hxxps://eu-west-1[.]protection[.]sophos[.]com/?d=d3security[.]com&u=aHR0cHM6Ly9pbmZvLmQzc2VjdXJpdHkuY29tL2UzdC9DdGMvTFIrMTEzL2MxUHZaMDQvVlhqOThwM0cyV1ZGVzU1Qm5iQzZRS3QwVlZfZ01DMTVueWo1bU4zN0pxNVczcWd5VFc3WTgtUFQ2bFoza3pXNGZGWktGNHhDOG1GVzRmRjJoYzd5cUZSN1c4SmN0YkQxeDFzUjdXOWRWUm1SNnBkLTBITjNUX0JYUHBnYk5EVzgzUUxfYjFSY1Y5Z1c0cmJXeXA4bjZkNVNXMnRYLVhQMnlXdjIyVzRsZ1J4MjFManBWY1cxbkY4R0MzRkdMMVNXN2RtLVJzNkpuSkRKVzJmRjJxcTd0Z2ZUSFcxQjJLdng2VkdCR05XM3JHaGswN3NfWXJ6VzQ5WlFiSjd5eW5iOFZyckhGVDdRWU43UFc2TThfcXY0SEtaTTFOM0xkTXpER2R2Y3RXOWJRRllwMjM5eXlyVzNiM2xUdDYtanZuOVcyc04wU1c3ZENYcVlXMWpZSEI1NEJULUdkVzZLOHhwbjkyR3Izalc2RHFGRHgzMVgxX0xWNzVfRHM2ZzV2akpXNEZReGJiNFF2TGZQZjhzUTN0NjA0&i=NTM5NWQ3OTQwOTJlYzRkNzZhMDAwZjky&t=Z2szZllFWjBKNWNxK3FQV2FxUmJGYklZQ2JwcmNtWUlPRE04Sk5PZ1hjdz0=&h=0b081a54329140fdac31512f843a64ea&s=AVNPUEhUT0NFTkNSWVBUSVbbzLkvu5FxDsJfY_hHWY7dJxGJwIo2EIuIzZkYa_fGUR5YWbZxB4uoK1jRGGCAK9jjH_aWzLe9KUyibkMcWTbodHeEJcpnyyLwMTockgnjoYOKBjEX5mEy8cs6s0gEHRk

Analysis

max time kernel
59s
max time network
67s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19/11/2024, 13:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://eu-west-1.protection.sophos.com/?d=d3security.com&u=aHR0cHM6Ly9pbmZvLmQzc2VjdXJpdHkuY29tL2UzdC9DdGMvTFIrMTEzL2MxUHZaMDQvVlhqOThwM0cyV1ZGVzU1Qm5iQzZRS3QwVlZfZ01DMTVueWo1bU4zN0pxNVczcWd5VFc3WTgtUFQ2bFoza3pXNGZGWktGNHhDOG1GVzRmRjJoYzd5cUZSN1c4SmN0YkQxeDFzUjdXOWRWUm1SNnBkLTBITjNUX0JYUHBnYk5EVzgzUUxfYjFSY1Y5Z1c0cmJXeXA4bjZkNVNXMnRYLVhQMnlXdjIyVzRsZ1J4MjFManBWY1cxbkY4R0MzRkdMMVNXN2RtLVJzNkpuSkRKVzJmRjJxcTd0Z2ZUSFcxQjJLdng2VkdCR05XM3JHaGswN3NfWXJ6VzQ5WlFiSjd5eW5iOFZyckhGVDdRWU43UFc2TThfcXY0SEtaTTFOM0xkTXpER2R2Y3RXOWJRRllwMjM5eXlyVzNiM2xUdDYtanZuOVcyc04wU1c3ZENYcVlXMWpZSEI1NEJULUdkVzZLOHhwbjkyR3Izalc2RHFGRHgzMVgxX0xWNzVfRHM2ZzV2akpXNEZReGJiNFF2TGZQZjhzUTN0NjA0&i=NTM5NWQ3OTQwOTJlYzRkNzZhMDAwZjky&t=Z2szZllFWjBKNWNxK3FQV2FxUmJGYklZQ2JwcmNtWUlPRE04Sk5PZ1hjdz0=&h=0b081a54329140fdac31512f843a64ea&s=AVNPUEhUT0NFTkNSWVBUSVbbzLkvu5FxDsJfY_hHWY7dJxGJwIo2EIuIzZkYa_fGUR5YWbZxB4uoK1jRGGCAK9jjH_aWzLe9KUyibkMcWTbodHeEJcpnyyLwMTockgnjoYOKBjEX5mEy8cs6s0gEHRk

