Analysis Overview
SHA256
030dc98d83c9d19a9fa444caafd2697706608af5a0571506b17fc09c3d180aa9
Threat Level: Likely benign
The file jensanpablo was found to be: Likely benign.
Malicious Activity Summary
Browser Information Discovery
Command and Scripting Interpreter: JavaScript
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-09 22:23
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-09 22:23
Reported
2024-11-09 22:25
Platform
win10v2004-20241007-en
Max time kernel
147s
Max time network
145s
Command Line
Signatures
Browser Information Discovery
Command and Scripting Interpreter: JavaScript
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133756646160284615" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\jensanpablo.js
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7fffd6c5cc40,0x7fffd6c5cc4c,0x7fffd6c5cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1884,i,6781100450245226854,13065551689638669028,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1900 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2196,i,6781100450245226854,13065551689638669028,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2396 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2260,i,6781100450245226854,13065551689638669028,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2404 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3172,i,6781100450245226854,13065551689638669028,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3184 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3424,i,6781100450245226854,13065551689638669028,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3436 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4604,i,6781100450245226854,13065551689638669028,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4584 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4708,i,6781100450245226854,13065551689638669028,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3740 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4840,i,6781100450245226854,13065551689638669028,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4844 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4928,i,6781100450245226854,13065551689638669028,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4892 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4916,i,6781100450245226854,13065551689638669028,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3740 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3736,i,6781100450245226854,13065551689638669028,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5132 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5036,i,6781100450245226854,13065551689638669028,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5264 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4752,i,6781100450245226854,13065551689638669028,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5064 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5272,i,6781100450245226854,13065551689638669028,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5100 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5568,i,6781100450245226854,13065551689638669028,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5504 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3744,i,6781100450245226854,13065551689638669028,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5520 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=3300,i,6781100450245226854,13065551689638669028,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3476 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3184,i,6781100450245226854,13065551689638669028,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3292 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f8 0x2c8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=240,i,6781100450245226854,13065551689638669028,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3392 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 216.58.212.234:443 | ogads-pa.googleapis.com | tcp |
| GB | 216.58.201.110:443 | apis.google.com | tcp |
