2016	chrome.exe	84
PID 2016 wrote to memory of 2568	2016	chrome.exe	84
PID 2016 wrote to memory of 2568	2016	chrome.exe	84
PID 2016 wrote to memory of 2568	2016	chrome.exe	84
PID 2016 wrote to memory of 2568	2016	chrome.exe	84
PID 2016 wrote to memory of 2568	2016	chrome.exe	84
PID 2016 wrote to memory of 2568	2016	chrome.exe	84
PID 2016 wrote to memory of 2568	2016	chrome.exe	84
PID 2016 wrote to memory of 2568	2016	chrome.exe	84
PID 2016 wrote to memory of 2568	2016	chrome.exe	84

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://voicemeeter.net/
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe565acc40,0x7ffe565acc4c,0x7ffe565acc58
  2⤵
  PID:4148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1920,i,8912406275622491545,8304039823324864087,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1912 /prefetch:2
  2⤵
  PID:3612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1756,i,8912406275622491545,8304039823324864087,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1484 /prefetch:3
  2⤵
  PID:3312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2184,i,8912406275622491545,8304039823324864087,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2400 /prefetch:8
  2⤵
  PID:2568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3100,i,8912406275622491545,8304039823324864087,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3108 /prefetch:1
  2⤵
  PID:1604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3120,i,8912406275622491545,8304039823324864087,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:3176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4372,i,8912406275622491545,8304039823324864087,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4812 /prefetch:8
  2⤵
  PID:5004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4972,i,8912406275622491545,8304039823324864087,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:3416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5156,i,8912406275622491545,8304039823324864087,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:4744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5312,i,8912406275622491545,8304039823324864087,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5176 /prefetch:8
  2⤵
  PID:3324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=740,i,8912406275622491545,8304039823324864087,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5428 /prefetch:8
  2⤵
  PID:2328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5476,i,8912406275622491545,8304039823324864087,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4904 /prefetch:1
  2⤵
  PID:3688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5004,i,8912406275622491545,8304039823324864087,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5068 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:32
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5068,i,8912406275622491545,8304039823324864087,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:3988

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4820

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1928

C:\Windows\system32\osk.exe
"C:\Windows\system32\osk.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:2876

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004BC 0x00000000000004D8
1⤵
PID:1648

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003a

Filesize
210KB

MD5
48d2860dd3168b6f06a4f27c6791bcaa

SHA1
f5f803efed91cd45a36c3d6acdffaaf0e863bf8c

SHA256
04d7bf7a6586ef00516bdb3f7b96c65e0b9c6b940f4b145121ed00f6116bbb77

SHA512
172da615b5b97a0c17f80ddd8d7406e278cd26afd1eb45a052cde0cb55b92febe49773b1e02cf9e9adca2f34abbaa6d7b83eaad4e08c828ef4bf26f23b95584e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
69961851445ae51793b00bcdf4717203

SHA1
1e867f4d0edb7f1330f2f555df12e10f23969d0e

SHA256
dd52b99c24386f01e36a32e2d1b6e6d64b64d2fb520736298cdd63b1cc1f0d41

SHA512
7df8ca9bfb90ef3bdb756bd84c0a0bc776df9819cc7b34c67857daa59712d4c558ddc5813c050a0c999615a0d84ffb61c3f97da1549fcf28bc10934ea3ea8aa2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
dfb7cfe24f6942650ad7330e6aabfcdb

SHA1
87a42131e3d611cc3cfd9352c3440e77f9593c9c

SHA256
fd9b04548197a756ccbd6659c110a4ed3a66c363d0ddfac2f7a427abd83eb532

SHA512
07266da8e9cdb38b738e3a173b4baec8042b25d3fbf2b3f4b3b21bd24db16ea3f906404e9dc6da2752fc6acefa54f1991ac48fd9e8decaf6610b6f875fe568ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
e3f674ab281f158e351c52b818b44c5e

SHA1
4c5e2e9a589dece42c479f0946fc45d2efd3e14b

SHA256
f2b6491204e2c812f87020c3d15b7709ce06b2ffb7f00e257791641890080bf8

SHA512
19c3734722bea7f4109d01cb5f8e501a10e729e73a7523155994497e08e3314e54aaef4aad977ed6d1a3e61ca145dce498f7bf2be39f5454752b663f81f8bdff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
ae0d0f0d2f5c1140f93aeb98d478c337