Score

7^/10

discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: alpinejs@3
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: mustache@4
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133764956467267405"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1416	chrome.exe
1416	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1416	chrome.exe
Token: SeCreatePagefilePrivilege	1416	chrome.exe
Token: SeShutdownPrivilege	1416	chrome.exe
Token: SeCreatePagefilePrivilege	1416	chrome.exe
Token: SeShutdownPrivilege	1416	chrome.exe
Token: SeCreatePagefilePrivilege	1416	chrome.exe
Token: SeShutdownPrivilege	1416	chrome.exe
Token: SeCreatePagefilePrivilege	1416	chrome.exe
Token: SeShutdownPrivilege	1416	chrome.exe
Token: SeCreatePagefilePrivilege	1416	chrome.exe
Token: SeShutdownPrivilege	1416	chrome.exe
Token: SeCreatePagefilePrivilege	1416	chrome.exe
Token: SeShutdownPrivilege	1416	chrome.exe
Token: SeCreatePagefilePrivilege	1416	chrome.exe
Token: SeShutdownPrivilege	1416	chrome.exe
Token: SeCreatePagefilePrivilege	1416	chrome.exe
Token: SeShutdownPrivilege	1416	chrome.exe
Token: SeCreatePagefilePrivilege	1416	chrome.exe
Token: SeShutdownPrivilege	1416	chrome.exe
Token: SeCreatePagefilePrivilege	1416	chrome.exe
Token: SeShutdownPrivilege	1416	chrome.exe
Token: SeCreatePagefilePrivilege	1416	chrome.exe
Token: SeShutdownPrivilege	1416	chrome.exe
Token: SeCreatePagefilePrivilege	1416	chrome.exe
Token: SeShutdownPrivilege	1416	chrome.exe
Token: SeCreatePagefilePrivilege	1416	chrome.exe
Token: SeShutdownPrivilege	1416	chrome.exe
Token: SeCreatePagefilePrivilege	1416	chrome.exe
Token: SeShutdownPrivilege	1416	chrome.exe
Token: SeCreatePagefilePrivilege	1416	chrome.exe
Token: SeShutdownPrivilege	1416	chrome.exe
Token: SeCreatePagefilePrivilege	1416	chrome.exe
Token: SeShutdownPrivilege	1416	chrome.exe
Token: SeCreatePagefilePrivilege	1416	chrome.exe
Token: SeShutdownPrivilege	1416	chrome.exe
Token: SeCreatePagefilePrivilege	1416	chrome.exe
Token: SeShutdownPrivilege	1416	chrome.exe
Token: SeCreatePagefilePrivilege	1416	chrome.exe
Token: SeShutdownPrivilege	1416	chrome.exe
Token: SeCreatePagefilePrivilege	1416	chrome.exe
Token: SeShutdownPrivilege	1416	chrome.exe
Token: SeCreatePagefilePrivilege	1416	chrome.exe
Token: SeShutdownPrivilege	1416	chrome.exe
Token: SeCreatePagefilePrivilege	1416	chrome.exe
Token: SeShutdownPrivilege	1416	chrome.exe
Token: SeCreatePagefilePrivilege	1416	chrome.exe
Token: SeShutdownPrivilege	1416	chrome.exe
Token: SeCreatePagefilePrivilege	1416	chrome.exe
Token: SeShutdownPrivilege	1416	chrome.exe
Token: SeCreatePagefilePrivilege	1416	chrome.exe
Token: SeShutdownPrivilege	1416	chrome.exe
Token: SeCreatePagefilePrivilege	1416	chrome.exe
Token: SeShutdownPrivilege	1416	chrome.exe
Token: SeCreatePagefilePrivilege	1416	chrome.exe
Token: SeShutdownPrivilege	1416	chrome.exe
Token: SeCreatePagefilePrivilege	1416	chrome.exe
Token: SeShutdownPrivilege	1416	chrome.exe
Token: SeCreatePagefilePrivilege	1416	chrome.exe
Token: SeShutdownPrivilege	1416	chrome.exe
Token: SeCreatePagefilePrivilege	1416	chrome.exe