| GB | 216.58.212.234:443 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.16.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.178.14:443 | clients2.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | clients2.googleusercontent.com | udp |
| GB | 216.58.213.1:443 | clients2.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 1.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | streamrecorder.io | udp |
| US | 104.26.8.197:443 | streamrecorder.io | tcp |
| US | 104.26.8.197:443 | streamrecorder.io | tcp |
| US | 8.8.8.8:53 | img.streamrecorder.io | udp |
| US | 8.8.8.8:53 | argus.streamrecorder.io | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.8.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.178.10:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| GB | 142.250.178.3:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.200.2:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.14:443 | google.com | tcp |
| GB | 142.250.200.14:443 | google.com | tcp |
| GB | 142.250.178.3:443 | www.google.co.uk | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | cdn.plyr.io | udp |
| US | 104.26.8.197:443 | argus.streamrecorder.io | tcp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 104.27.195.88:443 | cdn.plyr.io | tcp |
| US | 104.27.195.88:443 | cdn.plyr.io | tcp |
| US | 8.8.8.8:53 | gachigasm.eu.srcdn.net | udp |
| CZ | 178.249.209.145:443 | gachigasm.eu.srcdn.net | tcp |
| US | 8.8.8.8:53 | 88.195.27.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.209.249.178.in-addr.arpa | udp |
| CZ | 178.249.209.145:443 | gachigasm.eu.srcdn.net | tcp |
| GB | 142.250.178.10:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.179.89.13.in-addr.arpa | udp |
Files
\??\pipe\crashpad_1352_LSSYITJBFYTCCSXH
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Temp\scoped_dir1352_2144339422\0c6f5720-7792-4795-98ec-8bf4c0d0694c.tmp
| MD5 | da75bb05d10acc967eecaac040d3d733 |
| SHA1 | 95c08e067df713af8992db113f7e9aec84f17181 |
| SHA256 | 33ae9b8f06dc777bb1a65a6ba6c3f2a01b25cd1afc291426b46d1df27ea6e7e2 |
| SHA512 | 56533de53872f023809a20d1ea8532cdc2260d40b05c5a7012c8e61576ff092f006a197f759c92c6b8c429eeec4bb542073b491ddcfd5b22cd4ecbe1a8a7c6ef |
C:\Users\Admin\AppData\Local\Temp\scoped_dir1352_2144339422\CRX_INSTALL\_locales\en_CA\messages.json
| MD5 | 558659936250e03cc14b60ebf648aa09 |
| SHA1 | 32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825 |
| SHA256 | 2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b |
| SHA512 | 1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\dasherSettingSchema.json
| MD5 | 4ec1df2da46182103d2ffc3b92d20ca5 |
| SHA1 | fb9d1ba3710cf31a87165317c6edc110e98994ce |
| SHA256 | 6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6 |
| SHA512 | 939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\_locales\en_CA\messages.json
| MD5 | 07ffbe5f24ca348723ff8c6c488abfb8 |
| SHA1 | 6dc2851e39b2ee38f88cf5c35a90171dbea5b690 |
| SHA256 | 6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c |
| SHA512 | 7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 49cb51489846aeaeaa5e7a689816dab8 |
| SHA1 | 8192e1ce90bb53efa72d4d503ba2c6ddf1377d83 |
| SHA256 | f370839af8bd65620ee1db3c1d4ada50875de35cdcdee7e8ddb31acedd33fc5e |
| SHA512 | 74590e7311a03c7565f690803950bb6dba49d3c62b647b2816aace4fa0bdb765b7dda9a78027a0add4f0f7d96e612518966cd8e69e1aba181911f93624df8b0f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 519fa40d572acea45acd93106f9a1f97 |
| SHA1 | 3eceeb7bd5a488cd2a8e409f9ed5a1da4522920f |
| SHA256 | e5b1bbca40d11342d3e07865a864a2c1e71222a9a55cfac0c19678a0d626e457 |
| SHA512 | 370db8f32741165b3c359795fd31bb6884092927d19b1882232aa6dd8f5d4179f508b8bd4a260a4d4852877d08600d647846787a12ce0a3f7fd7af398fdfe5c9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 821e5de30f58c77c897531970b88a107 |
| SHA1 | 2c2a21e9dd535c013f68d4de602e3a57022622f9 |
| SHA256 | 3bdd9671010e95794f36bc28e716e672b986d48cb5688385be009f65330a6e53 |
| SHA512 | 55e13038371167561306313790c31508ec90eaac19886a716f6148d260774ad61d08261aff08492a0955a3c44c4ca8d595f9e01c78103f31d081c6e080ed3976 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f6061edf991da1025f1fa1d5da82e05e |
