hxxps://www[.]upload[.]ee/files/17161114/NIGANIGA[.]exe[.]html

Analysis

max time kernel
149s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
25-09-2024 18:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.upload.ee/files/17161114/NIGANIGA.exe.html

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133717610307440314"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe
4980	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe
Token: SeShutdownPrivilege	3448	chrome.exe
Token: SeCreatePagefilePrivilege	3448	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe
3448	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3448 wrote to memory of 4852	3448	chrome.exe	79
PID 3448 wrote to memory of 4852	3448	chrome.exe	79
PID 3448 wrote to memory of 3696	3448	chrome.exe	80
PID 3448 wrote to memory of 3696	3448	chrome.exe	80
PID 3448 wrote to memory of 3696	3448	chrome.exe	80
PID 3448 wrote to memory of 3696	3448	chrome.exe	80
PID 3448 wrote to memory of 3696	3448	chrome.exe	80
PID 3448 wrote to memory of 3696	3448	chrome.exe	80
PID 3448 wrote to memory of 3696	3448	chrome.exe	80
PID 3448 wrote to memory of 3696	3448	chrome.exe	80
PID 3448 wrote to memory of 3696	3448	chrome.exe	80
PID 3448 wrote to memory of 3696	3448	chrome.exe	80
PID 3448 wrote to memory of 3696	3448	chrome.exe	80
PID 3448 wrote to memory of 3696	3448	chrome.exe	80
PID 3448 wrote to memory of 3696	3448	chrome.exe	80
PID 3448 wrote to memory of 3696	3448	chrome.exe	80
PID 3448 wrote to memory of 3696	3448	chrome.exe	80
PID 3448 wrote to memory of 3696	3448	chrome.exe	80
PID 3448 wrote to memory of 3696	3448	chrome.exe	80
PID 3448 wrote to memory of 3696	3448	chrome.exe	80
PID 3448 wrote to memory of 3696	3448	chrome.exe	80
PID 3448 wrote to memory of 3696	3448	chrome.exe	80
PID 3448 wrote to memory of 3696	3448	chrome.exe	80
PID 3448 wrote to memory of 3696	3448	chrome.exe	80
PID 3448 wrote to memory of 3696	3448	chrome.exe	80
PID 3448 wrote to memory of 3696	3448	chrome.exe	80
PID 3448 wrote to memory of 3696	3448	chrome.exe	80
PID 3448 wrote to memory of 3696	3448	chrome.exe	80
PID 3448 wrote to memory of 3696	3448	chrome.exe	80
PID 3448 wrote to memory of 3696	3448	chrome.exe	80
PID 3448 wrote to memory of 3696	3448	chrome.exe	80
PID 3448 wrote to memory of 3696	3448	chrome.exe	80
PID 3448 wrote to memory of 4244	3448	chrome.exe	81
PID 3448 wrote to memory of 4244	3448	chrome.exe	81
PID 3448 wrote to memory of 2136	3448	chrome.exe	82
PID 3448 wrote to memory of 2136	3448	chrome.exe	82
PID 3448 wrote to memory of 2136	3448	chrome.exe	82
PID 3448 wrote to memory of 2136	3448	chrome.exe	82
PID 3448 wrote to memory of 2136	3448	chrome.exe	82
PID 3448 wrote to memory of 2136	3448	chrome.exe	82
PID 3448 wrote to memory of 2136	3448	chrome.exe	82
PID 3448 wrote to memory of 2136	3448	chrome.exe	82
PID 3448 wrote to memory of 2136	3448	chrome.exe	82
PID 3448 wrote to memory of 2136	3448	chrome.exe	82
PID 3448 wrote to memory of 2136	3448	chrome.exe	82
PID 3448 wrote to memory of 2136	3448	chrome.exe	82
PID 3448 wrote to memory of 2136	3448	chrome.exe	82
PID 3448 wrote to memory of 2136	3448	chrome.exe	82
PID 3448 wrote to memory of 2136	3448	chrome.exe	82
PID 3448 wrote to memory of 2136	3448	chrome.exe	82
PID 3448 wrote to memory of 2136	3448	chrome.exe	82
PID 3448 wrote to memory of 2136	3448	chrome.exe	82
PID 3448 wrote to memory of 2136	3448	chrome.exe	82
PID 3448 wrote to memory of 2136	3448	chrome.exe	82
PID 3448 wrote to memory of 2136	3448	chrome.exe	82
PID 3448 wrote to memory of 2136	3448	chrome.exe	82
PID 3448 wrote to memory of 2136	3448	chrome.exe	82
PID 3448 wrote to memory of 2136	3448	chrome.exe	82
PID 3448 wrote to memory of 2136	3448	chrome.exe	82
PID 3448 wrote to memory of 2136	3448	chrome.exe	82
PID 3448 wrote to memory of 2136	3448	chrome.exe	82
PID 3448 wrote to memory of 2136	3448	chrome.exe	82
PID 3448 wrote to memory of 2136	3448	chrome.exe	82
PID 3448 wrote to memory of 2136	3448	chrome.exe	82