SHA1
b324e5f994ef8c91136a3fd63374232ad93957bd

SHA256
a67a346f709a27f1d5c059489149c3430e2d876ded0d6d3b0f68e5ba6ca86fdf

SHA512
2b617a023392f382031de5f1058af6b42425d8530087f87c86f2dd2c5cfb2b14432cccfe3b4f647389fdc0bb6044dfb6839ef3748d2df56ae3998e3bbecba727

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
a14e3b0a2f460e2594c76101af595c5a

SHA1
86999eb6ddabc545112273252731e9d24fb23e3f

SHA256
fbd532874bb332c7fa9dabdd6e26f783f6abb24556b64098bc5d5119cd43107d

SHA512
30c632fde730c1fddd67d527f0b37edc37708d9a33e5e5cbc3a18067cd5a62121c03fc8bdc36e3708fd07ca105affbd0e2ffc1f0129884adc2ef428c4270b69e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
857B

MD5
6bab465e1e5eee333c02674dc6bea080

SHA1
461a2c2c03b4dc2c57de9653cc2838c63763e660

SHA256
2f15008e076040b0befd648a1174d66d9ebb81f4349657338d94558320bc44a6

SHA512
29fd98538c436600735a700a45dbda737e4889bf4fc617177b3c0ae2dedc3f24e234615da66efff9fb4350c60ca61a00071c7c93272f68cf0594b2cc86ef7a6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
857B

MD5
49f480883153859c3fc08dcc6069a52c

SHA1
6eca43d4fd767f67aa167df2e03ab3270ba11fd5

SHA256
82771ac56f5e8c401c07f857dad216101dfcf51b694420686c45a8db577a17c4

SHA512
af5aa30abf21e762e93a66a6bae2ff0194ce82ee3d59450eb4c9c38134e5c7be3c51a448db9809bf7961b7ff99d4cd366b4fe6c2b8667dcb77eb0ce53b80f9a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
857B

MD5
7b4799eba6b07ba5a53260556e98e4cf

SHA1
c006d977c619be08ec02a03c69ee702b3b1ff854

SHA256
12092ec917e54175cf318d96089e4758f70448c1df12ae3e04ca0fae053b653b

SHA512
dd5889be4930f0a8dd652d24376e57d750f37635d9622f4820e846f70223744e2915b80fdbcec75417176858c0bf162da8d3112d0fa8e6c1aa12c652e6b97b79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
857B

MD5
be56b9593ce093f6233a8c05fb0b68e1

SHA1
0b77d6ba76b34fe24c991c92104a6dcfc6c4f053

SHA256
92482a05d75d4b8457c027abdb98d86cdca4bf2b5c3689e244e2f68a5300224c

SHA512
d58f9f7ed0604e51f25855dc5eb63b720c3a432145e51b6132126659d85d2bcb7620003b82c17177df3e421689716822cae85c4543d5b64df7a6296d921dcf9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
108e03c87b6f7d30dcb2cc4d7c035974

SHA1
ee184544aad4eed7e1c9a18e751c6b486390a198

SHA256
e079d29c4b437d314686fdd145f678f5baabad995fe0422c82f37b04820cedb2

SHA512
37143b616afffe99c58b76ff99c89b4005af4af17c3ae0abd4087d4a32fa4e383c7e66a210885107dd69a3ba6e7c765f62c45dd1588fb2b196704658800dbd5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f49a8da23799cb7936c0fb1b96efb1f9

SHA1
bb4d0047d84916c137dc42360dee507338770eb0

SHA256
f35980578b77d643851cb745b5eee27949b3951c0681b7832cf4919b2c0735bb

SHA512
071f5ce44dd212f2d87d33420570dcaa38676664c7219a93cabc6806f99f197549ccc1236b775328aa6b191affbaaf4d26afcacb9bfcfece757b040bb65494d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
68c8af1ca0567d3ea4bdb3c5985a6c82

SHA1
ba7f9f2421979effa7d6f3a7b7f7926969a82022

SHA256
15b418856110c212a83d7680aa1ba5a80fb1dd51fbf7b4e1c300983740bcdac8

SHA512
cb552d09ac0a8ea4a5dbe8870da7c56a8ff16beac3be922b319dbd24414da95a2f8ecf7abd58e43503dfb395b5782b8f9c399e3150ab7607485974c0a742b056

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f10356c2b63a5a1582df390bb6aa37f0

SHA1
7a91e93af9e203ef1b256eb7ff6f0f79cc81a6f0

SHA256
f9bb249e795faf186480091ffb377b71dbbbceee43f45ed6ceeca711065fe569

SHA512
e74519833d2735772d6685e13b862934cf38085cbbfc9bc97b57e98ff73aab9aab6c7dd605bddb354b588dcae762d45b3d918363191a2410f402f3bb638f3e1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ca8e2c7310e11d4f43bd4338d1d17eef

