hxxps://secure-web[.]cisco[.]com/1mke3NPZGFUgctmh-Ibvj87HG2zlKQrfNfY5zPM0SSt43QuPAOO5aDmbmQ9CRdARGvEE5JPTOqDJMxbcGOnlXRqyB51c5fZ9mggqfCiJfbOHiID7zN6-oELnn-nn3FdK04PhN8FqaXSbnXQRtHqGXcl-8-dIKWIlYrj6hCnfHpofiorcLBGYdatuvRLDLigKq-FPRPW5aRQ5mn4e7O688fqsMnEqShlNpsR4IIaIhmShjoklAmPOUl3Xh2DxdbVDHx6XGpUxEiWkEyIf8O-bIqiNhezlqvTOrcVnsfo8zmG8h-cTtWMYqibNN_YOq8HKYsgkphxdv8RtbFmSHkLQREw/https%3A%2F%2Fclick[.]mail[.]freshmarketdata[.]com%2F%3Fqs%3Da09c36d6237ca9913e7673defe97bd689116185bcabfc55f4cf79eff187c96fedbe28155ddc02e0178bed569a8f5bad3c404b2149a2ce9e3

Analysis

max time kernel
195s
max time network
197s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
03/09/2024, 18:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://secure-web.cisco.com/1mke3NPZGFUgctmh-Ibvj87HG2zlKQrfNfY5zPM0SSt43QuPAOO5aDmbmQ9CRdARGvEE5JPTOqDJMxbcGOnlXRqyB51c5fZ9mggqfCiJfbOHiID7zN6-oELnn-nn3FdK04PhN8FqaXSbnXQRtHqGXcl-8-dIKWIlYrj6hCnfHpofiorcLBGYdatuvRLDLigKq-FPRPW5aRQ5mn4e7O688fqsMnEqShlNpsR4IIaIhmShjoklAmPOUl3Xh2DxdbVDHx6XGpUxEiWkEyIf8O-bIqiNhezlqvTOrcVnsfo8zmG8h-cTtWMYqibNN_YOq8HKYsgkphxdv8RtbFmSHkLQREw/https%3A%2F%2Fclick.mail.freshmarketdata.com%2F%3Fqs%3Da09c36d6237ca9913e7673defe97bd689116185bcabfc55f4cf79eff187c96fedbe28155ddc02e0178bed569a8f5bad3c404b2149a2ce9e3