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.upload.ee/files/17161114/NIGANIGA.exe.html
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff3ef6cc40,0x7fff3ef6cc4c,0x7fff3ef6cc58
  2⤵
  PID:4852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1860,i,16122645874001625948,2197463125925152339,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1856 /prefetch:2
  2⤵
  PID:3696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2136,i,16122645874001625948,2197463125925152339,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2120 /prefetch:3
  2⤵
  PID:4244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2184,i,16122645874001625948,2197463125925152339,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2524 /prefetch:8
  2⤵
  PID:2136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3100,i,16122645874001625948,2197463125925152339,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:2792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3112,i,16122645874001625948,2197463125925152339,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:1520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4292,i,16122645874001625948,2197463125925152339,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4296 /prefetch:1
  2⤵
  PID:1588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4540,i,16122645874001625948,2197463125925152339,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4564 /prefetch:1
  2⤵
  PID:2444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4708,i,16122645874001625948,2197463125925152339,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:2008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5364,i,16122645874001625948,2197463125925152339,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5552 /prefetch:8
  2⤵
  PID:2864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5576,i,16122645874001625948,2197463125925152339,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5564 /prefetch:8
  2⤵
  PID:2680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5572,i,16122645874001625948,2197463125925152339,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4272 /prefetch:8
  2⤵
  PID:5104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3524,i,16122645874001625948,2197463125925152339,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:2792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4896,i,16122645874001625948,2197463125925152339,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4744 /prefetch:1
  2⤵
  PID:3512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5264,i,16122645874001625948,2197463125925152339,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:3240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4768,i,16122645874001625948,2197463125925152339,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=212 /prefetch:1
  2⤵
  PID:3528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4936,i,16122645874001625948,2197463125925152339,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4924 /prefetch:8
  2⤵
  PID:1700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4988,i,16122645874001625948,2197463125925152339,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5732 /prefetch:8
  2⤵
  PID:4164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4548,i,16122645874001625948,2197463125925152339,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3108 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4980

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2080

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5024

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1840

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
46c4cb11fb0d1d0047b4fb2891ce79fe

SHA1
09363ac9171cbfdf6e03d9ee3e5d9ca12e0574d8

SHA256
c2f4f1fe88a3ce19318694e48a5d7f45e9eb3f610bf5f65afc0ddc6cd60361ca

SHA512
b38a591b65314931f92d1d69a788906c865420c6e597ae70043bb481b7c2ffc4a5488c931aab73d4b0c3cc0f9e0443edc99d94ee7ec98b0e2c22c8d95a8e3d83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
6218334436293abefaafeb419284c0cd

SHA1
6f037eebd24515f4dd99e5e9207c009bdd83e6c9

SHA256
dff0f8e15b208c3bef30e3676dbdef699935b92b07b16f85afc36ae57172cae5

SHA512
c077645017a3fd4036c9f30666272ce74d437feacd3e6196b0d56883a82f01ea6cd70f219c176083cbcf7d22b460b4bb80db375c0e6aa9c7d0492484a6c4efa8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
26907062499ec33a8cf19a5d91cae6e7

