8f2c121ca0381ba556eab360cb6410edbf339a8a30e6d80ceb04ecc39bf3c433

Resubmissions

28/04/2024, 02:03

240428-cg2n8adg69 5

28/04/2024, 01:58

240428-cd26ksea9v 5

Analysis

max time kernel
150s
max time network
146s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
28/04/2024, 01:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Combo Editor by xRisky v2.exe
Size

155KB
MD5

6485f2ee25f9bf4468e69567a4c70bfd
SHA1

d7d842036b36b93ff5721a530ec999f5eb293372
SHA256

8f2c121ca0381ba556eab360cb6410edbf339a8a30e6d80ceb04ecc39bf3c433
SHA512

a1666edc6506538e9f992eb04d0ba8af5b67d49cf82cb6b9f61206acae909b6021054ad6f52bfd5984eec15147162390f4a33d83f9bc10f9b40cb7ffa48f58bc
SSDEEP

3072:eDj9lTcDWfoj+uD9diMkJoZggTgYF9YrwLNsn1/:eDTojL6Ed0YiwBQ1

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133587431536828457"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3124	chrome.exe
3124	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe
4828	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3124	chrome.exe
Token: SeCreatePagefilePrivilege	3124	chrome.exe
Token: SeShutdownPrivilege	3124	chrome.exe
Token: SeCreatePagefilePrivilege	3124	chrome.exe
Token: SeShutdownPrivilege	3124	chrome.exe
Token: SeCreatePagefilePrivilege	3124	chrome.exe
Token: SeShutdownPrivilege	3124	chrome.exe
Token: SeCreatePagefilePrivilege	3124	chrome.exe
Token: SeShutdownPrivilege	3124	chrome.exe
Token: SeCreatePagefilePrivilege	3124	chrome.exe
Token: SeShutdownPrivilege	3124	chrome.exe
Token: SeCreatePagefilePrivilege	3124	chrome.exe
Token: SeShutdownPrivilege	3124	chrome.exe
Token: SeCreatePagefilePrivilege	3124	chrome.exe
Token: SeShutdownPrivilege	3124	chrome.exe
Token: SeCreatePagefilePrivilege	3124	chrome.exe
Token: SeShutdownPrivilege	3124	chrome.exe
Token: SeCreatePagefilePrivilege	3124	chrome.exe
Token: SeShutdownPrivilege	3124	chrome.exe
Token: SeCreatePagefilePrivilege	3124	chrome.exe
Token: SeShutdownPrivilege	3124	chrome.exe
Token: SeCreatePagefilePrivilege	3124	chrome.exe
Token: SeShutdownPrivilege	3124	chrome.exe
Token: SeCreatePagefilePrivilege	3124	chrome.exe
Token: SeShutdownPrivilege	3124	chrome.exe
Token: SeCreatePagefilePrivilege	3124	chrome.exe
Token: SeShutdownPrivilege	3124	chrome.exe
Token: SeCreatePagefilePrivilege	3124	chrome.exe
Token: SeShutdownPrivilege	3124	chrome.exe
Token: SeCreatePagefilePrivilege	3124	chrome.exe
Token: SeShutdownPrivilege	3124	chrome.exe
Token: SeCreatePagefilePrivilege	3124	chrome.exe
Token: SeShutdownPrivilege	3124	chrome.exe
Token: SeCreatePagefilePrivilege	3124	chrome.exe
Token: SeShutdownPrivilege	3124	chrome.exe
Token: SeCreatePagefilePrivilege	3124	chrome.exe
Token: SeShutdownPrivilege	3124	chrome.exe
Token: SeCreatePagefilePrivilege	3124	chrome.exe
Token: SeShutdownPrivilege	3124	chrome.exe
Token: SeCreatePagefilePrivilege	3124	chrome.exe
Token: SeShutdownPrivilege	3124	chrome.exe
Token: SeCreatePagefilePrivilege	3124	chrome.exe
Token: SeShutdownPrivilege	3124	chrome.exe
Token: SeCreatePagefilePrivilege	3124	chrome.exe
Token: SeShutdownPrivilege	3124	chrome.exe
Token: SeCreatePagefilePrivilege	3124	chrome.exe
Token: SeShutdownPrivilege	3124	chrome.exe
Token: SeCreatePagefilePrivilege	3124	chrome.exe
Token: SeShutdownPrivilege	3124	chrome.exe
Token: SeCreatePagefilePrivilege	3124	chrome.exe
Token: SeShutdownPrivilege	3124	chrome.exe
Token: SeCreatePagefilePrivilege	3124	chrome.exe
Token: SeShutdownPrivilege	3124	chrome.exe
Token: SeCreatePagefilePrivilege	3124	chrome.exe
Token: SeShutdownPrivilege	3124	chrome.exe
Token: SeCreatePagefilePrivilege	3124	chrome.exe
Token: SeShutdownPrivilege	3124	chrome.exe
Token: SeCreatePagefilePrivilege	3124	chrome.exe
Token: SeShutdownPrivilege	3124	chrome.exe
