060789b50b045afbfe999263a8b29143552663cd28499890e45d260ff4b5207c

Analysis

max time kernel
102s
max time network
102s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
02/01/2025, 15:49

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ab6761610000e5eb4d26b2de239ec5c293ad1abc.jpg
Size

49KB
MD5

177b73e82ad55ece7605be53c03249f3
SHA1

7154b0cfad7f38932179f182655ea14127888c81
SHA256

060789b50b045afbfe999263a8b29143552663cd28499890e45d260ff4b5207c
SHA512

7e5cf52d704216b48e5569476b262aa5d71c6baea062adaba5eee0732c638dcd5ca79139955b2c6b08d883cfc935672c8b377a866b2455a0e9fb9e4f9f9321f3
SSDEEP

1536:W0vsnWt762J3mNfMBhj9TF5jWq7ex+pXVs47dlKx:VvsWb0f09R5j57ex+VV/7mx

Score

7^/10

steam discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
Detected potential entity reuse from brand STEAM.
phishing steam

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133803066182151666"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
5216	chrome.exe
5216	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5216	chrome.exe
Token: SeCreatePagefilePrivilege	5216	chrome.exe
Token: SeShutdownPrivilege	5216	chrome.exe
Token: SeCreatePagefilePrivilege	5216	chrome.exe
Token: SeShutdownPrivilege	5216	chrome.exe
Token: SeCreatePagefilePrivilege	5216	chrome.exe
Token: SeShutdownPrivilege	5216	chrome.exe
Token: SeCreatePagefilePrivilege	5216	chrome.exe
Token: SeShutdownPrivilege	5216	chrome.exe
Token: SeCreatePagefilePrivilege	5216	chrome.exe
Token: SeShutdownPrivilege	5216	chrome.exe
Token: SeCreatePagefilePrivilege	5216	chrome.exe
Token: SeShutdownPrivilege	5216	chrome.exe
Token: SeCreatePagefilePrivilege	5216	chrome.exe
Token: SeShutdownPrivilege	5216	chrome.exe
Token: SeCreatePagefilePrivilege	5216	chrome.exe
Token: SeShutdownPrivilege	5216	chrome.exe
Token: SeCreatePagefilePrivilege	5216	chrome.exe
Token: SeShutdownPrivilege	5216	chrome.exe
Token: SeCreatePagefilePrivilege	5216	chrome.exe
Token: SeShutdownPrivilege	5216	chrome.exe
Token: SeCreatePagefilePrivilege	5216	chrome.exe
Token: SeShutdownPrivilege	5216	chrome.exe
Token: SeCreatePagefilePrivilege	5216	chrome.exe
Token: SeShutdownPrivilege	5216	chrome.exe
Token: SeCreatePagefilePrivilege	5216	chrome.exe
Token: SeShutdownPrivilege	5216	chrome.exe
Token: SeCreatePagefilePrivilege	5216	chrome.exe
Token: SeShutdownPrivilege	5216	chrome.exe
Token: SeCreatePagefilePrivilege	5216	chrome.exe
Token: SeShutdownPrivilege	5216	chrome.exe
Token: SeCreatePagefilePrivilege	5216	chrome.exe
Token: SeShutdownPrivilege	5216	chrome.exe
Token: SeCreatePagefilePrivilege	5216	chrome.exe
Token: SeShutdownPrivilege	5216	chrome.exe
Token: SeCreatePagefilePrivilege	5216	chrome.exe
Token: SeShutdownPrivilege	5216	chrome.exe
Token: SeCreatePagefilePrivilege	5216	chrome.exe
Token: SeShutdownPrivilege	5216	chrome.exe
Token: SeCreatePagefilePrivilege	5216	chrome.exe
Token: SeShutdownPrivilege	5216	chrome.exe
Token: SeCreatePagefilePrivilege	5216	chrome.exe
Token: SeShutdownPrivilege	5216	chrome.exe
Token: SeCreatePagefilePrivilege	5216	chrome.exe
Token: SeShutdownPrivilege	5216	chrome.exe
Token: SeCreatePagefilePrivilege	5216	chrome.exe
Token: SeShutdownPrivilege	5216	chrome.exe
Token: SeCreatePagefilePrivilege	5216	chrome.exe
Token: SeShutdownPrivilege	5216	chrome.exe
Token: SeCreatePagefilePrivilege	5216	chrome.exe
Token: SeShutdownPrivilege	5216	chrome.exe
Token: SeCreatePagefilePrivilege	5216	chrome.exe
Token: SeShutdownPrivilege	5216	chrome.exe
Token: SeCreatePagefilePrivilege	5216	chrome.exe
Token: SeShutdownPrivilege	5216	chrome.exe
Token: SeCreatePagefilePrivilege	5216	chrome.exe
Token: SeShutdownPrivilege	5216	chrome.exe
Token: SeCreatePagefilePrivilege	5216	chrome.exe