SHA1
e62a4860bf92236e7d9260ca9951d87f228a6b54

SHA256
75863ca541aa940f8d483565bc290d414511a120f7093436f768e7545766cbb8

SHA512
e9d0aa731bfa4d8712744d71184cc4de872de20b719eb0c523f6c09b5793f7d2399783559efa3baae9d2dc0a7a15bde61dce054073c2c9cd3a211047eb9ce9e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
bdd5fc57211e49b3014894967fd8a53b

SHA1
62b41626b7c68c5396f5463bba1b00db3cfd39ea

SHA256
f75318a667cf2b38fe057fea926454a77315aacda0ac62fc736b56dcaf40a62a

SHA512
524e98a5411c0d806873dafc41ec9e4213b7054b229ef342830000f690e1ce86f59dfa14037d28c611fafe39408c88234eea06750c9d52ed4ebb48bd59ccc6fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8177699a3592dd897e82ec07e0cea68c

SHA1
5a07fdf4c4c2d6079c1df03b3a281c311d2d9d9e

SHA256
9fe97a13ca464040d1bee3bc9f1cb32b899af7698265fe20dde729cc15388df8

SHA512
cfbaeb574fb4aebd88215432cc02fe143a04156506ede08023d47c9f42f7df0967ffe6886544538155da1ac91ce6c671cdb85b2f4efcf57ac2a250c14bd54aab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e0906d9bf8758c77e196d151dcafff39

SHA1
af6a256a05af295b1ad13718b17d6bf2564cb29a

SHA256
f98f38a06005ddc245d830681bd4651b082be899d7dcabdd5fd5d6bd392c1036

SHA512
e4072a07192eeb3e3f650522c9252822a95307c2e4351bc8c4fe5626c8f4094134ea7acdf6382792a059148a507778f3288f6047306803dfa3178e9905987d50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
61bce8d93225955a38596a9723e993aa

SHA1
922feae1aa7e36ab3d59c9782f7395dce8b7054a

SHA256
b4992b5809c462a7757df37bf4524d112bb88a35abcb432ac079550c85f62353

SHA512
42ed1e1543f46eeff220ba751e1aee6b7f3be9e4f24510bd3b998f944ab8b2c8e98b4f65473848df0d731da55f6e0cdf0804154df7a50350c4e27c85789cc29c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
12aa6239f4d3f14753e937c197328d00

SHA1
b9478716756ea11cddcbd639304643f2ad1f170b

SHA256
2728c43999a5b66ea17e3e94108a4dda32cd08fc6eb0fdd2d7ed0442e6965924

SHA512
5b967b5ffa91e2cfdb8ff5dff8aca45454a3ceb9fef1da2df7bbf4b2b0d037215a6a800fbd10e1393940cedbb06184deeb6a4243405f9ae9f638a7e19ae28eda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d2eff17c7afdff849f2d6192eda8f0dc

SHA1
8b2200d24f7c166380fee9a95028f57f63fb480b

SHA256
4ce61ee3a24da0aaeeff54989e2e063f29d790de113d2739515b1684ad443799

SHA512
72de9af2635a1b0da8c20a62c19eef98e25a504dcb0382921b07694a8ec2ffe5c1f21fab4f44d8bc3d2f25030c9a1fee798474a589c831cd605857a949a1c291

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bc8afb3a2af1b1667eca83d027a34380

SHA1
939bb8b48ef91a238e191451e00743c951b6bf1d

SHA256
1c1b6d98e5f0c8c207296f56185124b80b199d74ffaec2044775189d40d2d43f

SHA512
9515e1e6990b4e16fc0fdfadfdbfe6a424a81b20fd31d8edb5c0a9ebc3b2ae2544f72b8420d345e1a1ef883d8b71426435c354c43feb6709577281795152c2d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ef9a41bd82f48e67f8c125342e286375