Token: SeCreatePagefilePrivilege	3124	chrome.exe
Token: SeShutdownPrivilege	3124	chrome.exe
Token: SeCreatePagefilePrivilege	3124	chrome.exe
Token: SeShutdownPrivilege	3124	chrome.exe
Token: SeCreatePagefilePrivilege	3124	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe
3124	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3124 wrote to memory of 976	3124	chrome.exe	84
PID 3124 wrote to memory of 976	3124	chrome.exe	84
PID 3124 wrote to memory of 3376	3124	chrome.exe	85
PID 3124 wrote to memory of 3376	3124	chrome.exe	85
PID 3124 wrote to memory of 3376	3124	chrome.exe	85
PID 3124 wrote to memory of 3376	3124	chrome.exe	85
PID 3124 wrote to memory of 3376	3124	chrome.exe	85
PID 3124 wrote to memory of 3376	3124	chrome.exe	85
PID 3124 wrote to memory of 3376	3124	chrome.exe	85
PID 3124 wrote to memory of 3376	3124	chrome.exe	85
PID 3124 wrote to memory of 3376	3124	chrome.exe	85
PID 3124 wrote to memory of 3376	3124	chrome.exe	85
PID 3124 wrote to memory of 3376	3124	chrome.exe	85
PID 3124 wrote to memory of 3376	3124	chrome.exe	85
PID 3124 wrote to memory of 3376	3124	chrome.exe	85
PID 3124 wrote to memory of 3376	3124	chrome.exe	85
PID 3124 wrote to memory of 3376	3124	chrome.exe	85
PID 3124 wrote to memory of 3376	3124	chrome.exe	85
PID 3124 wrote to memory of 3376	3124	chrome.exe	85
PID 3124 wrote to memory of 3376	3124	chrome.exe	85
PID 3124 wrote to memory of 3376	3124	chrome.exe	85
PID 3124 wrote to memory of 3376	3124	chrome.exe	85
PID 3124 wrote to memory of 3376	3124	chrome.exe	85
PID 3124 wrote to memory of 3376	3124	chrome.exe	85
PID 3124 wrote to memory of 3376	3124	chrome.exe	85
PID 3124 wrote to memory of 3376	3124	chrome.exe	85
PID 3124 wrote to memory of 3376	3124	chrome.exe	85
PID 3124 wrote to memory of 3376	3124	chrome.exe	85
PID 3124 wrote to memory of 3376	3124	chrome.exe	85
PID 3124 wrote to memory of 3376	3124	chrome.exe	85
PID 3124 wrote to memory of 3376	3124	chrome.exe	85
PID 3124 wrote to memory of 3376	3124	chrome.exe	85
PID 3124 wrote to memory of 1172	3124	chrome.exe	86
PID 3124 wrote to memory of 1172	3124	chrome.exe	86
PID 3124 wrote to memory of 2672	3124	chrome.exe	87
PID 3124 wrote to memory of 2672	3124	chrome.exe	87
PID 3124 wrote to memory of 2672	3124	chrome.exe	87
PID 3124 wrote to memory of 2672	3124	chrome.exe	87
PID 3124 wrote to memory of 2672	3124	chrome.exe	87
PID 3124 wrote to memory of 2672	3124	chrome.exe	87
PID 3124 wrote to memory of 2672	3124	chrome.exe	87
PID 3124 wrote to memory of 2672	3124	chrome.exe	87
PID 3124 wrote to memory of 2672	3124	chrome.exe	87
PID 3124 wrote to memory of 2672	3124	chrome.exe	87
PID 3124 wrote to memory of 2672	3124	chrome.exe	87
PID 3124 wrote to memory of 2672	3124	chrome.exe	87
PID 3124 wrote to memory of 2672	3124	chrome.exe	87
PID 3124 wrote to memory of 2672	3124	chrome.exe	87
PID 3124 wrote to memory of 2672	3124	chrome.exe	87
PID 3124 wrote to memory of 2672	3124	chrome.exe	87
PID 3124 wrote to memory of 2672	3124	chrome.exe	87
PID 3124 wrote to memory of 2672	3124	chrome.exe	87
PID 3124 wrote to memory of 2672	3124	chrome.exe	87
PID 3124 wrote to memory of 2672	3124	chrome.exe	87
PID 3124 wrote to memory of 2672	3124	chrome.exe	87
PID 3124 wrote to memory of 2672	3124	chrome.exe	87
PID 3124 wrote to memory of 2672	3124	chrome.exe	87
PID 3124 wrote to memory of 2672	3124	chrome.exe	87
PID 3124 wrote to memory of 2672	3124	chrome.exe	87
PID 3124 wrote to memory of 2672	3124	chrome.exe	87
PID 3124 wrote to memory of 2672	3124	chrome.exe	87
PID 3124 wrote to memory of 2672	3124	chrome.exe	87
PID 3124 wrote to memory of 2672	3124	chrome.exe	87
PID 3124 wrote to memory of 2672	3124	chrome.exe	87

