hxxp://4idi[.]co

Analysis

max time kernel
120s
max time network
120s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
27-04-2024 15:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://4idi.co

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133587071408853041"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4104	chrome.exe
4104	chrome.exe
1164	chrome.exe
1164	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe
Token: SeShutdownPrivilege	4104	chrome.exe
Token: SeCreatePagefilePrivilege	4104	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe
4104	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4104 wrote to memory of 2716	4104	chrome.exe	85
PID 4104 wrote to memory of 2716	4104	chrome.exe	85
PID 4104 wrote to memory of 2360	4104	chrome.exe	86
PID 4104 wrote to memory of 2360	4104	chrome.exe	86
PID 4104 wrote to memory of 2360	4104	chrome.exe	86
PID 4104 wrote to memory of 2360	4104	chrome.exe	86
PID 4104 wrote to memory of 2360	4104	chrome.exe	86
PID 4104 wrote to memory of 2360	4104	chrome.exe	86
PID 4104 wrote to memory of 2360	4104	chrome.exe	86
PID 4104 wrote to memory of 2360	4104	chrome.exe	86
PID 4104 wrote to memory of 2360	4104	chrome.exe	86
PID 4104 wrote to memory of 2360	4104	chrome.exe	86
PID 4104 wrote to memory of 2360	4104	chrome.exe	86
PID 4104 wrote to memory of 2360	4104	chrome.exe	86
PID 4104 wrote to memory of 2360	4104	chrome.exe	86
PID 4104 wrote to memory of 2360	4104	chrome.exe	86
PID 4104 wrote to memory of 2360	4104	chrome.exe	86
PID 4104 wrote to memory of 2360	4104	chrome.exe	86
PID 4104 wrote to memory of 2360	4104	chrome.exe	86
PID 4104 wrote to memory of 2360	4104	chrome.exe	86
PID 4104 wrote to memory of 2360	4104	chrome.exe	86
PID 4104 wrote to memory of 2360	4104	chrome.exe	86
PID 4104 wrote to memory of 2360	4104	chrome.exe	86
PID 4104 wrote to memory of 2360	4104	chrome.exe	86
PID 4104 wrote to memory of 2360	4104	chrome.exe	86
PID 4104 wrote to memory of 2360	4104	chrome.exe	86
PID 4104 wrote to memory of 2360	4104	chrome.exe	86
PID 4104 wrote to memory of 2360	4104	chrome.exe	86
PID 4104 wrote to memory of 2360	4104	chrome.exe	86
PID 4104 wrote to memory of 2360	4104	chrome.exe	86
PID 4104 wrote to memory of 2360	4104	chrome.exe	86
PID 4104 wrote to memory of 2360	4104	chrome.exe	86
PID 4104 wrote to memory of 4644	4104	chrome.exe	87
PID 4104 wrote to memory of 4644	4104	chrome.exe	87
PID 4104 wrote to memory of 4988	4104	chrome.exe	88
PID 4104 wrote to memory of 4988	4104	chrome.exe	88
PID 4104 wrote to memory of 4988	4104	chrome.exe	88
PID 4104 wrote to memory of 4988	4104	chrome.exe	88
PID 4104 wrote to memory of 4988	4104	chrome.exe	88
PID 4104 wrote to memory of 4988	4104	chrome.exe	88
PID 4104 wrote to memory of 4988	4104	chrome.exe	88
PID 4104 wrote to memory of 4988	4104	chrome.exe	88
PID 4104 wrote to memory of 4988	4104	chrome.exe	88
PID 4104 wrote to memory of 4988	4104	chrome.exe	88
PID 4104 wrote to memory of 4988	4104	chrome.exe	88
PID 4104 wrote to memory of 4988	4104	chrome.exe	88
PID 4104 wrote to memory of 4988	4104	chrome.exe	88
PID 4104 wrote to memory of 4988	4104	chrome.exe	88
PID 4104 wrote to memory of 4988	4104	chrome.exe	88
PID 4104 wrote to memory of 4988	4104	chrome.exe	88
PID 4104 wrote to memory of 4988	4104	chrome.exe	88
PID 4104 wrote to memory of 4988	4104	chrome.exe	88
PID 4104 wrote to memory of 4988	4104	chrome.exe	88
PID 4104 wrote to memory of 4988	4104	chrome.exe	88
PID 4104 wrote to memory of 4988	4104	chrome.exe	88
PID 4104 wrote to memory of 4988	4104	chrome.exe	88
PID 4104 wrote to memory of 4988	4104	chrome.exe	88
PID 4104 wrote to memory of 4988	4104	chrome.exe	88
PID 4104 wrote to memory of 4988	4104	chrome.exe	88
PID 4104 wrote to memory of 4988	4104	chrome.exe	88
PID 4104 wrote to memory of 4988	4104	chrome.exe	88
PID 4104 wrote to memory of 4988	4104	chrome.exe	88
PID 4104 wrote to memory of 4988	4104	chrome.exe	88
PID 4104 wrote to memory of 4988	4104	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://4idi.co
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fffee97cc40,0x7fffee97cc4c,0x7fffee97cc58
  2⤵
  PID:2716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1756,i,13176146946611660683,10843708268724304491,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1752 /prefetch:2
  2⤵
  PID:2360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2148,i,13176146946611660683,10843708268724304491,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  PID:4644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2260,i,13176146946611660683,10843708268724304491,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2272 /prefetch:8
  2⤵
  PID:4988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3020,i,13176146946611660683,10843708268724304491,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:3664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3024,i,13176146946611660683,10843708268724304491,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:2576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4536,i,13176146946611660683,10843708268724304491,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4600 /prefetch:8
  2⤵
  PID:912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4616,i,13176146946611660683,10843708268724304491,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4608 /prefetch:1
  2⤵
  PID:2992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3420,i,13176146946611660683,10843708268724304491,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4456 /prefetch:1
  2⤵
  PID:2240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=208,i,13176146946611660683,10843708268724304491,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4664 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=728,i,13176146946611660683,10843708268724304491,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3132 /prefetch:1
  2⤵
  PID:228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4828,i,13176146946611660683,10843708268724304491,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4896 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3456,i,13176146946611660683,10843708268724304491,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3460 /prefetch:1
  2⤵
  PID:3368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4876,i,13176146946611660683,10843708268724304491,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:2796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4892,i,13176146946611660683,10843708268724304491,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5116,i,13176146946611660683,10843708268724304491,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4012 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4444,i,13176146946611660683,10843708268724304491,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:1580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4820,i,13176146946611660683,10843708268724304491,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4868 /prefetch:1
  2⤵
  PID:3076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=3504,i,13176146946611660683,10843708268724304491,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:2524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4812,i,13176146946611660683,10843708268724304491,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4672 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1164