Token: SeShutdownPrivilege	1416	chrome.exe
Token: SeCreatePagefilePrivilege	1416	chrome.exe
Token: SeShutdownPrivilege	1416	chrome.exe
Token: SeCreatePagefilePrivilege	1416	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe
1416	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1416 wrote to memory of 3688	1416	chrome.exe	83
PID 1416 wrote to memory of 3688	1416	chrome.exe	83
PID 1416 wrote to memory of 5068	1416	chrome.exe	84
PID 1416 wrote to memory of 5068	1416	chrome.exe	84
PID 1416 wrote to memory of 5068	1416	chrome.exe	84
PID 1416 wrote to memory of 5068	1416	chrome.exe	84
PID 1416 wrote to memory of 5068	1416	chrome.exe	84
PID 1416 wrote to memory of 5068	1416	chrome.exe	84
PID 1416 wrote to memory of 5068	1416	chrome.exe	84
PID 1416 wrote to memory of 5068	1416	chrome.exe	84
PID 1416 wrote to memory of 5068	1416	chrome.exe	84
PID 1416 wrote to memory of 5068	1416	chrome.exe	84
PID 1416 wrote to memory of 5068	1416	chrome.exe	84
PID 1416 wrote to memory of 5068	1416	chrome.exe	84
PID 1416 wrote to memory of 5068	1416	chrome.exe	84
PID 1416 wrote to memory of 5068	1416	chrome.exe	84
PID 1416 wrote to memory of 5068	1416	chrome.exe	84
PID 1416 wrote to memory of 5068	1416	chrome.exe	84
PID 1416 wrote to memory of 5068	1416	chrome.exe	84
PID 1416 wrote to memory of 5068	1416	chrome.exe	84
PID 1416 wrote to memory of 5068	1416	chrome.exe	84
PID 1416 wrote to memory of 5068	1416	chrome.exe	84
PID 1416 wrote to memory of 5068	1416	chrome.exe	84
PID 1416 wrote to memory of 5068	1416	chrome.exe	84
PID 1416 wrote to memory of 5068	1416	chrome.exe	84
PID 1416 wrote to memory of 5068	1416	chrome.exe	84
PID 1416 wrote to memory of 5068	1416	chrome.exe	84
PID 1416 wrote to memory of 5068	1416	chrome.exe	84
PID 1416 wrote to memory of 5068	1416	chrome.exe	84
PID 1416 wrote to memory of 5068	1416	chrome.exe	84
PID 1416 wrote to memory of 5068	1416	chrome.exe	84
PID 1416 wrote to memory of 5068	1416	chrome.exe	84
PID 1416 wrote to memory of 3496	1416	chrome.exe	85
PID 1416 wrote to memory of 3496	1416	chrome.exe	85
PID 1416 wrote to memory of 2876	1416	chrome.exe	86
PID 1416 wrote to memory of 2876	1416	chrome.exe	86
PID 1416 wrote to memory of 2876	1416	chrome.exe	86
PID 1416 wrote to memory of 2876	1416	chrome.exe	86
PID 1416 wrote to memory of 2876	1416	chrome.exe	86
PID 1416 wrote to memory of 2876	1416	chrome.exe	86
PID 1416 wrote to memory of 2876	1416	chrome.exe	86
PID 1416 wrote to memory of 2876	1416	chrome.exe	86
PID 1416 wrote to memory of 2876	1416	chrome.exe	86
PID 1416 wrote to memory of 2876	1416	chrome.exe	86
PID 1416 wrote to memory of 2876	1416	chrome.exe	86
PID 1416 wrote to memory of 2876	1416	chrome.exe	86
PID 1416 wrote to memory of 2876	1416	chrome.exe	86
PID 1416 wrote to memory of 2876	1416	chrome.exe	86
PID 1416 wrote to memory of 2876	1416	chrome.exe	86
PID 1416 wrote to memory of 2876	1416	chrome.exe	86
PID 1416 wrote to memory of 2876	1416	chrome.exe	86
PID 1416 wrote to memory of 2876	1416	chrome.exe	86
PID 1416 wrote to memory of 2876	1416	chrome.exe	86
