hxxp://sysnoniemen[.]net

Analysis

max time kernel
299s
max time network
290s
platform
windows10-2004_x64
resource
win10v2004-20250410-en
resource tags

arch:x64arch:x86image:win10v2004-20250410-enlocale:en-usos:windows10-2004-x64system
submitted
12/04/2025, 23:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://sysnoniemen.net

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133889757056748508"	chrome.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\DisplayName = "Chrome Sandbox"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Moniker = "cr.sb.odm3E4D1A088C1F6D498C84F3C86DE73CE49F82A104"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2645532622-3298555945-705856666-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Children	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
4552	chrome.exe
4552	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeCreatePagefilePrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeCreatePagefilePrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeCreatePagefilePrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeCreatePagefilePrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeCreatePagefilePrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeCreatePagefilePrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeCreatePagefilePrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeCreatePagefilePrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeCreatePagefilePrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeCreatePagefilePrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeCreatePagefilePrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeCreatePagefilePrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeCreatePagefilePrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeCreatePagefilePrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeCreatePagefilePrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeCreatePagefilePrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeCreatePagefilePrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeCreatePagefilePrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeCreatePagefilePrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeCreatePagefilePrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeCreatePagefilePrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeCreatePagefilePrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeCreatePagefilePrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeCreatePagefilePrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeCreatePagefilePrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeCreatePagefilePrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeCreatePagefilePrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeCreatePagefilePrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeCreatePagefilePrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeCreatePagefilePrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeCreatePagefilePrivilege	2228	chrome.exe
Token: SeShutdownPrivilege	2228	chrome.exe
Token: SeCreatePagefilePrivilege	2228	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe
2228	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2228 wrote to memory of 1452	2228	chrome.exe	86
PID 2228 wrote to memory of 1452	2228	chrome.exe	86
PID 2228 wrote to memory of 2436	2228	chrome.exe	87
PID 2228 wrote to memory of 2436	2228	chrome.exe	87
PID 2228 wrote to memory of 1964	2228	chrome.exe	88
PID 2228 wrote to memory of 1964	2228	chrome.exe	88
PID 2228 wrote to memory of 1964	2228	chrome.exe	88
PID 2228 wrote to memory of 1964	2228	chrome.exe	88
PID 2228 wrote to memory of 1964	2228	chrome.exe	88
PID 2228 wrote to memory of 1964	2228	chrome.exe	88
PID 2228 wrote to memory of 1964	2228	chrome.exe	88
PID 2228 wrote to memory of 1964	2228	chrome.exe	88
PID 2228 wrote to memory of 1964	2228	chrome.exe	88
PID 2228 wrote to memory of 1964	2228	chrome.exe	88
PID 2228 wrote to memory of 1964	2228	chrome.exe	88
PID 2228 wrote to memory of 1964	2228	chrome.exe	88
PID 2228 wrote to memory of 1964	2228	chrome.exe	88
PID 2228 wrote to memory of 1964	2228	chrome.exe	88
PID 2228 wrote to memory of 1964	2228	chrome.exe	88
PID 2228 wrote to memory of 1964	2228	chrome.exe	88
PID 2228 wrote to memory of 1964	2228	chrome.exe	88
PID 2228 wrote to memory of 1964	2228	chrome.exe	88
PID 2228 wrote to memory of 1964	2228	chrome.exe	88
PID 2228 wrote to memory of 1964	2228	chrome.exe	88
PID 2228 wrote to memory of 1964	2228	chrome.exe	88
PID 2228 wrote to memory of 1964	2228	chrome.exe	88
PID 2228 wrote to memory of 1964	2228	chrome.exe	88
PID 2228 wrote to memory of 1964	2228	chrome.exe	88
PID 2228 wrote to memory of 1964	2228	chrome.exe	88
PID 2228 wrote to memory of 1964	2228	chrome.exe	88
PID 2228 wrote to memory of 1964	2228	chrome.exe	88
PID 2228 wrote to memory of 1964	2228	chrome.exe	88
PID 2228 wrote to memory of 1964	2228	chrome.exe	88
PID 2228 wrote to memory of 1964	2228	chrome.exe	88
PID 2228 wrote to memory of 4236	2228	chrome.exe	89
PID 2228 wrote to memory of 4236	2228	chrome.exe	89
PID 2228 wrote to memory of 4236	2228	chrome.exe	89
PID 2228 wrote to memory of 4236	2228	chrome.exe	89
PID 2228 wrote to memory of 4236	2228	chrome.exe	89
PID 2228 wrote to memory of 4236	2228	chrome.exe	89
PID 2228 wrote to memory of 4236	2228	chrome.exe	89
PID 2228 wrote to memory of 4236	2228	chrome.exe	89
PID 2228 wrote to memory of 4236	2228	chrome.exe	89
PID 2228 wrote to memory of 4236	2228	chrome.exe	89
PID 2228 wrote to memory of 4236	2228	chrome.exe	89
PID 2228 wrote to memory of 4236	2228	chrome.exe	89
PID 2228 wrote to memory of 4236	2228	chrome.exe	89
PID 2228 wrote to memory of 4236	2228	chrome.exe	89
PID 2228 wrote to memory of 4236	2228	chrome.exe	89
PID 2228 wrote to memory of 4236	2228	chrome.exe	89
PID 2228 wrote to memory of 4236	2228	chrome.exe	89
PID 2228 wrote to memory of 4236	2228	chrome.exe	89
PID 2228 wrote to memory of 4236	2228	chrome.exe	89
PID 2228 wrote to memory of 4236	2228	chrome.exe	89
PID 2228 wrote to memory of 4236	2228	chrome.exe	89
PID 2228 wrote to memory of 4236	2228	chrome.exe	89
PID 2228 wrote to memory of 4236	2228	chrome.exe	89
PID 2228 wrote to memory of 4236	2228	chrome.exe	89
PID 2228 wrote to memory of 4236	2228	chrome.exe	89
PID 2228 wrote to memory of 4236	2228	chrome.exe	89
PID 2228 wrote to memory of 4236	2228	chrome.exe	89
PID 2228 wrote to memory of 4236	2228	chrome.exe	89
PID 2228 wrote to memory of 4236	2228	chrome.exe	89
PID 2228 wrote to memory of 4236	2228	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://sysnoniemen.net
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffff94fdcf8,0x7ffff94fdd04,0x7ffff94fdd10
  2⤵
  PID:1452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1536,i,8946537676671829989,16044082842798320596,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=2076 /prefetch:3
  2⤵
  PID:2436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2028,i,8946537676671829989,16044082842798320596,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=2020 /prefetch:2
  2⤵
  PID:1964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2364,i,8946537676671829989,16044082842798320596,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=2376 /prefetch:8
  2⤵
  PID:4236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3036,i,8946537676671829989,16044082842798320596,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3052 /prefetch:1
  2⤵
  PID:2460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3024,i,8946537676671829989,16044082842798320596,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3032 /prefetch:1
  2⤵
  PID:2464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4232,i,8946537676671829989,16044082842798320596,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4244 /prefetch:2
  2⤵
  PID:4592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4212,i,8946537676671829989,16044082842798320596,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4704 /prefetch:1
  2⤵
  PID:5288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3208,i,8946537676671829989,16044082842798320596,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4876 /prefetch:1
  2⤵
  PID:2136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3288,i,8946537676671829989,16044082842798320596,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:4136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5396,i,8946537676671829989,16044082842798320596,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5292 /prefetch:8
  2⤵
  PID:3412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5600,i,8946537676671829989,16044082842798320596,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5692 /prefetch:8
  2⤵
  PID:3928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5556,i,8946537676671829989,16044082842798320596,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5544 /prefetch:8
  2⤵
  PID:5312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5292,i,8946537676671829989,16044082842798320596,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5564 /prefetch:8
  2⤵
  PID:428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=5324,i,8946537676671829989,16044082842798320596,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5584 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3884,i,8946537676671829989,16044082842798320596,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4276 /prefetch:8
  2⤵
  PID:5988

