hxxp://www[.]lupopensuite[.]com/downloads/v2016/64bit-Pack[.]zip

Analysis

max time kernel
150s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
26/04/2024, 15:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.lupopensuite.com/downloads/v2016/64bit-Pack.zip

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133586177019321194"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
884	chrome.exe
884	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe
3608	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe
Token: SeShutdownPrivilege	884	chrome.exe
Token: SeCreatePagefilePrivilege	884	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe
884	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 884 wrote to memory of 3700	884	chrome.exe	86
PID 884 wrote to memory of 3700	884	chrome.exe	86
PID 884 wrote to memory of 4312	884	chrome.exe	87
PID 884 wrote to memory of 4312	884	chrome.exe	87
PID 884 wrote to memory of 4312	884	chrome.exe	87
PID 884 wrote to memory of 4312	884	chrome.exe	87
PID 884 wrote to memory of 4312	884	chrome.exe	87
PID 884 wrote to memory of 4312	884	chrome.exe	87
PID 884 wrote to memory of 4312	884	chrome.exe	87
PID 884 wrote to memory of 4312	884	chrome.exe	87
PID 884 wrote to memory of 4312	884	chrome.exe	87
PID 884 wrote to memory of 4312	884	chrome.exe	87
PID 884 wrote to memory of 4312	884	chrome.exe	87
PID 884 wrote to memory of 4312	884	chrome.exe	87
PID 884 wrote to memory of 4312	884	chrome.exe	87
PID 884 wrote to memory of 4312	884	chrome.exe	87
PID 884 wrote to memory of 4312	884	chrome.exe	87
PID 884 wrote to memory of 4312	884	chrome.exe	87
PID 884 wrote to memory of 4312	884	chrome.exe	87
PID 884 wrote to memory of 4312	884	chrome.exe	87
PID 884 wrote to memory of 4312	884	chrome.exe	87
PID 884 wrote to memory of 4312	884	chrome.exe	87
PID 884 wrote to memory of 4312	884	chrome.exe	87
PID 884 wrote to memory of 4312	884	chrome.exe	87
PID 884 wrote to memory of 4312	884	chrome.exe	87
PID 884 wrote to memory of 4312	884	chrome.exe	87
PID 884 wrote to memory of 4312	884	chrome.exe	87
PID 884 wrote to memory of 4312	884	chrome.exe	87
PID 884 wrote to memory of 4312	884	chrome.exe	87
PID 884 wrote to memory of 4312	884	chrome.exe	87
PID 884 wrote to memory of 4312	884	chrome.exe	87
PID 884 wrote to memory of 4312	884	chrome.exe	87
PID 884 wrote to memory of 628	884	chrome.exe	88
PID 884 wrote to memory of 628	884	chrome.exe	88
PID 884 wrote to memory of 1232	884	chrome.exe	89
PID 884 wrote to memory of 1232	884	chrome.exe	89
PID 884 wrote to memory of 1232	884	chrome.exe	89
PID 884 wrote to memory of 1232	884	chrome.exe	89
PID 884 wrote to memory of 1232	884	chrome.exe	89
PID 884 wrote to memory of 1232	884	chrome.exe	89
PID 884 wrote to memory of 1232	884	chrome.exe	89
PID 884 wrote to memory of 1232	884	chrome.exe	89
PID 884 wrote to memory of 1232	884	chrome.exe	89
PID 884 wrote to memory of 1232	884	chrome.exe	89
PID 884 wrote to memory of 1232	884	chrome.exe	89
PID 884 wrote to memory of 1232	884	chrome.exe	89
PID 884 wrote to memory of 1232	884	chrome.exe	89
PID 884 wrote to memory of 1232	884	chrome.exe	89
PID 884 wrote to memory of 1232	884	chrome.exe	89
PID 884 wrote to memory of 1232	884	chrome.exe	89
PID 884 wrote to memory of 1232	884	chrome.exe	89
PID 884 wrote to memory of 1232	884	chrome.exe	89
PID 884 wrote to memory of 1232	884	chrome.exe	89
PID 884 wrote to memory of 1232	884	chrome.exe	89
PID 884 wrote to memory of 1232	884	chrome.exe	89
PID 884 wrote to memory of 1232	884	chrome.exe	89
PID 884 wrote to memory of 1232	884	chrome.exe	89
PID 884 wrote to memory of 1232	884	chrome.exe	89
PID 884 wrote to memory of 1232	884	chrome.exe	89
PID 884 wrote to memory of 1232	884	chrome.exe	89
PID 884 wrote to memory of 1232	884	chrome.exe	89
PID 884 wrote to memory of 1232	884	chrome.exe	89
PID 884 wrote to memory of 1232	884	chrome.exe	89
PID 884 wrote to memory of 1232	884	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://www.lupopensuite.com/downloads/v2016/64bit-Pack.zip
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff99d21cc40,0x7ff99d21cc4c,0x7ff99d21cc58
  2⤵
  PID:3700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1884,i,16136907366375155779,4359649472127070888,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1836 /prefetch:2
  2⤵
  PID:4312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2032,i,16136907366375155779,4359649472127070888,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2072 /prefetch:3
  2⤵
  PID:628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2196,i,16136907366375155779,4359649472127070888,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2592 /prefetch:8
  2⤵
  PID:1232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3044,i,16136907366375155779,4359649472127070888,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3064 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3056,i,16136907366375155779,4359649472127070888,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:3236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4596,i,16136907366375155779,4359649472127070888,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4608 /prefetch:8
  2⤵
  PID:3636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4880,i,16136907366375155779,4359649472127070888,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4872 /prefetch:1
  2⤵
  PID:1568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3284,i,16136907366375155779,4359649472127070888,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4456 /prefetch:1
  2⤵
  PID:440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4996,i,16136907366375155779,4359649472127070888,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4820,i,16136907366375155779,4359649472127070888,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4948 /prefetch:1
  2⤵
  PID:4048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3440,i,16136907366375155779,4359649472127070888,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:4376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4912,i,16136907366375155779,4359649472127070888,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4456 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3424,i,16136907366375155779,4359649472127070888,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4876 /prefetch:1
  2⤵
  PID:4084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3384,i,16136907366375155779,4359649472127070888,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3380,i,16136907366375155779,4359649472127070888,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5208,i,16136907366375155779,4359649472127070888,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=728,i,16136907366375155779,4359649472127070888,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:2144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4804,i,16136907366375155779,4359649472127070888,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5012 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:3608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=3008,i,16136907366375155779,4359649472127070888,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:4140