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:3912

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1980

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
01cd5a82b9f4dba4ed9fe6d1070760fd

SHA1
c6e5b3150ba84211ee28fcd93545d1eaac7a3108

SHA256
b2ab5920316d6c9ead11091b589fd8f0ae0850176dd6e558665005caf5b78e3a

SHA512
fce2e63978719cf995b0b4aa348265e9dee7f23a5373059932f23ca21f83933692fefecf4e05a1b1106aa84e9cfb6a5c3d94af79ae5f71b1733c3c4a58da2fd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
771bbc74516bb9e50871d7b292b15092

SHA1
44f0e7fe77535f2c946628560233fec1762378fc

SHA256
8703865e3ee862f471cd16287d59bd142d181dbd4817c3172be024bcb52ace36

SHA512
005e6490bad6a971d3199560ec26bdb632deb4a78d10d79ef736a700e174c0a4f839979047612e24ad203fcdffde2dc89baa3e73aef88994b3ff6f4b6b86c505

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e00ba5e13f16e832ce7e65b9bcd5500e

SHA1
601f4e6fbd94f074a1cdb8aa988da9fd8ae30c01

SHA256
e64c7f47e633443b973a02bb561e8be61b6217fc75324083ea40a876fba124a0

SHA512
04f1d6402d6771ce8d2192556fe4b2ad35a92fb18ae4d11437eec76c7bfc2e1122cd4baba914010271543b4ad094e0c9b81b2757841d3b1a3e691db1f520f20f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f5e9623371832eeb5c906f4d888c6a8e