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:2380

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5712

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
414B

MD5
53112a74d88e4e144a010f2c50160a92

SHA1
9d76b4551f6b8af819b9b9818c8f5bf3b199e2a1

SHA256
906dcafbef3c5960dd1f7ca700d7d9ba167923622d6e7aa4961d86d8eb93ea18

SHA512
22031e17b97127ffe5301336459115b799c5afe9c0600bab3b1a0d546a317dd0d3a36432641353198e9bf1a45c7dad5bc23fd934245e19f9493dbf6c666af5e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

Filesize
216KB

MD5
50a7159ff34dea151d624f07e6cb1664

SHA1
e13fe30db96dcee328efda5cc78757b6e5b9339c

SHA256
e990d9d31c4c7d57dd4795e43baea05501fb6ea8b7760f89001be660425dd01b

SHA512
a7768dd7e315b07754a305080e0fc023765e5a224b2c3824e8e10f29286df63bbdefef379e069941fd8cd9c7c3befce976779ae2efdfb6e7da697b09d7f07250

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
216B

MD5
f5b632970f6e9f090b80be5a7ac366ef

SHA1
154ee84d8b0bec4814b86e23a300df26492d6331

SHA256
8a53d2b434026045768c50808dcb02c1bef597028a5d5343040f5a5e365ce1bc

SHA512
5a80d787f2ccc276ed3d990b2c4cb4d0b09a47773cf1010a9702a93a2cd6db5b693d53d0d270a22e28620c1a7546e3023a56c56184f2070e897f180cab0c8757

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
552e5771a1a5b6f0750860089be3c3ba

SHA1
f37c508e8afa62786af628b716063cae7c7a563c

SHA256
c0c2ba372a0aaaa1a443253d7eeda5495166a5047ab9be5da8dcf62cf9a05210

SHA512
efe2d529ddaddc40eb05f795d552e56e6e6a9a1478f71c75f73adb627e723de6026c03399b69976ec595de2f245af95dae978c461ce5332249ad98fc932d2c1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
05596865021bfd60822d5ece26c17d94