| SHA1 | 3970b691629f2be446c2e80fe051951e79b188fa |
| SHA256 | e47871e9ff09c801b8328311d29b2e7fc474c974a12a5db82490f72dc2173763 |
| SHA512 | 4744e3467c28dae752d44ce407d856193baf33a1ca60fbcb1a8c6fbb82fe31270dd9fdb95c62b0d9c2424b99b1d3dcdca3e43093bfedde0f11e4479d924621c6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 6186175eeac67494503c50b517174800 |
| SHA1 | 3cf89fe9f76d16cc237141963788f160cc1c8373 |
| SHA256 | 3bee00e3bc12e2f0051d6b5ce04ef304de6e5f839b67f46ad7ab98ec42f9a8c1 |
| SHA512 | 8091be3afed5abbf0d535dede10911b40cc448d0a2eb74d8166995be9baaede3ed45dd07a980979fbe4e6baa3b99d1972ad2f694238c32d8f80722c8301092af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 41d3508eadf647027a8da7494414c60a |
| SHA1 | b377600cc1c564b624f83966ae8e39fcd76e7dcb |
| SHA256 | 94feb7641acaa2742665176bf10edb72e4fdc64b2b9399f53db79b26c349b3a3 |
| SHA512 | a0c14b5ab6e7912ae815115654ed84f82c3bf0fa07cef20c52d67867c00cd7e5466c9d919529d28424171186fbc3676c99a11151c3e504b828f4a056109dc778 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 2994df2d20c712294ed5a73b1044f7cb |
| SHA1 | 1bb4cdf014ea4bde6b902a648a0d418e25152e8b |
| SHA256 | 419a18710cb5de34819ce6228788f8c613da658c55f64ba796b2c22680073b35 |
| SHA512 | c13a46873a9421993b2ea672adccf344e06025b4f25cce79c917f42a98642bae832d7ef5d5befddec18fd7ca68bea16c6f890a7247f0a78c0752937889107d50 |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | ff868bbf2fad1eb4e533d1cee620be4d |
| SHA1 | e85ecc5498fefd47a753049fcdde93591c099f96 |
| SHA256 | 40243e5b7053bbf4f72a0ec1508f14e1aa29112f582cf41d6baa230616efd871 |
| SHA512 | 004503e87c52ac886ce2a5a1e4e2d5adfa1c4e1f6278aed33c2017183f03d908b1481e09f4abd5cccaf178fa2b270e3f2a8aab697944361a90f7de4d715282cf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7013aa7f9294cccd067e253736a6710b |
| SHA1 | 4fa672b00e1acb0d80409960b556ccf63de6d1f4 |
| SHA256 | 5f473c4be440b59532108953f32c78e5402f5c9d4c06da7e21cc7b3b6fb9c1e1 |
| SHA512 | bce0eb2d751b3e7116b04f262491e1442f69d5681be3df1261e780e56f855f7ae800ed5b351a19440738849787a73de6566b50ff06094ed6bae5e8611e976951 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | aea55f32f507e25505cfeec583ed4a4e |
| SHA1 | 58d1f7be78cd743eb9b23e848dbf1a12a59715fb |
| SHA256 | 064791b613763b34a515c80a993a4e3bce263b24105ba2be9062bc6519bba677 |
| SHA512 | 1c9acb9ea23d51d96d2fab961d3eef968b14e6c227ded3e4b37a933e27d31968223081c1de23ea0a5b403ab56349617c72eba8a11df58023d8aba05e2052bc85 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000031
| MD5 | cb793befb536efa384aabdebcf391a07 |
| SHA1 | 9baa78aa364e8de74b87f3d262c24fb2121a3c73 |
| SHA256 | eb9883e793bf00a7ecbd80db25ae2407f6a8809e63c4d8e213c0544c2eb01278 |
| SHA512 | 6679b35d93266af9471290707830d6ee53427fa8a94789977be6bcacc843cfa38bfc7aede02d33833236f5525ab0ca92ae587b07e27a0faecfee36dd2fcb266e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 66b0998923634555c887eb63f5f381d6 |
| SHA1 | 0161a747f23a9db55a86a6707cd0684fc00ccbb2 |
| SHA256 | 3c6afde3c96a55760b541900b8077556e2cbb542271ed9ecbf0f6b01960dd2ed |
| SHA512 | 0cfbaa48eb42e39712bc1e907df2982f9907b10887e055a8563c6c2f3a0169a1121789713f3c3dd1b7d47d7c901895e9cf3b10903a78c00d00e3f4e84753fa05 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d64f52ee326c2995e16e55e72d15f760 |
| SHA1 | e2cb917875f746114fd0f1a38c79108ca051db41 |
| SHA256 | 93aa6f911a786ec8bdbd3bea850b55b9b1bcd4ea8a3c7ed3bb03b24541d16f28 |
| SHA512 | 5fe1853c7b7dec75047de9eec0dd7daedf7552aa3b2ed8e9ee4a7a184baede9cf7431b257a9255731d234e980c608e301fb5199e1b286243c045518681cb2276 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a
| MD5 | 0debc8b1c98f6e54f6c5fbea5cc4470d |
| SHA1 | 151f4c4299ea1d6038e09773ccdb9d6395eb064c |
| SHA256 | 422eda93783bbc21e6790dbdf68ae6a367801eb9da17ec47a843c6dc9165ffa2 |
| SHA512 | 81c4e5fba21e028806d05167758ab17509d272dff4c9787f6d25dcf2636f5b80f370abec808fc5e32da91a9d95c7d291718ec780126bf784d62f412ccdddf358 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009
| MD5 | 23454431e5224cd70ee1dfbb42bfe1d2 |
| SHA1 | 8c45924c580e3845f193f962d9dc935df8a7a8e0 |
| SHA256 | bbceb7e7feb5d727bf9c1e18b2e454e9c57d69028cf31b31ff2499b06598e4d6 |