SHA1
bff0b7a6717c8ebe4fac9c5bb6130de82bd293e6

SHA256
293e1e8685e8fb4afc8a28a00250a22b6bf80d2ff4c9edac4fe7ffa6402bcf85

SHA512
36d75686670f4d52b80d5f357bd6d869c19f85663f5db5a516851b04eeff7b62c03768d400d7f51665057f56b69a8206c4548a173e8752edffd83d8068c4947e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7057c144ffa456c8d4e1f5816c6a0b63

SHA1
e3c30e24ec8173f2302b5c7a8a207526fbc9a292

SHA256
bd6589a2f7976fe9498a017c359fe805c896808fbe56415e4be20275b1514cd9

SHA512
6df49fafd1cad791dff1c7272d0c6b2865d5d32ff87aedcec9e52d024bb47336534efb17d4991150b49b1f4b9a603a69b1eeff0df61ac394b3d27e9a095e12ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
51c000ae92b4c1f414915be47f3b5965

SHA1
376e9ed8a71427a6422daaf7367ce3e8f5d64052

SHA256
0ed4fd2c5aabafbcf6df093761c9077286c5dbb84dcbfdc13524c8e4e448c226

SHA512
deb58750f41933da169e259402a783f0e5afd85686e318ea4674b748e8fd9ff5c19943d35fa2f4e36d9cba82a44aebef092b64f74daee7a63082f24b8b073ffe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2e2f46b1e34190ee62bf971181ae66b2

SHA1
7416d16a0c252f5a13b42694dacccefa378c40b8

SHA256
e57402d4e11df9bb4aaf150277f200e10fd1f97efb3b617867d6dff945318209

SHA512
5cffaba4889795eb3e132252cb58519cf0dfc3626ed87092a9c97858b09faac6d5a98c5502d573ca7f262e66daa2e9d79eb438775fa492354b07853db1d02daf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0ade2cfa5c742cb70c5ff4f423efb387

SHA1
6f6eea9d7ab1cc4f7606f37e91b55f9beca88c70

SHA256
cd501079977f5d733491681fbf6a7e29edff1cc3a5bee87152ce6f2359990994

SHA512
fa0aa48a084d397f31e1d309a7409b91db801ce720fe1bade560fa11b1a6a80a7413a3b5f85b7da930e6f24fb00c3c2100bd0c458074dca1fba68a75ba190d9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c9f09d9415f2aaec4fcf3960c07c61f7

SHA1
58f858d141ee69ba5f56e51801592d6deeb142ac

SHA256
a764da12b0122cabe4b607fbc982917070c97b7aa9d77300af74b8800c294428

SHA512
1e23c427739dd17ec6ef4f1b9064e482dde67e89e308da7a184f2ecc48e07427a31ec2aa42e60fbc9d3d5bf19acaab3bb0af162bfd9196f5a22c8a000c385f0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
87d757b0081709399dd2ca6da1e7c284

SHA1
eaa8d9d8c005c7ecac9f90dbd955d53e146ba7e0

SHA256
05506a9a1ef204a6aef5da0f5b1e96f848fa6ff59f9229aebc8b11a39bc7b197

SHA512
b035398990c544b691ee1ba00d7ce26d7c928e3e0675ae12abcb8e258b9af36039fb0e6e10b218b619325b85072e416686dab1cfbb2eb35b6c02bc37b0b57a31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
602ae7c6526d6787d2a5c295d06d255d

SHA1
753a2a8eec28017627c1027cea235de86f4d72f6

SHA256
6fd6f124fe5972815700315c6f6ed2037c9f777f2d74ce231929de85bc2e5819

SHA512
d2c4bf48529610f1c55b71e7409dcc1283f35ed3053a506b460391725d839b2c3b9b48a5989341369f55b4f65c56fef2240bec740f3ba2179b87ef778fd51eed

Download Submit