SHA1
4dd94c18d0f1a6683f60ed263a42548d536a2c7f

SHA256
ca81802ac460b9c54ccbd57a94aebd886a5df01f607481412b9379cb4233b2a9

SHA512
7a4e5db4646bb2322f51ff732b0f3c25b018dcad13a82befb1a768e0a08be47c5e0bc851bcfd7cefb326c1d1bdcdab97265b93f14bc6cc9728be244dc9564f0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5def65ffe4eb2aa4f91864e57bbadbd4

SHA1
7817230b044b47b8309e954ac34d0b60ff0abee7

SHA256
9b57c44b63c7633c8507a91924880612e28d249cc1e74378d2a4f1b26a0e15da

SHA512
fbaa2e17fd49d9443c77f54093b76a94a94a0a266e4f8a36613ff22bba3e989a934e9d59b279cf8f430590197e3d27a8728b71ba6ddfb6a47eee552ff998a976

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2d724c6fe6a0a5b226a8b496e047f47e

SHA1
4166c0e35df57498862477a0958697b3aeef539b

SHA256
f47ee2e4bc90556974c76a42c17a605b0f6993177575fc9a2facb3869b2349db

SHA512
90faa628e97f4155f0ca05ffb020f09d68af93c44b80e90cb6f22412ed858f5be788a38d78767555e5598923b2251624e0818b2b54f36d1bdd5825b99277e5fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
004779ecdbe1d7d625fde3d2c51853c9

SHA1
51acbe19b49d17e69dd7b9e338bfd650210f9760

SHA256
aa9d4b1abda7c4cae9478ae5ec83206cc56f37b3e017683a242278c3f5264c20

SHA512
f14f6e9f715c9d7da761c8bed29a3d9e3a237fd94b73c88d1bbed382fed2e5c2c992341cfec086cdedbdd8c8bc02b510a592a3297a90a48f66cc5fa647287e4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
13a2e1978a35e8e40205825c29760951

SHA1
d1f79118f09bc6d7062ba2e917bc4e01d0c7649e

SHA256
da014e750b8ce2226f1c82e9e54c13f4c9dbb435363d69f14ef3b146ee666054

SHA512
0aba2cec7d8add9dc463141a206d4156849f6ec477c5d5acc3ed1d52cca6ee7815c01bd8314c8033b3301438dd71f551e581957885fd5e80319ffc754eeab99c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
e2d80ba714e64a062894043ff9da85c6

SHA1
5ea9d6a2216f356f18f9b2426443780c37e10aa5

SHA256
6d793a88bda1019a35fd0c59cd680d787199adf218c8f5d03a0caa4e3ca999c6

SHA512
b98dca0c8cb8b517085c211c793ff9db899440d437d3fa72006d563e125e3ef9be780c9d8d860ca6760c8d743dae7f814ca2e416af466db6f772fd4978f6b4e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
aa0c66239fc6b80d09958461d29fba30

SHA1
9737f2f14cf59de9b2f4e1d53769bf61d7b9ccc1

SHA256
a0a3268a10bd5c4d9a72ec3efc8f2d9a18013c3c9e4d7905c5ac438ee2c96a97

SHA512
fbd81cd1879a2723393a6e1d10c17b3b76a6fa60bf31a273840855bfa2a62230d5afe728cffc3dd962f65b630a1a26cfb9ba420ad47b19731d66d08b39b1ef4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
c9d853a3952e903727ce33e1c3c88d0a

SHA1
a7f79cb04dd818cad2680144b48863845e74f02d

SHA256
2d24cb2a9c1f6d34d546330ea5ce169a69d4cf2d9dedb0444d2e75c3ace096fd

SHA512
2c6123d54f19e9fe3f6779af3533cccf3ed38194fbc048add993b3b249c7fa909875998ef9fcaa842d8caf10a420cfa71e2d7ec16b1e89ef477155ae927c17fd

Download Submit