PID 1416 wrote to memory of 2876	1416	chrome.exe	86
PID 1416 wrote to memory of 2876	1416	chrome.exe	86
PID 1416 wrote to memory of 2876	1416	chrome.exe	86
PID 1416 wrote to memory of 2876	1416	chrome.exe	86
PID 1416 wrote to memory of 2876	1416	chrome.exe	86
PID 1416 wrote to memory of 2876	1416	chrome.exe	86
PID 1416 wrote to memory of 2876	1416	chrome.exe	86
PID 1416 wrote to memory of 2876	1416	chrome.exe	86
PID 1416 wrote to memory of 2876	1416	chrome.exe	86
PID 1416 wrote to memory of 2876	1416	chrome.exe	86
PID 1416 wrote to memory of 2876	1416	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://eu-west-1.protection.sophos.com/?d=d3security.com&u=aHR0cHM6Ly9pbmZvLmQzc2VjdXJpdHkuY29tL2UzdC9DdGMvTFIrMTEzL2MxUHZaMDQvVlhqOThwM0cyV1ZGVzU1Qm5iQzZRS3QwVlZfZ01DMTVueWo1bU4zN0pxNVczcWd5VFc3WTgtUFQ2bFoza3pXNGZGWktGNHhDOG1GVzRmRjJoYzd5cUZSN1c4SmN0YkQxeDFzUjdXOWRWUm1SNnBkLTBITjNUX0JYUHBnYk5EVzgzUUxfYjFSY1Y5Z1c0cmJXeXA4bjZkNVNXMnRYLVhQMnlXdjIyVzRsZ1J4MjFManBWY1cxbkY4R0MzRkdMMVNXN2RtLVJzNkpuSkRKVzJmRjJxcTd0Z2ZUSFcxQjJLdng2VkdCR05XM3JHaGswN3NfWXJ6VzQ5WlFiSjd5eW5iOFZyckhGVDdRWU43UFc2TThfcXY0SEtaTTFOM0xkTXpER2R2Y3RXOWJRRllwMjM5eXlyVzNiM2xUdDYtanZuOVcyc04wU1c3ZENYcVlXMWpZSEI1NEJULUdkVzZLOHhwbjkyR3Izalc2RHFGRHgzMVgxX0xWNzVfRHM2ZzV2akpXNEZReGJiNFF2TGZQZjhzUTN0NjA0&i=NTM5NWQ3OTQwOTJlYzRkNzZhMDAwZjky&t=Z2szZllFWjBKNWNxK3FQV2FxUmJGYklZQ2JwcmNtWUlPRE04Sk5PZ1hjdz0=&h=0b081a54329140fdac31512f843a64ea&s=AVNPUEhUT0NFTkNSWVBUSVbbzLkvu5FxDsJfY_hHWY7dJxGJwIo2EIuIzZkYa_fGUR5YWbZxB4uoK1jRGGCAK9jjH_aWzLe9KUyibkMcWTbodHeEJcpnyyLwMTockgnjoYOKBjEX5mEy8cs6s0gEHRk
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff92641cc40,0x7ff92641cc4c,0x7ff92641cc58
  2⤵
  PID:3688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1908,i,7251740692987103977,5048865820830032260,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1892 /prefetch:2
  2⤵
  PID:5068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2128,i,7251740692987103977,5048865820830032260,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2148 /prefetch:3
  2⤵
  PID:3496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2244,i,7251740692987103977,5048865820830032260,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2340 /prefetch:8
  2⤵
  PID:2876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,7251740692987103977,5048865820830032260,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:4180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,7251740692987103977,5048865820830032260,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:2728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3640,i,7251740692987103977,5048865820830032260,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4468 /prefetch:1
  2⤵
  PID:552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4652,i,7251740692987103977,5048865820830032260,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4344 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4856,i,7251740692987103977,5048865820830032260,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4868 /prefetch:8
  2⤵
  PID:3476