Score

5^/10

discovery

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133698618470199101"	chrome.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4948 wrote to memory of 1676	4948	chrome.exe	79
PID 4948 wrote to memory of 1676	4948	chrome.exe	79
PID 4948 wrote to memory of 2100	4948	chrome.exe	80
PID 4948 wrote to memory of 2100	4948	chrome.exe	80
PID 4948 wrote to memory of 2100	4948	chrome.exe	80
PID 4948 wrote to memory of 2100	4948	chrome.exe	80
PID 4948 wrote to memory of 2100	4948	chrome.exe	80
PID 4948 wrote to memory of 2100	4948	chrome.exe	80
PID 4948 wrote to memory of 2100	4948	chrome.exe	80
PID 4948 wrote to memory of 2100	4948	chrome.exe	80
PID 4948 wrote to memory of 2100	4948	chrome.exe	80
PID 4948 wrote to memory of 2100	4948	chrome.exe	80
PID 4948 wrote to memory of 2100	4948	chrome.exe	80
PID 4948 wrote to memory of 2100	4948	chrome.exe	80
PID 4948 wrote to memory of 2100	4948	chrome.exe	80
PID 4948 wrote to memory of 2100	4948	chrome.exe	80
PID 4948 wrote to memory of 2100	4948	chrome.exe	80
PID 4948 wrote to memory of 2100	4948	chrome.exe	80
PID 4948 wrote to memory of 2100	4948	chrome.exe	80
PID 4948 wrote to memory of 2100	4948	chrome.exe	80
PID 4948 wrote to memory of 2100	4948	chrome.exe	80
PID 4948 wrote to memory of 2100	4948	chrome.exe	80
PID 4948 wrote to memory of 2100	4948	chrome.exe	80
PID 4948 wrote to memory of 2100	4948	chrome.exe	80
PID 4948 wrote to memory of 2100	4948	chrome.exe	80
PID 4948 wrote to memory of 2100	4948	chrome.exe	80
PID 4948 wrote to memory of 2100	4948	chrome.exe	80
PID 4948 wrote to memory of 2100	4948	chrome.exe	80
PID 4948 wrote to memory of 2100	4948	chrome.exe	80
PID 4948 wrote to memory of 2100	4948	chrome.exe	80
PID 4948 wrote to memory of 2100	4948	chrome.exe	80
PID 4948 wrote to memory of 2100	4948	chrome.exe	80
PID 4948 wrote to memory of 2684	4948	chrome.exe	81
PID 4948 wrote to memory of 2684	4948	chrome.exe	81
PID 4948 wrote to memory of 4112	4948	chrome.exe	82
PID 4948 wrote to memory of 4112	4948	chrome.exe	82
PID 4948 wrote to memory of 4112	4948	chrome.exe	82
PID 4948 wrote to memory of 4112	4948	chrome.exe	82
PID 4948 wrote to memory of 4112	4948	chrome.exe	82
PID 4948 wrote to memory of 4112	4948	chrome.exe	82
PID 4948 wrote to memory of 4112	4948	chrome.exe	82
PID 4948 wrote to memory of 4112	4948	chrome.exe	82
PID 4948 wrote to memory of 4112	4948	chrome.exe	82
PID 4948 wrote to memory of 4112	4948	chrome.exe	82
PID 4948 wrote to memory of 4112	4948	chrome.exe	82
PID 4948 wrote to memory of 4112	4948	chrome.exe	82
PID 4948 wrote to memory of 4112	4948	chrome.exe	82
PID 4948 wrote to memory of 4112	4948	chrome.exe	82
PID 4948 wrote to memory of 4112	4948	chrome.exe	82
PID 4948 wrote to memory of 4112	4948	chrome.exe	82
PID 4948 wrote to memory of 4112	4948	chrome.exe	82
PID 4948 wrote to memory of 4112	4948	chrome.exe	82
PID 4948 wrote to memory of 4112	4948	chrome.exe	82
PID 4948 wrote to memory of 4112	4948	chrome.exe	82
PID 4948 wrote to memory of 4112	4948	chrome.exe	82
PID 4948 wrote to memory of 4112	4948	chrome.exe	82
PID 4948 wrote to memory of 4112	4948	chrome.exe	82
PID 4948 wrote to memory of 4112	4948	chrome.exe	82
PID 4948 wrote to memory of 4112	4948	chrome.exe	82
PID 4948 wrote to memory of 4112	4948	chrome.exe	82
PID 4948 wrote to memory of 4112	4948	chrome.exe	82
PID 4948 wrote to memory of 4112	4948	chrome.exe	82
PID 4948 wrote to memory of 4112	4948	chrome.exe	82
PID 4948 wrote to memory of 4112	4948	chrome.exe	82

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://secure-web.cisco.com/1mke3NPZGFUgctmh-Ibvj87HG2zlKQrfNfY5zPM0SSt43QuPAOO5aDmbmQ9CRdARGvEE5JPTOqDJMxbcGOnlXRqyB51c5fZ9mggqfCiJfbOHiID7zN6-oELnn-nn3FdK04PhN8FqaXSbnXQRtHqGXcl-8-dIKWIlYrj6hCnfHpofiorcLBGYdatuvRLDLigKq-FPRPW5aRQ5mn4e7O688fqsMnEqShlNpsR4IIaIhmShjoklAmPOUl3Xh2DxdbVDHx6XGpUxEiWkEyIf8O-bIqiNhezlqvTOrcVnsfo8zmG8h-cTtWMYqibNN_YOq8HKYsgkphxdv8RtbFmSHkLQREw/https%3A%2F%2Fclick.mail.freshmarketdata.com%2F%3Fqs%3Da09c36d6237ca9913e7673defe97bd689116185bcabfc55f4cf79eff187c96fedbe28155ddc02e0178bed569a8f5bad3c404b2149a2ce9e3
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff10decc40,0x7fff10decc4c,0x7fff10decc58
  2⤵
  PID:1676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1928,i,5410069643575335038,2284173568235288004,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1924 /prefetch:2
  2⤵
  PID:2100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1804,i,5410069643575335038,2284173568235288004,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1960 /prefetch:3
  2⤵
  PID:2684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2172,i,5410069643575335038,2284173568235288004,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2196 /prefetch:8
  2⤵
  PID:4112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3096,i,5410069643575335038,2284173568235288004,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3112 /prefetch:1
  2⤵
  PID:2560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3100,i,5410069643575335038,2284173568235288004,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:4740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4520,i,5410069643575335038,2284173568235288004,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4532 /prefetch:8
  2⤵
  PID:3756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4780,i,5410069643575335038,2284173568235288004,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4856 /prefetch:1
  2⤵
  PID:2124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4104,i,5410069643575335038,2284173568235288004,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3688 /prefetch:1
  2⤵
  PID:3236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3188,i,5410069643575335038,2284173568235288004,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:3844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4824,i,5410069643575335038,2284173568235288004,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4788 /prefetch:8
  2⤵
  PID:3116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5352,i,5410069643575335038,2284173568235288004,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5380 /prefetch:8
  2⤵
  PID:2304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5360,i,5410069643575335038,2284173568235288004,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5420 /prefetch:8
  2⤵
  PID:4860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=980,i,5410069643575335038,2284173568235288004,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5372 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:4020

