hxxps://accountsecurity-businssmanager[.]com/

Analysis

max time kernel
78s
max time network
79s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
26/03/2025, 17:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://accountsecurity-businssmanager.com/

Score

6^/10

discovery

Malware Config

Signatures

Password Policy Discovery 1 TTPs
Attempt to access detailed information about the password policy used within an enterprise network.
discovery

Password Policy Discovery
T1201

Probable phishing domain 1 TTPs 1 IoCs

Phishing

T1566

description	flow	ioc	stream
HTTP URL	4	https://accountsecurity-businssmanager.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=92686e875d4ff658	17

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133874844101069677"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe
Token: SeShutdownPrivilege	5104	chrome.exe
Token: SeCreatePagefilePrivilege	5104	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5104 wrote to memory of 5040	5104	chrome.exe	86
PID 5104 wrote to memory of 5040	5104	chrome.exe	86
PID 5104 wrote to memory of 3900	5104	chrome.exe	87
PID 5104 wrote to memory of 3900	5104	chrome.exe	87
PID 5104 wrote to memory of 1192	5104	chrome.exe	88
PID 5104 wrote to memory of 1192	5104	chrome.exe	88
PID 5104 wrote to memory of 1192	5104	chrome.exe	88
PID 5104 wrote to memory of 1192	5104	chrome.exe	88
PID 5104 wrote to memory of 1192	5104	chrome.exe	88
PID 5104 wrote to memory of 1192	5104	chrome.exe	88
PID 5104 wrote to memory of 1192	5104	chrome.exe	88
PID 5104 wrote to memory of 1192	5104	chrome.exe	88
PID 5104 wrote to memory of 1192	5104	chrome.exe	88
PID 5104 wrote to memory of 1192	5104	chrome.exe	88
PID 5104 wrote to memory of 1192	5104	chrome.exe	88
PID 5104 wrote to memory of 1192	5104	chrome.exe	88
PID 5104 wrote to memory of 1192	5104	chrome.exe	88
PID 5104 wrote to memory of 1192	5104	chrome.exe	88
PID 5104 wrote to memory of 1192	5104	chrome.exe	88
PID 5104 wrote to memory of 1192	5104	chrome.exe	88
PID 5104 wrote to memory of 1192	5104	chrome.exe	88
PID 5104 wrote to memory of 1192	5104	chrome.exe	88
PID 5104 wrote to memory of 1192	5104	chrome.exe	88
PID 5104 wrote to memory of 1192	5104	chrome.exe	88
PID 5104 wrote to memory of 1192	5104	chrome.exe	88
PID 5104 wrote to memory of 1192	5104	chrome.exe	88
PID 5104 wrote to memory of 1192	5104	chrome.exe	88
PID 5104 wrote to memory of 1192	5104	chrome.exe	88
PID 5104 wrote to memory of 1192	5104	chrome.exe	88
PID 5104 wrote to memory of 1192	5104	chrome.exe	88
PID 5104 wrote to memory of 1192	5104	chrome.exe	88
PID 5104 wrote to memory of 1192	5104	chrome.exe	88
PID 5104 wrote to memory of 1192	5104	chrome.exe	88
PID 5104 wrote to memory of 1192	5104	chrome.exe	88
PID 5104 wrote to memory of 5416	5104	chrome.exe	90
PID 5104 wrote to memory of 5416	5104	chrome.exe	90
PID 5104 wrote to memory of 5416	5104	chrome.exe	90
PID 5104 wrote to memory of 5416	5104	chrome.exe	90
PID 5104 wrote to memory of 5416	5104	chrome.exe	90
PID 5104 wrote to memory of 5416	5104	chrome.exe	90
PID 5104 wrote to memory of 5416	5104	chrome.exe	90
PID 5104 wrote to memory of 5416	5104	chrome.exe	90
PID 5104 wrote to memory of 5416	5104	chrome.exe	90
PID 5104 wrote to memory of 5416	5104	chrome.exe	90
PID 5104 wrote to memory of 5416	5104	chrome.exe	90
PID 5104 wrote to memory of 5416	5104	chrome.exe	90
PID 5104 wrote to memory of 5416	5104	chrome.exe	90
PID 5104 wrote to memory of 5416	5104	chrome.exe	90
PID 5104 wrote to memory of 5416	5104	chrome.exe	90
PID 5104 wrote to memory of 5416	5104	chrome.exe	90
PID 5104 wrote to memory of 5416	5104	chrome.exe	90
PID 5104 wrote to memory of 5416	5104	chrome.exe	90
PID 5104 wrote to memory of 5416	5104	chrome.exe	90
PID 5104 wrote to memory of 5416	5104	chrome.exe	90
PID 5104 wrote to memory of 5416	5104	chrome.exe	90
PID 5104 wrote to memory of 5416	5104	chrome.exe	90
PID 5104 wrote to memory of 5416	5104	chrome.exe	90
PID 5104 wrote to memory of 5416	5104	chrome.exe	90
PID 5104 wrote to memory of 5416	5104	chrome.exe	90
PID 5104 wrote to memory of 5416	5104	chrome.exe	90
PID 5104 wrote to memory of 5416	5104	chrome.exe	90
PID 5104 wrote to memory of 5416	5104	chrome.exe	90
PID 5104 wrote to memory of 5416	5104	chrome.exe	90
PID 5104 wrote to memory of 5416	5104	chrome.exe	90