Token: SeShutdownPrivilege	5216	chrome.exe
Token: SeCreatePagefilePrivilege	5216	chrome.exe
Token: SeShutdownPrivilege	5216	chrome.exe
Token: SeCreatePagefilePrivilege	5216	chrome.exe
Token: SeShutdownPrivilege	5216	chrome.exe
Token: SeCreatePagefilePrivilege	5216	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5216 wrote to memory of 6024	5216	chrome.exe	82
PID 5216 wrote to memory of 6024	5216	chrome.exe	82
PID 5216 wrote to memory of 3896	5216	chrome.exe	83
PID 5216 wrote to memory of 3896	5216	chrome.exe	83
PID 5216 wrote to memory of 3896	5216	chrome.exe	83
PID 5216 wrote to memory of 3896	5216	chrome.exe	83
PID 5216 wrote to memory of 3896	5216	chrome.exe	83
PID 5216 wrote to memory of 3896	5216	chrome.exe	83
PID 5216 wrote to memory of 3896	5216	chrome.exe	83
PID 5216 wrote to memory of 3896	5216	chrome.exe	83
PID 5216 wrote to memory of 3896	5216	chrome.exe	83
PID 5216 wrote to memory of 3896	5216	chrome.exe	83
PID 5216 wrote to memory of 3896	5216	chrome.exe	83
PID 5216 wrote to memory of 3896	5216	chrome.exe	83
PID 5216 wrote to memory of 3896	5216	chrome.exe	83
PID 5216 wrote to memory of 3896	5216	chrome.exe	83
PID 5216 wrote to memory of 3896	5216	chrome.exe	83
PID 5216 wrote to memory of 3896	5216	chrome.exe	83
PID 5216 wrote to memory of 3896	5216	chrome.exe	83
PID 5216 wrote to memory of 3896	5216	chrome.exe	83
PID 5216 wrote to memory of 3896	5216	chrome.exe	83
PID 5216 wrote to memory of 3896	5216	chrome.exe	83
PID 5216 wrote to memory of 3896	5216	chrome.exe	83
PID 5216 wrote to memory of 3896	5216	chrome.exe	83
PID 5216 wrote to memory of 3896	5216	chrome.exe	83
PID 5216 wrote to memory of 3896	5216	chrome.exe	83
PID 5216 wrote to memory of 3896	5216	chrome.exe	83
PID 5216 wrote to memory of 3896	5216	chrome.exe	83
PID 5216 wrote to memory of 3896	5216	chrome.exe	83
PID 5216 wrote to memory of 3896	5216	chrome.exe	83
PID 5216 wrote to memory of 3896	5216	chrome.exe	83
PID 5216 wrote to memory of 3896	5216	chrome.exe	83
PID 5216 wrote to memory of 1972	5216	chrome.exe	84
PID 5216 wrote to memory of 1972	5216	chrome.exe	84
PID 5216 wrote to memory of 1864	5216	chrome.exe	85
PID 5216 wrote to memory of 1864	5216	chrome.exe	85
PID 5216 wrote to memory of 1864	5216	chrome.exe	85
PID 5216 wrote to memory of 1864	5216	chrome.exe	85
PID 5216 wrote to memory of 1864	5216	chrome.exe	85
PID 5216 wrote to memory of 1864	5216	chrome.exe	85
PID 5216 wrote to memory of 1864	5216	chrome.exe	85
PID 5216 wrote to memory of 1864	5216	chrome.exe	85
PID 5216 wrote to memory of 1864	5216	chrome.exe	85
PID 5216 wrote to memory of 1864	5216	chrome.exe	85
PID 5216 wrote to memory of 1864	5216	chrome.exe	85
PID 5216 wrote to memory of 1864	5216	chrome.exe	85
PID 5216 wrote to memory of 1864	5216	chrome.exe	85
PID 5216 wrote to memory of 1864	5216	chrome.exe	85
PID 5216 wrote to memory of 1864	5216	chrome.exe	85
PID 5216 wrote to memory of 1864	5216	chrome.exe	85
PID 5216 wrote to memory of 1864	5216	chrome.exe	85
PID 5216 wrote to memory of 1864	5216	chrome.exe	85
PID 5216 wrote to memory of 1864	5216	chrome.exe	85
PID 5216 wrote to memory of 1864	5216	chrome.exe	85
PID 5216 wrote to memory of 1864	5216	chrome.exe	85
PID 5216 wrote to memory of 1864	5216	chrome.exe	85
PID 5216 wrote to memory of 1864	5216	chrome.exe	85
PID 5216 wrote to memory of 1864	5216	chrome.exe	85
PID 5216 wrote to memory of 1864	5216	chrome.exe	85
PID 5216 wrote to memory of 1864	5216	chrome.exe	85
PID 5216 wrote to memory of 1864	5216	chrome.exe	85
PID 5216 wrote to memory of 1864	5216	chrome.exe	85
PID 5216 wrote to memory of 1864	5216	chrome.exe	85
PID 5216 wrote to memory of 1864	5216	chrome.exe	85