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2632

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\3b7ef074-ae81-40c6-9290-11018ccb3468.tmp

Filesize
116KB

MD5
1b5da7aaa46bd48d4be9369f126274c6

SHA1
1bf297d16fb3b30248e246dc204cf31f98336b85

SHA256
933bb70da0ec154939dbc38ea1a030876026cc12e0b0e23fd8e066e4b32c3c53

SHA512
b534e33b9a2b101c4c8c3f70e5aae6965ea2eafe867fd7bb1bc1ac5c5ae63d77e0fe48cb83fa9e810e51da336ff84b1f031e57362fb11b60e7168a0739873a20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
526c861d0112ecbc9ba133869dcfedfb

SHA1
8f927cc3d644d6262660d8c9d47c72f0c10a2772

SHA256
505eca83af7494f89945ef099feb48c69b0f829ea701f96a2a25117c49f3ddb5

SHA512
fef4e82bbfb1aa0853567e7c761e008cb8bf7f81270b57311b368cbd90213fcb33e3b72c895ea6ac3304023f43eaf58daf43ec904a0f3d380bd2c49c6e17aabb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
768B

MD5
03b071126e4b707db1e6e1e4dc44b375

SHA1
8eab24603e0d7d641647d35190afe45f24d5d2ab

SHA256
2d33d26927b14c744f8bfb2b4f99399c2233142484dc97476e749ed55de482ab

SHA512
e7b594b6d419c3ed2c3e2b4d1f63f65ff9628cb08ac1f2579acad791fc7fa2ab2ed7940be478647fccae6c4eafc8b7bac65ea8ca20111eafdb2292e55e214c83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
873bd81bee01efaecbc28d355ea03922

SHA1
f44049a4b445185081bea516e254d81b68ccf496

SHA256
a72e8ac1bcf0726bb439a74221e4ab14de59b483be059860a8c60a31784b19aa

SHA512
2567fa6f395c647318c093ba022e8d8724b9372b20bf9683f869320d2cc7e259addefd35a30914c94d1fb4f26eba7a278191dac78d22dd1d5c4cb27127df2a08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
eab3d7e381b72504cb3b8af0436395b5

SHA1
74813b368d37fc9aa1e4d7140f6e8dea9014db8f

SHA256
eb74f8d71867709fa714f84a0e7d91e8967ed3148fa53040af37607870bd9160

SHA512
044f109a0cf6109f53d047491e8724e26dcb1bf3326c33359edc243c354a3f9a92db77e05919b10ae25833edd45e9d9a6855b49f06a70954da083095596f01c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8cc6293a7c9494ce6f142654c9372efb

SHA1
6cc18d0253dcc6227bd3d58f6bc2fafa8adbd748

SHA256
7e8b0a469a2e28ba30f25b32e54371dca293cad1e86426a9450a71e70954d8e0

SHA512
b8d1f4ef1ff7bb177ea7bc8a924ed2f5ac7414dcb95a03f95674a9314550f1ea3b600e155b974985fb261ad4ece9aa4ef2f95322f1a4518f5337c8f6b2cfd16c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f3961b231833c7e99802a3e56b4a56db

SHA1
d30f311c08d5b2c99d68f060ffc76e6a7f454bbe

SHA256
4b4600b966bafef3cf42d8b6ce61ed4440f3ddf30e737f25ff39bf1f0e7f7d34

SHA512
22d174a09efe20b6c97c9ff42b466c1b9b89e675bb6b76911afa703cedfe149b4a77ec0227681de173b62c50ad26bfc24b3eeec84276781a6295ddeed5f532ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
64e5d8d0bd1a23809c98f931b37d20f1

SHA1
f1aae9397470652fba6b010f53691296f94a038c

SHA256
c09e83b76e93ef5a4c0284ace02379e080131903aa6403c61fb4714ba61203d2

SHA512
aeaed8adcbb92ced9cdad2a42139682ee29ccb0cbf613a073c75a592d70c46a12f622a106900cfbd880c6c4711db91faa31089454188fedcb39d437f4eccf0af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\efbcaf88-9b94-4205-b0c6-b4b38b389e20.tmp

Filesize
9KB

MD5
0f8b567212612599524a5d816ef42c44

SHA1
b93f3c394d9ac493cb10001c8ed4d0217fe25394

SHA256
9113b704c726c57ce2bc12a3ccfd1ce75ea024fd7828f5569e734a02ac6d4001

SHA512
4bb9cabd5e6e9ba1abea9c79fed46dd3e550cfd4df0fc3645709bb1da69c7dc5ffb8d98c6bcf2d7b7ea0f836e46f89a093dbea030029e3cc1ccead6384a0045c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
578bbd08635d0c559c37851534c5bfed

SHA1
9058126371594085ecb2200d579815962bc97a60

SHA256
86b918c9cfff2817dcf6b6d91563f3446798cfefdadff256e9ad19a47d6cb5fb

SHA512
8c8705ac00234a81b23165df294d8b049997272c59e796192564de28483fadc92433739c0bd6a4842cb4ceff10ef4a57ca0d80f505f78567effaa6e2af167bfc

Download Submit