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://accountsecurity-businssmanager.com/
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffefd48dcf8,0x7ffefd48dd04,0x7ffefd48dd10
  2⤵
  PID:5040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=2016,i,16706386316675691051,1260154098725557255,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2024 /prefetch:3
  2⤵
  PID:3900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1980,i,16706386316675691051,1260154098725557255,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=1976 /prefetch:2
  2⤵
  PID:1192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2360,i,16706386316675691051,1260154098725557255,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2512 /prefetch:8
  2⤵
  PID:5416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,16706386316675691051,1260154098725557255,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:3724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3120,i,16706386316675691051,1260154098725557255,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4220,i,16706386316675691051,1260154098725557255,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4196 /prefetch:2
  2⤵
  PID:5276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5176,i,16706386316675691051,1260154098725557255,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5192 /prefetch:8
  2⤵
  PID:4672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5428,i,16706386316675691051,1260154098725557255,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3176,i,16706386316675691051,1260154098725557255,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:4232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5232,i,16706386316675691051,1260154098725557255,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:2156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3596,i,16706386316675691051,1260154098725557255,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:1264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=6084,i,16706386316675691051,1260154098725557255,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5920,i,16706386316675691051,1260154098725557255,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6192,i,16706386316675691051,1260154098725557255,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5992 /prefetch:8
  2⤵
  PID:4360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5596,i,16706386316675691051,1260154098725557255,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5644 /prefetch:8
  2⤵
  PID:2320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5592,i,16706386316675691051,1260154098725557255,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3548 /prefetch:8
  2⤵
  PID:5048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=3500,i,16706386316675691051,1260154098725557255,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:3556

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:464

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Phishing

T1566

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Password Policy Discovery

T1201

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
3430e8616750d269bc0590b280edf04d

SHA1
aff43cda2309214f56a1babd177be5d28aa6515c

SHA256
9e28503e69988c201183e0dd3130067d2acb109db8cb23db4fa6e3fccecb1405

SHA512
832a0900fcf915e2bdc0e8aa3092bacc876717b9cbd1e5c3ea60e31a07807ebbd3a7365be652ea4344e10ce0d52b813f275bb739e60500653ec441920deaf4d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
1c5cbba21354fe5d76e10c011322dbb0

SHA1
a5bdd0b3e88aa7a7d1139eebecfb8321ac87858d

SHA256
cbc4fe1e6d5131e6ab301c4261f1ccd509ac2a8fe50fcb2f5f640819c5868642

SHA512
5bbc7eed9f3ad7aa7daa7756c166db6545f97c3bbe516ff0ffea9ae3d55d7b87c8e738764d464962865404a4ef85b2ba33d1f4ab8184889add9fd1b0acabece6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
ea6e8d8daf0255e8f732d8ca10b3228f