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\ab6761610000e5eb4d26b2de239ec5c293ad1abc.jpg
1⤵
PID:5628

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffc601cc40,0x7fffc601cc4c,0x7fffc601cc58
  2⤵
  PID:6024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1788,i,5217488685500386757,6524101284474503491,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1784 /prefetch:2
  2⤵
  PID:3896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2092,i,5217488685500386757,6524101284474503491,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2112 /prefetch:3
  2⤵
  PID:1972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2192,i,5217488685500386757,6524101284474503491,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2208 /prefetch:8
  2⤵
  PID:1864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3060,i,5217488685500386757,6524101284474503491,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3068,i,5217488685500386757,6524101284474503491,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:2288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4408,i,5217488685500386757,6524101284474503491,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4416 /prefetch:1
  2⤵
  PID:3388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4720,i,5217488685500386757,6524101284474503491,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4712 /prefetch:8
  2⤵
  PID:2440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4756,i,5217488685500386757,6524101284474503491,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4712 /prefetch:8
  2⤵
  PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4968,i,5217488685500386757,6524101284474503491,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4308 /prefetch:8
  2⤵
  PID:3468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4980,i,5217488685500386757,6524101284474503491,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5044 /prefetch:8
  2⤵
  PID:5636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4680,i,5217488685500386757,6524101284474503491,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4804 /prefetch:8
  2⤵
  PID:3984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4676,i,5217488685500386757,6524101284474503491,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5124 /prefetch:8
  2⤵
  PID:1196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5216,i,5217488685500386757,6524101284474503491,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5284 /prefetch:2
  2⤵
  PID:5808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5108,i,5217488685500386757,6524101284474503491,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4940 /prefetch:1
  2⤵
  PID:5468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4572,i,5217488685500386757,6524101284474503491,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4988 /prefetch:1
  2⤵
  PID:2548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3748,i,5217488685500386757,6524101284474503491,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4360 /prefetch:1
  2⤵
  PID:4760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=3236,i,5217488685500386757,6524101284474503491,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:1764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=1188,i,5217488685500386757,6524101284474503491,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4412 /prefetch:1
  2⤵
  PID:4908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5028,i,5217488685500386757,6524101284474503491,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4328 /prefetch:1
  2⤵
  PID:3160

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1360

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4536

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
1bcf586eb8eaddb4546d0f25604144cd

SHA1
7caad94ef6d835bb02040ab1b6e159b88dec032a

SHA256
ba9092bbe58e59fac65a07f2fd6d2406762e9d7ce1fe37bee1fd1d1eb0d95957

SHA512
65ca5094502b2e0d015a02c87e6546b52d07973979a4a7796d01e67c08e68669a59c49b63d49019b85640e187ae723761fc167223fb2e7e005d4a996c78baeea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002c

Filesize
121KB

MD5
2d64caa5ecbf5e42cbb766ca4d85e90e

SHA1
147420abceb4a7fd7e486dddcfe68cda7ebb3a18

SHA256
045b433f94502cfa873a39e72d616c73ec1b4c567b7ee0f847f442651683791f

SHA512
c96556ec57dac504919e806c7df536c4f86892b8525739289b2f2dbbf475de883a4824069dbdd4bb1770dd484f321563a00892e6c79d48818a4b95406bf1af96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002e