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:3484

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3652

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
3cfe3cbbfd76298c3aa755d2953eebcd

SHA1
2722aa9616c25b9c2c89711da5a542810fdcc47e

SHA256
96b5f42edfe55b419ab9dcb0240ed8ddac2fdce66eeccab14e123cc101ee988f

SHA512
061acaad3c66288d551f952a47d70de0ed900915f9f666336899ef4bb2991c395c7f2f9556a9a5130b51dc2d2a44546f9d6366d0f2d70f168517543b6c78ec4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c224b2c2f25391c6348b8cee3f2d831b

SHA1
42f383f00d7db655b8de5e41af139ed36db5a5a7

SHA256
70ac52ee9d517e8f151f6110a665b961bd3bcf235941433da0e28c13b8c02fbb

SHA512
f963f02180a00e0e2de463f0a27951161b01d4a5b88d9d6fd15961a2d21ec4f09d85fd29187a3235244fedccc4a16b7a49947934b4a9e9cca2a598c69ddf20fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7e865aad57570d3dbb9c306f2e01de30

SHA1
35d16926c91b6dc2ab7ed48cd5b4ed053791cf90

SHA256
36693566cf5915536c904cad40abeb947aaac03a92e88ddc55ee4834e4c9ca68

SHA512
14043b7125687b6d797be3637805d394019664ddedd381052a29ae3de34976ffa2eb0d5a3a9c4f79e99c5555e5bb45e35b548a78718bf9a60f77d3a7cbe17460

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
911882681ee01a2879047f46b60b7968

SHA1
52d947ed7daf3569412cbabd5b1b6fcfe34ee67a

SHA256
12712391c50bb3277786a4bafd3c3ceedff2d48c99b5a761279c23164747a639

SHA512
2eb824af6520a105fed3d1c3bac0ddb3c8b6d7cd99d869d13252b12958fd063af088a4c18a54c0b357d43d91cfd2c41b7a96e4b66c55a8ff8eb4f7e288a646fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f3ff5bec58702723fab73e71c95feb5e