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2148

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4752

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D4 0x00000000000004D8
1⤵
PID:4704

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:2776

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
c9a061107ae85e168d4679e991537f8c

SHA1
fcfbbf0e5d0b97cee3558066a98b12043d9782e9

SHA256
706f10bc2bccba9bac111496c67527c5a520ddb8e18d57cbc0b02c64054847e8

SHA512
575384565edeed5601d06c783fba28ea42b85c2753c090e3cee5f462c9d702284136fabdc911d6f78b03947087ee24db1884000a64b10ded028e52a7f7b6f983

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
816B

MD5
8bfc31129a28ee267bf4b78a0c6dc2ba

SHA1
54a148776071a91cc40472a9be07761a4d550b97

SHA256
91f0ed99271c70beabbeab788e2cc3526a2194c9822123437bdc338913f10040

SHA512
6f234e5fc2a06e89cabb569dcb39900fe7b2f2df8ba298ba99d36aca41c608f6f3be4ea33073578e445d1eb41928d0013b216ae64c84cf34c411fe79dea22cc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
2a7db03df4943e1a1deaa835375a5994

SHA1
908b2191cc64c9d21d84e42ca2898d9fa6786d69

SHA256
df926d7cf6917b49b9d7914de355ecf0ca1d38ef104249613580aa9f11512e2b

SHA512
fa844f066d41003d6ef300ec583da8328dbaa810a026473a753a18e133505c6fd7f910204d5b83fc1d315c12ee00812a7b8d08155b7ab6e1374cc30ebd354d56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
7c2b48a36998bc871f097fb593a20c27

SHA1
32225f1b19b5495d260044285c42d2afcdedef7d

SHA256
1d425c729fa21074e4e6297bf9369a33a81ba1d4f6a09ab7e3c10f2ebfea3ede

SHA512
0b34f71404b749b4eb738702e77c9e5d94ed0462db88249f0b5080553867237d2a9fa7ccc8002473d6fcd916b6c70aba95788c1e8cc85ec09c14e6c6e9da400c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
7be1e693d5f823c8d5ba27f523cb8e5b

SHA1
d83ddf0ad7a47115581dd9ea7a929e9b54b09aeb

SHA256
6eae9d44b3649e5bb91cfffbaf7eaed7f073f36e91afc28761a991df24524ed2

SHA512
f5ceff8c46de8472e9f37b78319e2caa91bdabe07de2d84215a052318bf8dc1223622e4c327fd4777c74b84230abe16c99ea5ed0ca38d2620f9c20940f50e6b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a2d4e056cc8f161a70cd737d0c77a2f4

SHA1
a14e9ff37f526e9fcdd463dfd73fa5bec4b895c2

SHA256
f7f1c2f10bfb1065e9dd5004e0381745f79b708044adbeb0d7cf466928e8c053

SHA512
ff33a64ded14c378eae87466fc91447c49958a0806135c5de5ad7a839db6cfacd71ca25bad30ffbbf157d8bf530f039f2450b7e366cfc20e3a4f56e99dea56eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e65ef938ae22cd5acc91cda1bb13aeb9