Filesize
119KB

MD5
57613e143ff3dae10f282e84a066de28

SHA1
88756cc8c6db645b5f20aa17b14feefb4411c25f

SHA256
19b8db163bcc51732457efa40911b4a422f297ff3cd566467d87eab93cef0c14

SHA512
94f045e71b9276944609ca69fc4b8704e4447f9b0fc2b80789cc012235895c50ef9ecb781a3ed901a0c989bed26caa37d4d4a9baffcce2cb19606dbb16a17176

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000037

Filesize
120KB

MD5
6168553bef8c73ba623d6fe16b25e3e9

SHA1
4a31273b6f37f1f39b855edd0b764ec1b7b051e0

SHA256
d5692b785e18340807d75f1a969595bc8b1c408fb6fd63947775705e6d6baa66

SHA512
0246cee85a88068ca348694d38e63d46c753b03afadf8be76eca18d21e3de77b495215ed2384d62658a391104f9e00df8605edb77339366df332c75691928efb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003b

Filesize
119KB

MD5
d45f521dba72b19a4096691a165b1990

SHA1
2a08728fbb9229acccbf907efdf4091f9b9a232f

SHA256
6b7a3177485c193a2e80be6269b6b12880e695a8b4349f49fccf87f9205badcc

SHA512
9262847972a50f0cf8fc4225c6e9a72dbf2c55ccbcc2a098b7f1a5bd9ea87502f3c495a0431373a3c20961439d2dae4af1b1da5b9fade670d7fcaed486831d8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003c

Filesize
115KB

MD5
ce6bda6643b662a41b9fb570bdf72f83

SHA1
87bcf1d2820b476aaeaea91dc7f6dbedd73c1cb8

SHA256
0adf4d5edbc82d28879fdfaaf7274ba05162ff8cbbda816d69ed52f1dae547f6

SHA512
8023da9f9619d34d4e5f7c819a96356485f73fddcb8adb452f3ceefa8c969c16ca78a8c8d02d8e7a213eb9c5bbe5c50745ba7602e0ee2fe36d2742fb3e979c86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
a42d2b6b9160541abe3e0e4e85a43635

SHA1
a39d13492e305928d510bbde7db3fdd34d75bb92

SHA256
ec1d0519584e581fcb4617525e73140c4dbdb6c56aa33363759b6372d123fe97

SHA512
75b9306e7829eb9451f3d9c676860d5947c1553f202dad49847bea33f8eee9bf614c9f9f813c2ac3cd307e5e277ae6988508a1c733d4e93787ddef360ff0db2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a127013599f93d1fdb8186a82fa64945

SHA1
e85325bbd029c954f5d94ab240798bb86f95f8c0

SHA256
7d73925bda2e866ba777536c26021d413897749f705d044d5805804098c7b2fe

SHA512
eb821c37fed06ef39a2cc4ef4728841e08bbaa88b8ff65b9bd82ab34f2fdf36be1cc770b7abbf5f51d258c655f19006c33e1d2d436f9315375ea154d9a4d933e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
44b0e2924fbe5280a069956e293868b1

SHA1
c35e2fd79b1bdce9769397b3a13386cae3c25874

SHA256
ca1d499736ef6e04c855a1676b76eb685da787aba0397d8d0715ee82d2b93657

SHA512
3d57791f1ab6c7532ccffea98a8a2dee3640c9df32ae73be16e3bbeec4dfbdfaf5e1dd9ea6b238b26b1f1523c417621ff252af70497868f46cea9eb0b85186e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
27b737d47ca0a6ed3df6180ac6710f5c

SHA1
3e32a807383fb0d09b5425b2f42fed5e66d84ed3

SHA256
fbf8bbbd9c989b6134ac06b518183a4c0c64f4e58c8ac5a2a24bd144d1e1ef5c

SHA512
15e2f232271c7912af6793e8c78f590508841610f670a5a5e75c0b70543bcfdb5c3ff6211176bc2376cba95e39a2c6ae730052d0e50af9ce6a890be53ccaf0ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
7924f1ac84dbdbb96d987daa302e2555

SHA1
b65fae95862ab7f6dde1cac0597b195e43701fce

SHA256
42cb226b8373afe8b247051da51c1e44a38a8e2efbb986da96bb921abb8a229f

SHA512
f268db8dd63d4250165db0e72a3606f1cfc4ea2e7375395546b9847d86a656ba29e86016b37226c0cfb4e33e0f277a91689d39120cc4e3fe744cc6dc68cf1bcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2437fe8e26ba4d0f945d16d0a0478883