SHA1
f186a5da1dc8eed8c5905d4324d41e3a06fd4550

SHA256
60aad9049341f9f069234ff19c391322ce3aee5f02b5ac03ad372f78700d9ca8

SHA512
21df850440e96ef4e3cb0a726df281be73c754b88d5c24ebcf72c21e343c5f8af607db565ade2ce4533a68f01611f6aee8eb22f0cae7a4bc927bf313739c4dfb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
fb6a44b3dea7cabaddfed12eba318077

SHA1
ab7695f08e4ae4844a5701e69da1cb84acd18da7

SHA256
9f68981211ebd98a4828c6525ae2027a159afdc13b3d731958d79302606a0f96

SHA512
156908f85d2425ba1c24afc6c28d07e6c5500e3efb95246e23050a8c3206811c4ac9a2dbe684be6310924e77751e957949ed9105f806e2803e6ace73d683aba9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
db698b9f13d58fa7117fc3d9b4f4501d

SHA1
f3a2a5a005062cd7e44c397899f6029855d73228

SHA256
a22baab22ef7ffb4410cb38be171b53230a2003a6b705411895e07878073bfcb

SHA512
33321b29e1b5a0047717efafddc37af5550600c30d0823f783bb559b733f8d190e3065a98fc646026a6530917016afa6555e1ae58c76757f31f4db2d1b42224c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4a204ed6df19e60fb647677280050ed0

SHA1
617de4c06d499f50c44c1a2cff281bea037f779c

SHA256
0784e16cd08b3c9a3ec30d81b4174fad1ccfd43feeb599d18afb6e7151c29ded

SHA512
cfc63b344e72b042ac2e98c621e5ee70019de4a2c63aaa8c5cc33447b20ae482015fecfd0b48d6e2d3691aefc7a03ccf915f70fe89c8d113e90a8af04c07d1f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
53fa9d1b10023b149afebfbf2f20bbf1

SHA1
ee1abea259b8921671113dfedfe3431d66efa2d4

SHA256
9c40c8f00c3f74eff4ec17c04fd27e79c859132e3890f031f8b7fdf6996cc344

SHA512
31e08b75c42de903eb4cc76d3aa25944b801be2effd7c0dbdb1cc58f6d8fa4e0b3091058098778a44c95bb49a6c4d66b1395712c7b83740c4f24cd4c0a8df231

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
999abaed4e8c9d17810fd361e26a4fdc

SHA1
792c3c7d1a219903048482a4ca2876da45e9a4e8

SHA256
25e33a9cf1e71ad7e588475a807f10ff6842bdea7b3b394d882e710eb0ef1a55

SHA512
bfa9a82de47f148298eff28fea83fac98e7826ba6704e45b71da8692790097484bfb4fc9d45f2e7e5006c40c07f2389e511e1ceb23a07ef446e102a0ab1a1643

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
f8bf7e65547bba37d7b8b30b7176c400

SHA1
33e4510a838804d589d737bb2f0ef420db48e68b

SHA256
d203eeece0acca4a11274eed3ac57b0745a14a42bfa1f8cb00e858781e5d5877

SHA512
bd096bc5d72a014b1735a570c71f1f69d6b05564fdea3648a3831e6bc3ab561399670e706725a56e27681ba9107ac483cdba5a39b393069c5092af1337b1bc72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
e174bc10e68ac9b1839478e5de1059f7

SHA1
9ec4a1691f5c3dad39f9c34926493ab7d6c8a723

SHA256
ff0588ee437efaa9d1fa719cf1d81343c1377c613818b7edfe63846340dbc861

SHA512
cdb9f2c213ef0e19132634aa9fa0a02f3997dbf9bb84b49d274a73fe7d2c116a17f5a6275b7696e54e596b2574e1450e3a1d88be39b5ca6d0056b8fab6777bef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
0620b65934acc1f1201754374a63d44f

SHA1
d755819e056986d318342464104ca0011ff26008

SHA256
7dc9528135b864892d443a4672df246a34ee9d3d00cb09d96025ea8f2f8f00b5

SHA512
89fcae3603cdc32154913faaba6a3281dac28f6114749957dd726bc4d9d72d7ee2c4ec0f89d2875c019f7929abbb19b443dd8de2e3a01d1ee291e78dfc88f7f1

Download Submit