| SHA512 | 815adfe23c8492130562eb95adae246d84eae8e2d6144198bb3601c938457182180b5149933f818f9fdbf8f29f29d213f68ab9c7762e58cfe3027ad31a56a270 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012
| MD5 | f54c45d16a6dbcad30348598180182c7 |
| SHA1 | 3063847f11637081c5aae8f75fface5edc0146ff |
| SHA256 | 3b151c13049e26866057564de88b4331dc96b244056d8aaee64a5b41ed11f92a |
| SHA512 | 76b4726c00ff3c87605bb992dfbe604b5fde45fc81bbabeaf600c0c4261d68b25488c43a9884bdbad445ee75e017f57b4d2288c4add89ab729a8895025912758 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e
| MD5 | fc3da041b19498f245166d7199936fae |
| SHA1 | 2129b2e6d0495136816745339e1c9eb3e0647929 |
| SHA256 | 108c8c6094d211d51e370a82c7c338e3ad31c7143cd5ce70154e98b488c94c32 |
| SHA512 | 2e10657c3f732d723f71c5e7ebb1e3592a2f9475a84bbd4bea2800d856ebb72795b4c692dacc9e981f4180d133aef5f237063594633a63e01922865b339cfac0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c
| MD5 | 1e1e4b20f727d04e9962c60d5651fc9c |
| SHA1 | 56d65c35917e36d7f864b9f684dfab6b47ceae77 |
| SHA256 | ffa3f6a12e013cde00c4bea3a264193296890b7c50482bce5008e9ae629ce5b7 |
| SHA512 | b3b4b47f90e94637761e57371844d980cfb9e89b9a6deefb4c0ba41108a2334d494f2cd5eb08b8ab837c35a14f5ee4a5a66a296e421418e1048255ba4a8b0166 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7603ea49e8a97c83f0353175e7c17a46 |
| SHA1 | fbc37d1f6a322ec14b786b7aa7f197bf539f962a |
| SHA256 | 038705343cec666f033354810029e7c8e4aa949dff03dd9628ea77bceb557f2a |
| SHA512 | 284e075e230182837c17df357275220ae4e063885e68811ac15a5406fc1ff9c4d37f9cebb7e48796b4070e9cc6d10122a4f140ace70d7bdfea85f41bcb0a01b5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 893e99b5479598294591279e0ab44522 |
| SHA1 | 5c9c9685e0e1f465cb04ecb0aed380dacb82fcdd |
| SHA256 | 74bfb4807935deef249ea69593805ab18372ee963ca92faffefa6f65f06242b6 |
| SHA512 | 2c74bbeeaeb7d2abe138598886af4209ae41c8d0d536e9a2cce3a0317ba33b35cb38f9c2e7bf16b407a68926e2c2b1586393b717ab0802ad7b67320511b6e201 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 4734137b9fe354c947110b6697b4b6ee |
| SHA1 | 551acc8ac34e8dab61e50ff77a2904161196ba2b |
| SHA256 | 0f7f1f0d11ee84bbaa1398b3a45d13d1ba9213ce1ff8ca88070a65898bb2b6a2 |
| SHA512 | 39c456545e13ec24549f8c4ab56fa21844e0975d32476d2e001c81eb4fc5341d09c9824cc700d37c16f8ee1e8a8e29457fe1e459700aec74cb66f76732dda2da |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f8f16216f2db0b85c713466d0ecea08d |
| SHA1 | dbdeed400af34ea5f904a6f4af4577ffa1d74c9d |
| SHA256 | 0b977ce4232278242f41d819e11db44922323293e09eede5b3323de02d9ec0e4 |
| SHA512 | fa6055c5286d117ddc414efae9158ccf97d658cbde27c111b9e6332b2e2b02efd7c51820a0c8bceba6f05e94e2717c13c6fccd08b95a391e44bef6a157e17241 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 593dce865f743b329f9f3b45064d3fce |
| SHA1 | 67671d2bb954623d2904e280098b01ccf72f2718 |
| SHA256 | 86c81d69c7a9c49d3b69f0204631c8da19922475133e0a3fdeb296343b38a22e |
| SHA512 | 640d922db6190cf2903d5bcf0ef20173524d5d90c86318f21bd94b120a134cbab2825dcdb0570c61e26b6790ec8eee3b6e1af331c68faf9719b3f86e1973682d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | dea0e4d514ef27829e3a6cf261e8f327 |
| SHA1 | bdaa07e70906f1c501b7c43462f8f7a399afc514 |
| SHA256 | 77114e43852bef77ec2bda370158e7782a0e8c08eab93ef0437b2fb338d6b348 |
| SHA512 | 01c6b4befaf4e15e7efb385b78232b6d572cf8ae4be967df3e947cf426f8bbcd1dbcb18f36755949cd4b3cf3b16085d6411425e26a78afcaa42f968cb31ae744 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2180a526f61411f41264304187fe9537 |
| SHA1 | d7fb5009b84a8ed9eb28e1191068a11f8e78da17 |
| SHA256 | 558b6b8396387dd5675b38f0cb113dafcf88fc0bb6e28decf775ca0a21d8723a |
| SHA512 | 9b1a7ec65dd6640109027089fb6b538b592d43a3f9f65d11c84c147eb4cc693205bf550a3b2a362ab70f3019982502c05337ed9eb7cde00069aac2e8da86fdc0 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-09 22:23
Reported
2024-11-09 22:33
Platform
win10ltsc2021-20241023-en
Max time kernel
444s
Max time network
446s
Command Line
Signatures
Command and Scripting Interpreter: JavaScript
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\jensanpablo.js
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.173.189.20.in-addr.arpa | udp |