SHA1
9303e7deaedc6c879083db18a32a2a21f432f356

SHA256
837ca656b2a5a7411bae61f87748d87578b3c6f6cb447522d0fa95895f2bf85f

SHA512
082b3e66545d5695accfd3175c4345ae9b28aea06056b3cfa091eee24a521785a1a11b4fb844c18442b084903abe6cab1186f9a747444a21ded0d9a5a22f12b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
fc9b9bddd94b5c6ebf50a9f38529883d

SHA1
9675bf07fa902427f68dad23263dc19fabad226f

SHA256
7f790092eb827ccf3e343debe1780adb219c531a9408b80af9c39aa3a300e52a

SHA512
9dbd49fea437d5c23076e4ca7d31d9922aed307798a3464d3f33c27c6e369c7d19f9483ca72e746edd364d73ee2d2f2118ad675e00a21b7030b2bd3a719654d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0e7798bfe97e7155ff3498eacf1360c1

SHA1
7ac978c6c110eb093a1891bb5d2eb3e615b8f6ce

SHA256
de2c8b7e7d7984beee71bea1d677b622a41f98860d147ff6880ff0ef952e075d

SHA512
d0835ff5921afb4530af64925bec6beb73c3be953723c39f36a7cb575b1f3406792ea197d837db7bafe72a43181049027bca51b211e521825e923883a6fcc583

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c2f010df96a356e29a80b96371798d7a

SHA1
812d7436d58e3567b6ad1420535bdd8da24da4e8

SHA256
57ebfba55ba8de979c5483ea04e844e7686e20ca0587356974a068563cce5cb2

SHA512
bfd8029064202ebc66ef3541a853dfc00e2576082907ecb2da8127af29df2bfce13ea9302b552835c0cccdd25acbd95c0282e408e14a7f3922981d57b292cd0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d0b0099c3b594fcea42a8b2fbf9c43f0

SHA1
ba2437e518c0070069425e5a4a7006c2d945d1e3

SHA256
5423d5085687c5e32bab952d776552d4a7f50c866a2ed03983c1d54702f313a8

SHA512
730d03c5eff30e96bde4072481206c6c66149b5ef9e266db75209ead18b28df02b07262adb19d840607b35bed17b01ad42ef31e21d3a9e0ab04bf2c7ff5e4c94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e142b4340c6de41d0e5d13d0c19b7ef0

SHA1
3b50040f37299ab21fb772a32216aaaccf217917

SHA256
8f5b70ff250d107d3fe0cc0a4146e8870a5dc669d3d7bd7d447582c2adeeaa7e

SHA512
2b3a8118b7218b5ee6d12b86658a329fbf36b43d0ee7d813bd69c4bd30f1592041a1ffc20eb1fa149d62234e8a20c9e8ca0415bfc869c5912dec62bca1516aea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9f0fb206b196e516a153813d4a1a387b

SHA1
280bb7f7bc156377ed1e8185dcbfb98452b1886e

SHA256
ee8c3245e5b43514c3ce6a1ad61025ea1fa4df986b1706f1fa01e15201ba3068

SHA512
02763bf7c3c3c93ea5c6eaa5d182ce48ded5738cffb7f6917c28e4e1172b124b4b503492bf45d4f300bbc11575ca30e89ccdb9d33539df44cae9653ed8d4bfdf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
afcfcc9e9b3457c18de53bada23d5434

SHA1
8070fcd125e115a9050e6e6c1eebdf1e4b51d9ff

SHA256
54f03be377007600ed56ee88e6fa465b73de07091809b11214f77d17fe2128fb

SHA512
ada8f892c9bbd3f50d6db608a41b9fbfbc79ab1f2455050a129867c5c6fef1e04b5864c733781be51aadda58a2ad25dc1c30947c962ed2e3f4a1090ec5732054

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
dbd3fec08bc464d9505c96ab7148ad52

SHA1
f872c273f3bf03268f424a9ebc34bb569524ed53

SHA256
33863ed02eb250cae6b104bc9a128f16562d5d4b684c52d248469cc57fc0c6ac

SHA512
76ceace99fb1d51ef8d8227dda02e95891b66e84fcc8ecddeac234294f78f4c433362e18bf2050c40c9ef49ffb0dab96b84525e5e4937b19cceaec5b31dcc111