SHA1
9222c337f4b9628a379b2919f0723e3696cfe56d

SHA256
23fbb4a4215e3659591367331250bf66142a7d2cd9426f6e6686a265c9ab89d0

SHA512
f7d8bfb4715614e6d9f2ca72d61e6848c1cddd18574594a3b160070e11ba78387a192ab59ef161d0e5f40175b4604467510174e2302302b6d674db6c28781c7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4789cf8f8e226acfcb383a815f2c0685

SHA1
3bbf99c3d1e1d0bddd763f73816f9c3bbc7d2365

SHA256
7e3c442beb6a0c7bcfce7b088c858a2d489d77d51eabb409c583ea9c2725020b

SHA512
932482fee4824e53f15be98f46ed1c317dea26deab2c5ddd6ac47dafd018e71be0d0c51a3c401959e9ef5b77b369f6d79ecbf7df78985db51eb491b38446de48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
cda9483cb7cbe32164eeff8ef9214874

SHA1
9abbc4756d20cf2a315ead64b09b06d9b4d55d66

SHA256
261ae445957a054c2802e4c5bc4b790388393bf31452e978cf415a64ae562b52

SHA512
e7e53462e85796fdd7401308c0e9f70b0bc89cd9123eafa6300a1d9051cc7f25e5ca93091cb88d15ac883ce488c04bd9bdd033024195c21bf27e4ff05c052817

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a4127f25a3ca0a1324bb237ad3f5aae1

SHA1
caf1ec1ec46b42207d300ea352c1ff14d3f9b1ad

SHA256
bdc0556b7da4d7407d8cc808d2f12470e6a8ed375a0e7d17f3a247b9c09fac7d

SHA512
9b6ca577fe36c14b4388f502f0f48d3ccc55314e2ba99d868b8907cb71279f9216689dcd472968602039f96338e8f611aa3a3c112349dd092c1245753ad444b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c5a611b726277ae8b620a1d5b0878318

SHA1
18020939cb0ece44ad296ac1116d78bda396a99b

SHA256
0f54ddad68bda32078b953722712b076f743addc1e8622d0636f000e2524dfdc

SHA512
45aae51417460ceb17808297472577640d36e358d1a7413b202e926aef60a5d1ddc0ff6c34e8ebec7190fe9ab0a1e4e1d78a9e074c820479807a82aaa3cb1b73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
bdfa5a4b2bfd7c7ebf546cd9bbe22140

SHA1
2350df20d5a15413080b600343f611677cf41d36

SHA256
338668a77499bc82b83d971a5e22b1879211873f0039ff7e9210da36ca31fcb6

SHA512
a05954c4d923a21d776c77985d5840d6d31134a521ceee5456788409542174175da2367b60ba1c0278ecb9f0e0722096756e0f3c37c026fd7fb99baa443fb60b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fb17692cb56d4785e793e156c4c07efd

SHA1
d1bf9cbecabfcc1b8c67e88b807e043f5b8d139f

SHA256
97d42d10ceb0ed014ab75229b40d4e14f95e54050bea6151a304154e4bd49dd4

SHA512
b0e7d0efefda79622c610a9dc8c37f581e0000b83acadc7d874c6ad813f4ed3bc88c7d616b4a29f27f9e9b203fcb4dbe8f8ceb9cbd37e097bac3b5cee4940fd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c167d5f5287010a9089a73d72ca2b61b

SHA1
4ed5168304ce1fc6482bc2ed289a2ca587d80859

SHA256
222663ad59a1c0eb9d192ea9b204cadd9db4284899179babc901819f850fb095

SHA512
4139894ae1a164822442970a0ca9ffd6eafc95fbe6f477544282eb2ebc45813f0409e6d82f59b0c46b0bd777afe5cbc98247d13fad5dc6fef0cf970196481d97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
58939bfd4df6913366c335376613358a