SHA1
61b51af21286248591c37548d6ee7283863c1594

SHA256
ac9e7789efc740fd24f8770e7e70d911d8803c826be559805a2966dce7a29140

SHA512
e88fa57d8f9e140c038615dd24cb6a063541b93bde74b005e52b8d0e4aa2ad8212a8b9bbd58a6f68cffddd0a51be46cf71ef5d6768ef3af40698a2a0c8a04610

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ddd4e28bc77d997550b419269a003d54

SHA1
d1c65795c15af4878db2ffa5addb3a308ed192b2

SHA256
9cfb8bc6fc06a9fa523b2d0939261bb12d73ac2149fd0bfeb425f1aed58e68cf

SHA512
3d32a2e4b12ece8b4c312c016909bbc759472293f51fdb497dcde4bcfdaba380f748141f910d0a87789dee95448f469b11e05aa06c69e3d7fd58e12174d219e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0004e733230a2d1f47d06bf5f5c92bad

SHA1
dfb845584eb0289ea6ee3edb9942094fa5e60a2b

SHA256
442a3a83b99c355aa91e3e58f812ae5c3f63e511c446b1b043f5ef70a4a59c04

SHA512
8182bd46e690609304c772b18007c74f6312641af7ce27bbd8c4e9f3c1822faed39e9e03066f58023deb772d61a57fd861f84958ab49f3a72d9e7dcfaf980026

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
bf419416e81eb9d2821638a7cf4f8e43

SHA1
0b5b736a9bb3f1bc291c797ccef65056f27da326

SHA256
ded5df298b14b5fc8f8aff78fc2f9caaad0802125124f5701cfe83fca868e18e

SHA512
79c496678336bbb39ed4e68d947c9e663dc2338b7c51becf363136581f848eae6d03b16db0e3394e18b64d2c277ef80e66993e14a555cb123e515b82aa81fe46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
9d896816377a160a5021e1fed6c33427

SHA1
162ccb308f46a7d5d414d7a2fa65652e153c093c

SHA256
bfde9a27737575fde685022fa9c1ec568a1406a4685bad9130f2c299aef9d333

SHA512
93f58fd43466fa8db802fd13769efeffb5b20d92ccb398f7d5abb5e6325739c6ec2b6ab1619d0a4ec5bab6e3f3d4761dae462c702809b9e7cfe3c7197103f0d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57be7d.TMP

Filesize
48B

MD5
0761a780e6fa4ee31ade8a230cdfdb4d

SHA1
9c139b507b44a2fea12cc72ae5d9dd342b40c812

SHA256
075fdbc44bd5f6f33a899f40fb49e229fe8cf8f6b244abf60e6b61246743d179

SHA512
5aa4fbbe724b81d5206edfeea806ffc79b30eb2ee43e0dbaf348b1f59351ea4be88f741628c926fde3950ebefc4376f59530b54c2cb923b6f89dfc73e6ff363b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
79KB

MD5
4c670673272088541c6da1efa0524a38

SHA1
f91fce87ba4a0a30c4bc57ed70bcb9aa657239b4

SHA256
98e91d1692677c3419c6109addc4bdf8d21409ba195bb70b68e5e723af063471

SHA512
06f33154c2d7f55c7e30824e20134e664b5d06b34f5fda71d61027a908b01f9adb539db96fd2988a7786cd33d05048ca92994ef5159f389b03e9fd3627c026d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
78KB

MD5
fb4a5e116678d587a6868de95bd49f54

SHA1
212c524cd5a7ed9a5dbbc4d50bc584ec9ed424cf

SHA256
3effe2b08cf19f89b5b11ec2b2aa6886ab61034158b7cfa6040cd95085a37720

SHA512
375b859c652ba427b4880d2db178764f1dbb77eccef28497cd782502b3ae884042ec037248fe3664d9afa665a54c178327677b552d4fd5f16593770e2816677b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
79KB

MD5
d694b4066005d99d2124285844658052

SHA1
6fc5bad8611cbff2cdfb1f9104856ef0125229c6

SHA256
d067420376d08f02b73223a02de94435c43689d7e1c838260d1a835df938ea3d

SHA512
2eaedbafd658ed3c1ac93455293c7c3cd62f161b06472f6378ae5f10190ddc7340c69fba446f5da2afda83eb6962aa2e1f7b91b4c476edefc506bb914adf9028

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
79KB

MD5
a726b732996e8f5bc1c1fc1b6e1181af

SHA1
c3e7123228704a66a3e1e4e4bf93a616352d878e

SHA256
dd38584a0e01e60d50efdaeb897f75459125c87f71c7633cc0a6ec47de8b358c

SHA512
fef5f42a6c1d3928f90f7929d3601d1ba8d842417a460ca956af0878b85d6e9c41fb22e6b33eb6194935a60a5f7e0ae137e4d612a89c40abd244488608339c37

Download Submit