C:\Users\Admin\AppData\Local\Temp\Combo Editor by xRisky v2.exe
"C:\Users\Admin\AppData\Local\Temp\Combo Editor by xRisky v2.exe"
1⤵
PID:4508

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff2280cc40,0x7fff2280cc4c,0x7fff2280cc58
  2⤵
  PID:976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1844,i,14883617564020925716,4460564023041293564,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1840 /prefetch:2
  2⤵
  PID:3376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2124,i,14883617564020925716,4460564023041293564,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2116 /prefetch:3
  2⤵
  PID:1172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2204,i,14883617564020925716,4460564023041293564,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2252 /prefetch:8
  2⤵
  PID:2672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,14883617564020925716,4460564023041293564,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3160,i,14883617564020925716,4460564023041293564,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:4196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3572,i,14883617564020925716,4460564023041293564,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4468 /prefetch:1
  2⤵
  PID:4088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4808,i,14883617564020925716,4460564023041293564,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4812 /prefetch:8
  2⤵
  PID:2660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4760,i,14883617564020925716,4460564023041293564,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:3860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4776,i,14883617564020925716,4460564023041293564,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4628 /prefetch:1
  2⤵
  PID:2164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3828,i,14883617564020925716,4460564023041293564,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3584 /prefetch:1
  2⤵
  PID:1980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3408,i,14883617564020925716,4460564023041293564,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3592 /prefetch:1
  2⤵
  PID:4788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4340,i,14883617564020925716,4460564023041293564,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:4780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5112,i,14883617564020925716,4460564023041293564,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4420 /prefetch:1
  2⤵
  PID:3076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3764,i,14883617564020925716,4460564023041293564,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:2980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4536,i,14883617564020925716,4460564023041293564,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4516 /prefetch:1
  2⤵
  PID:2528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3200,i,14883617564020925716,4460564023041293564,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3404 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:4828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4540,i,14883617564020925716,4460564023041293564,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=212 /prefetch:1
  2⤵
  PID:4768

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:704

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1548

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
86855f529aeadcb38e938a6c9dbcba9b

SHA1
4541be0e7e86b07f245446ace5591c43c618ff98

SHA256
e4d58868647e8eb5609526a36e74c3597a5dfa9737f4352c5cac95d0eb4cf7bc

SHA512
7c1481c80ae04b08e8721c5ed6a3267fbcc1740f30fa3cddbd710fbd331862404bf8d82f8c0b1d8f24c9dbb950a7e92f1d17f0a667a0becb9790b6895b175098

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2c9fd83f9236a7b53d3ef80dbfa7aecf