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
ff89c65611dbed54f2ea1c30c03bb8a1

SHA1
80740fea63b5d294aa78fffcbd8bf5534f869113

SHA256
9b9004cb46757615f2e6cf81f34c36dfa5a00f7815055b364744b924ba0d0331

SHA512
7e14d84ee13bb4f9bdc3cba40e0599d938a610e03668b4e03dcc5f8964016899f65e3d859c309b05435e21b912966a1d291280a99fe9e97d78e0d389a5ed33e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
0c0a88c3c4296a248617c13213801e56

SHA1
9c333f12e6ac1f4fcc5c61ec9d4a1d352a6177aa

SHA256
554027b028d4b69050029ca3faae1e514bf5b416b3279dcd9064840de7a3448b

SHA512
8bf15b34bb286cd014161e9d03ecda78fac459a149587f1fb4910b722106479dde2bfdd195fff7609eca816f9e909dd3fb6a82c2752950d38ef7b44c3f1210e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
e938d7af79aef1325e26a9f0d3e2284e

SHA1
fdeb983742902a40db9534f6dabe2d14b5ae9e07

SHA256
8871125c12237e4c466207b81645371b553cce31d133493a0f77518b5760b951

SHA512
bc5be18516f506172c2728ca14394cd72d46c8d4e9f9160e1a4f62f96dddb4a606eec6a5feef293ca7def990dc8a50707c15ae14c6a7b41f1d165d33f5ff9840

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
1c1cac16f6222006d7cf6e19c8cf5884

SHA1
61db844b2b804741f75f1a190947ef82faf0e93f

SHA256
3aea405d79211d063b27681689c7665c63abbb3fd7132767f46cb042833ad98c

SHA512
5d1a74d54b561e8dc72145f670639769a135c7b86f89eae637a485aa71f6edea2ac797438eb9e55f10af668f3eff4c52c590453116e0742ff2c9730b9bba9c04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
3c407c3f7f829f0ef180b19bd6a810d0

SHA1
386b0843db4b157f2f920ae5b9436d3b571f0b11

SHA256
67c3a492a5a1d5bc966dd1c53ecba60104bffa3229a154d696c7a5b54c371da3

SHA512
ce4f2d09460120c6b3c11a3f5776c44c18e35d140cdf6aaee1f38510d0c583c9a962318ea2dae82e55d80416e2635644c45b71556f4988f7cf14689c9134beec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
edbe429df45f3b133e71d49552955444

SHA1
aace7e441bcc7e4eb22e4d7776067ecc82c854af

SHA256
174d4234e31bc2527ab791564f2ccdfbdd7377551eed48276e517d9d1b4e00f8

SHA512
4472ae4c1c90e6d76df02a5d17932e411e3fe48984c0391a8652f8770b4373a22bd053fa4e72c053b26b71b5a7491734794a8240a6110a01446dca2f3f5f6c9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5216_1280558484\40a6ad5e-bc7f-42b2-85ac-f551cee37743.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5216_1280558484\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
11KB

MD5
07e6d6a62243864612a54397afda9fc3

SHA1
6b433c97f5c6645962bf6ce66077bceb9457fbda

SHA256
59a7a09043473df227534b520f29871ac30cfd1c6b857ede1dd1c974b933a5e6

SHA512
38fe377d565660930cdbb73df3b5184737850c31b8df35c3d18f5b96b9104bf85e127c7190d84fe25be390004f508010264660300df6adeb0c05644c350b049a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
9KB

MD5
25c5e4ef82cfffea54414be57ee6d885

SHA1
b092fc0f6e4e0bea7e50e770f07fda1b846d1b33

SHA256
3c4316567bd5de737c61d97a18628715698187a1d552e11844d3c977677313cf

SHA512
1bfe04ebd35e95c17e574d3982d8314b7ef09404fa9cb103be0687115079522adfac8d1cd87d4cc84e94edac329c662852be82e2819b0f6a57f2663d0d89d518

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
13KB

MD5
49c61894abf68dae9e4984790006c380

SHA1
9411dc00e7e20120cbab591e850784f107a3b115

SHA256
5c1fa78ca09feb87c9c7eaaaa75193ac7e07b3594554829703c7b124c5348d8d

SHA512
37837601f67dca1ab4ecd1563af508af118f50fdf91f6398db612bbe496a1babe15d0ac315df2c48a36a2dcddd9adfc7cb659f6e6a3a114cdda39d08bf65f009

Download Submit