SHA1
e00d1346194196d0565927e993eec27a7cfb0394

SHA256
c76a3658b554d364c7df90bc818c52f6b8ddc7d606cc3a3bba77e6fd3a292026

SHA512
b18ffee6ca50cd0c420e8259dae0aba4de8631bf4de4e6f624c699d2ce26615d588ea3aec1339ad45edc259184d3dd31488503698fc9bbfdd0c435587b883422

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8e96a2384b5b64d3bd36ad6486064fc2

SHA1
d2594a5afa8909ba712ab8b88e3bd37a504ff93c

SHA256
5991f79f73c1453e9c1203366d2fc2134746f036657e423da12db63161944a15

SHA512
24e4765f379479b056fa180a70ade5c20be4c910a8a2e15ef6296f00c0eed201198337e58a608e6d7ec73f0d4f296a6f2753be2e1f028e4431a06863f350e7c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f31a91bab0f14ace6ad5e312ca719cda

SHA1
29626843d7f272b070a3c5c263d9ba7937b6f1e7

SHA256
8e24c87696ded99193abd2cf635761038ddb26a7fb681a789862193e58a0e9f9

SHA512
e916270026f55384718fa4a83e8ed3af77d159c7d9ff95bea3c5fc6e7fe2bd1f0d8b79d02b8de0719754c79a620a587a4ad70f23ef50af8b88fdb91af1dd7862

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bb3d74b6f7b8d4da96ad7c296929e7a6

SHA1
b4f16ef073c9d548dc4d97a399e8324ddc0f4602

SHA256
4a66df00947c22b88cb07410a02a68c3f3ae7fdfcdfab7d533edebd995dfc674

SHA512
8a36d45733a9a93eac1422fcec4c2c0d8f8f5e6ebd4658938a568cf968cd0cbadd25e1f1c9ac57224e6737c933bb08ce853980723b7c781d0537e27ee262ba72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
6819421ea641e53ba8a22a4d257f5353

SHA1
1b3c6b105cb43ed9ec896adc2ac92c28d4d63b78

SHA256
1313de69a1da7b54ec8b2f9d55e7eafefaca45263f0db3a59a2f975c59083a5e

SHA512
f345bfd99f0c7931f47334a1b7c5f9dafc4b0f8a3cf816ee4600c63543b61ae457a768015defab685081c7332b96dcdfc9fd8e1da06d3147d06d539e0460da88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
e629ea9981adbba87aa0600e91c84f04

SHA1
a9dbd8fd7a71c791aef15649815a18c38ba03e5c

SHA256
44c650c050fcaf251c65964b984b52ee574659c9ff500d1e11975eba069cfe00

SHA512
29f20c1c86d2800c5cd46d9b831c92d0d62612ed0640646d4611ebb451f7770bba91be962927a042a983687d0b52e8c1f3cdbc92dc33b1e8cf7c1ed50e0aa23b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
fe18f972d1908ebbf71761ecd96031a0

SHA1
c648b3a02c8568ed09dbf6a171d13f60bb8aa069

SHA256
3107ab6aa3d0ed981322c1c65417cd5ed43944e897a10ee78f5ab7a4e6a32b7d

SHA512
ef6659d27ae898c5d9b32bbb4b257448be488c0e0cedf96c8278b6e67e86abe5b82fc1402b1f8ee9a4f23bfa9acbd8dd3992e7e032d2286e9386ca6c19eba1b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
152KB

MD5
8fac638af43755514f36d3464bb38474

SHA1
cabda3763be8c6044c20f8f8dcf1f7849ed794f5

SHA256
41c9593869ea9bc9a2f64ea5a818b992adb1b9ad2f0cd6796ce35678665aa0ed

SHA512
faf7a3e5e9e83e1c5cb7b58b36c42a5b580cefc5745abb6807ed7b108600398ada50e107293a90a9dc606cf99d21bd4203b0ae3e94ada1a13805e7e8bf613783

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
695c3ca2ac52b1fc5d6d7a402ce1d825

SHA1
796128a73616248c710b66c11c83c2cf4a8ca7e1

SHA256
22b73fce92602a8b1b1e372871914d955e288940730db52141028c8bac391f60

SHA512
bc864763edb6dbd616ba36c20f9c3e290e0c980a9786442c25920739bfcb7d6986b32c4860b35f6d2632b5a603009c549b4901b91b41add8d9d193e7baf65855

Download Submit