SHA1
b7e64ba365d04916c42a311ef35259712864d0c2

SHA256
4a554c3c1fd3c1eafcfef11c8894c08aec2d006c5c622c64351960c5f89d16c8

SHA512
10108c286336e888dd79b7e58e9379a95bf9588da1a2b46eacbd017092bc191afc64b38dae0d34dd4da690c08cde9ba793cba84db2fbaa57bf7c03e91add5d68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6cd7e6c2c2a8148d9826137ee34a3f99

SHA1
f714a96e6f9b9d7525be649c5ca0c4ec91d1d06c

SHA256
e2dd8a6e012b01058c35eb4a242fce8b4fc770acdb463385803bcbf6be8b97fc

SHA512
cb791832fc1cac520402301aa871280464baa3e7d4399a27ed154db9676a4179fd96cf5c0b5a9077f736cf28560860ecda14b9b28b1173155011415097994082

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
49429b0deffd176c9d730e37fe96a7b4

SHA1
b660e044f041ea7bc47a7c8354ec79fe3adbbcc3

SHA256
eca4cf77b79650ef0b6304fbfc9ce22179935d103204a623eebcde17d63bb8d1

SHA512
27530a5607fd8fb5bacabbca2854fdd951c30a56b9f793dd3d71f5400a61593fcf044b5977e32b83bbbed1fbb6291234bc844f3a1950eb995523018c59c53e42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
26f2d523587b8dd45772b16ec6816ca4

SHA1
7f290a3d67e2b5e543ab0fa7360f24cc9882127b

SHA256
61356f2dcbf6b09ffc1950cfa109c92c7509a5790ec31dbd642214b803e0c5c3

SHA512
141ed694120ecd8bb3354598dc73b25264412f2eb1bf65764d69be7abb64b60d91d535b70af443cd11b66c9cb3789f78cea50f35f57432ba5f76d4c9a4c2adeb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6c3fc6dac8d3b90ca54df9fd4c071d6e

SHA1
69ba316bbf771ffbefd8f707af0c6a6794a5d9e1

SHA256
e6888dad6c87a9e58aebbf081845a2681ee1db110705c152605d4f7248fb28e1

SHA512
9709e050801927ee7732ea9663a99729700ce719339574b8748b9af5e974471817d1c43477e55e2e2198a3b015fbecf0c88ffab8bdb96f046c8357ac6edc4817

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1fa8953382cd6d7de35ad6468a7d9339

SHA1
f7c20dc7973d80f04bcd96b717f174b4a6053c9a

SHA256
4626cc88be5af22a008cc9c74f240243b5e6cea974e8938a66f301ea7577f26e

SHA512
c225877494fabb2819fdd874d0ec35864e25880d4f82acd5b1925e729400492b24cb9c60e6fe22b32533d08c5f585b093b2f9ef32cca4afc24e50722fac8704c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
a400015993635431ea0bfd5e27d496e5

SHA1
c8405f9070ade712d15eb711497250c7ad1d879c

SHA256
c5dce5aa62609edd66f3ad1240a487f05a3d928cfe0b8bb77f6cb0d98650881b

SHA512
d23d16b3d09032133eebe3e15c74365619e4c43ea0eb3aa92e0219262bbad0331ca740729cd099c4fe8ddae71d44a880677821ceeead182247c66654506e0b13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
2cca72abd8be99670888b6676b3b06c2

SHA1
a1556621a23e6f6cfdca091ad3927e6a1800e712

SHA256
8a81ae623a391071f94f9fb604c96b3a2c519ae22c210b46f94ebeded658ec17

SHA512
656a0e28d3d0f617345ebe9d1f64bc3bdb4f84937581433f25fe3255ebcf33b7221da02e3fbfd619605d571b2f98ef30ad618da9ce9600d761c8e8ea553fb8ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
4b6ffa6bf45b7e7546f29a3bce57b027

SHA1
a828fd5069ff190d550310336a28e53e15bae03f

SHA256
0060a3cae0915efdcbf1f95b8de3c3d84b89473f19d23f1525121c0fc5538380

SHA512
62ba32fefd6c869cc874e7d2941cdb2dc9a3ef3a806ca428628d37c2b82c66e6c9263f4bf6a68fdb0f14142ed50ab90265c140ac1f88a5dbb9f1ffc33be0ccc9

Download Submit