SHA1
015cae36545970924272ecbef623215d1e7b6e60

SHA256
7c20566f6373a85a937ff935e4521efdfda982eaa4fa3a16e636b90966f9090f

SHA512
fcd6fce57146b1394a7651894bdc730e82b30a2623af56686b2a49fd0e06322aa34607ff09de81da0af6ab34e9d63966afcf5300dfb2e686b27b1cab3baa9ed5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9296d3a7decaba93f797c578375f1711

SHA1
af7f67669a710f5c6c613d63ef8cb35744da0e2e

SHA256
4da755f7732d581e5cc8e600cca7d495fd93797b53b40ba0e43740e3c6437072

SHA512
07695e58e16ea868583200d33bfd2b4244cedcd04632779f678da35a3cd4d17d505259a7f3d1586c67e418207c7818ff0fda9cfd08a75896e600c03f5259785b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b581419002aebc0132702e631bac0728

SHA1
7050ff4082b1ab298490300aef3d90ba63bd90b4

SHA256
cec3c6d6741f84eb3c381dc9977f2383c932c76e7b9440b2e8fe371fc97044b5

SHA512
37c6aee2883f3c507f4c75a4ef374786180f0bb2f3f0995740d33f2764bdc5654d076bd94b5f0f2ce1b4cf53d722ad8aaa6316c91feb2da155d3d4c9297f1fb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3936953e73231abc645962cca33a4744

SHA1
6ed4eb211c88242101f9ea384685f9b7ff67d200

SHA256
bb95f57e88cee33459d774b09e08fd5d6dcf2f25c6380e8f39acd863bc054629

SHA512
dcdd2bb4354e0ed220a4e7dbfaa94a14e7f82e2547e8ed1abb18a717f79f9d96a6cabcecaf6b85c6ad64527075b84a37c408319db53c4fc031c65c29d05fa920

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c51e82ec51b443cf42d56ea5a62af637

SHA1
36e345c86eb6725add93c106fa7f1f285e1fcdc4

SHA256
0229ab37a6d42efb29b797fc38b339ecbbe75c2b0d4219f6a84a74b11cb73169

SHA512
e65232675f5115d5e686c32034bb5c5fb20c8167802909b8a8cf85df57c80b9009685fb0ad9d30d3c59d64a8495fc96153e526a20079e8c19fc145aea2beb9c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5385b92bf4ae75799311c82d41c8dc4b

SHA1
0563501ad5f157e8952c2ff668747a0b38393b61

SHA256
4193430ae1ce6ba0aa4a3ff8481354a61f2910585055c1197b8f2e1e4cdab3fe

SHA512
94833470ad6d2d0634c10ee8d82e2923ec69f76bf955965f43ff56b7331ca5a9300f8e5a9097a6ff55a9b5dd5821d58ab1ae2e2eb03f431e356e029f02a33c27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9a05613bfb9666b7e470a9282cb44db1

SHA1
e0f37754b44a3ba43d2eb450bd3761e545a2d58a

SHA256
69dea46eeea7e5bfc0fcc47722ce59733aea3213441dba84092ee1e03a6b173a

SHA512
29ade61e5546464dbc91d454009c522a854212b06d6978d3c353044efd4ba2644c3ce709c84a992c1b69ed3f8119c08b22027e20931cf2dd685037316e7356bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
41a22cf69d548a89026daadc2411b02e

SHA1
f0f8bbd80440fb31dd73f8f73525d4c1921c025f

SHA256
5674b616f59722c6dcc22dd6d33a28b01d471adb92347805ae9191ad49fa39b7

SHA512
41ad29ad79023c489bb1ea92145cc68aef07cb495ccb75600b7a800adf1f91e7f34055f31fdb5a38236d37fedbb57224d787096cdff19d5b65dde1fe08bca898

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
ad5f91019f308f9d95ad8a50279437d5

SHA1
e6da8a0722d6e5001fc665b8153297443314fd76

SHA256
8b374ea8ee178689d83af44b1e41d9ff972c3d65582ee8523a103235d9cc780c

SHA512
7213b759a8de13fe54faaccd5d315430e1ae5f602b357f589eb03fb476cc3fb240bb7ad3d844c3faabba4639faafc9f3bc09e12a30477a9ca8fd9e76ee56bac2

Download Submit