SHA1
ddc6ef841c302b553a2daf3c0353a8e32071df73

SHA256
c6a4de65ab731302d82f1af612e85e335f2d6bd39bbc6b2d006ea16f797e89d7

SHA512
900112fffde6b04de1a2fd9dd191532d76129f21e93f1096e720f8d6412f26dc02bff23753dd66bf597494866da00941c43de0f2b46cd307c295656f107f6806

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
3012110648278901db0d51f1331d15a8

SHA1
2101307f8bb8246c47b9bbb9bd621fd9ce18dd25

SHA256
126f137e20c2942a72aee9390d0f85e87b5470a6141ac1c520d10a34a2aa34f9

SHA512
f14952b4e2823cd508c189ff75a0a62aa7d4b75338ea8b33157c012ecfd4ce323c494ecae58bafe34290434f16e6f3dc303d88fb19cd33eebb3c64fdadc5278b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
ceef42c14de770d29efdffd7d34e64d0

SHA1
7765cbc90f347aeff94170bb59e7d35774ce2d4e

SHA256
40ad61c1a5101d788cfcb2548def8c418c30205553d6ba707c4e20fef34c4ce4

SHA512
25da6e4dbe375fbb80669ce2190e62e271d24deeedaa6c29be65d1a8b7fdccd1d2b479f34fbe6931ca2451acc9b0dd758a9f47dc08810c8f00645359171d4d63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
2ca091bb78dc4ad4c53f2d14bc6a2541

SHA1
ad1663b33dfef4babd8886df976c1629c1482e58

SHA256
0edbd32835e656d4569780ef6ef037b1264db4d065e5222e4f6d1796efca583f

SHA512
c3f12500b8db4f595c571698f340f3e1b79dea5072d0da44049859cbcf2727bc5797bd51948731667fcb46d44bc3514d9ff2207c242ade3533a67e1e1a1f652d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
8f56e88e0fc5f0bd4c365a1910d1ea38

SHA1
013d4623acb133b5f08be4c2d6e50658b6eb8bef

SHA256
ce1a5f8ab88dc06fae06c518ee08abed39093d17d6ffd5b3b8f5edb2ef3b18e7

SHA512
92d3270d5d6dbaa897cb6396055884144e69121087db038d36ce9c105a6c87eb429b60dd335590ab71395c077c694034a9d928e57fb56e396465565bd4708599

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
af71daef8082a4eed31c5a136465578a

SHA1
9994e5b7c14c687174be6deeb9cbc6d8e8ff24e7

SHA256
b163e9cc48d1a06aafc6099c2a0d4ee6e4b8bae58f9533e8bc1b39615a01e8ec

SHA512
f30536e25fc68364993348103ea714f7e83b71289d4a430e49bb9518ad3a8f212150e7bc1fea11d9e6cc75d28ffa9a8ef78daf1a04cc765329dcb63acce23386

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57a75c.TMP

Filesize
48B

MD5
03ab6d77e3ed562ba115159b9d387a24

SHA1
e6dec92b086b5dd12fe9c27569ff12b28f3cc57c

SHA256
554df588edc1014cc113f19ac951f74e500b17a0ce71fbc9f96851e72476c8c5

SHA512
e9a7546391cae2611048def1a8ecf97dc9937e4c9658d174f7ab3c0f37ff163dad6ebdb2d647f53a449994a5da64a0d545dfd5d7879ae782b8eb138ef7ff30a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
dbcd7dafe57cad1113d8a70d995f284b

SHA1
f9ac09af0286604c51b545d886205bee7cb98d6a

SHA256
db021fdb4c8f279b4f6a6517369cf47a09a0ec2ad1885571bee1589c1d7fc258

SHA512
f022bade6fb8f19a8fe8629c25afa80cbe2714e5f3326e647cf85bab64f3ae3c4157ac472f4d45c291f3791c4d78a551d753c8f94c1dcbc35007568c5cf19d28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
8dcc9abb41cf05bdef4f0d7257681b58

SHA1
3764af0260eda98f778609c865737dd46738628f

SHA256
478b6db9bcdaacaf38187fe52cd951e35a2c5b531b3a466f20ce9e26a283df98

SHA512
4bbcfee3f39201198d69aca50144e005dc2c1975525a022d8035e44362c67f3ab9ab6769e0a67bae947910e4b0e057170d85c584f38546dbbcf8593e8ea38716

Download Submit