83a5f942b2a15eab4826ef1709ec6a7f9637a7ec0fce16585776848797307fa4

Analysis

max time kernel
82s
max time network
86s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
09/10/2024, 18:22

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

hvtrs8_-lculcjep (1).exe
Size

32.3MB
MD5

4f02ac057355b5dc73ea28aecd2d56b4
SHA1

32591cb75779a3e308a44e75a76f821e7dee11e0
SHA256

83a5f942b2a15eab4826ef1709ec6a7f9637a7ec0fce16585776848797307fa4
SHA512

9eb08f85559df6af9192bec8904097d4e43a832ba9e9cc1c7be1a366af8d103c3a6db3886f00927ae5eb62055fbc770c7b5a3d2a122a0b460b51136083015368
SSDEEP

393216:nbekuyo9nMK50UGRXLePuq2ZWy/c5zFviMKe2OHmwv9CsTmsueFFza9ye:6Zn/G4Gqk1cWe2iTVCMue3E

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hvtrs8_-lculcjep (1).exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133729717520203416"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4232	chrome.exe
4232	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3824	hvtrs8_-lculcjep (1).exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe
Token: SeCreatePagefilePrivilege	4232	chrome.exe
Token: SeShutdownPrivilege	4232	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe
4232	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4232 wrote to memory of 3184	4232	chrome.exe	84
PID 4232 wrote to memory of 3184	4232	chrome.exe	84
PID 4232 wrote to memory of 1756	4232	chrome.exe	85
PID 4232 wrote to memory of 1756	4232	chrome.exe	85
PID 4232 wrote to memory of 1756	4232	chrome.exe	85
PID 4232 wrote to memory of 1756	4232	chrome.exe	85
PID 4232 wrote to memory of 1756	4232	chrome.exe	85
PID 4232 wrote to memory of 1756	4232	chrome.exe	85
PID 4232 wrote to memory of 1756	4232	chrome.exe	85
PID 4232 wrote to memory of 1756	4232	chrome.exe	85
PID 4232 wrote to memory of 1756	4232	chrome.exe	85
PID 4232 wrote to memory of 1756	4232	chrome.exe	85
PID 4232 wrote to memory of 1756	4232	chrome.exe	85
PID 4232 wrote to memory of 1756	4232	chrome.exe	85
PID 4232 wrote to memory of 1756	4232	chrome.exe	85
PID 4232 wrote to memory of 1756	4232	chrome.exe	85
PID 4232 wrote to memory of 1756	4232	chrome.exe	85
PID 4232 wrote to memory of 1756	4232	chrome.exe	85
PID 4232 wrote to memory of 1756	4232	chrome.exe	85
PID 4232 wrote to memory of 1756	4232	chrome.exe	85
PID 4232 wrote to memory of 1756	4232	chrome.exe	85
PID 4232 wrote to memory of 1756	4232	chrome.exe	85
PID 4232 wrote to memory of 1756	4232	chrome.exe	85
PID 4232 wrote to memory of 1756	4232	chrome.exe	85
PID 4232 wrote to memory of 1756	4232	chrome.exe	85
PID 4232 wrote to memory of 1756	4232	chrome.exe	85
PID 4232 wrote to memory of 1756	4232	chrome.exe	85
PID 4232 wrote to memory of 1756	4232	chrome.exe	85
PID 4232 wrote to memory of 1756	4232	chrome.exe	85
PID 4232 wrote to memory of 1756	4232	chrome.exe	85
PID 4232 wrote to memory of 1756	4232	chrome.exe	85
PID 4232 wrote to memory of 1756	4232	chrome.exe	85
PID 4232 wrote to memory of 3804	4232	chrome.exe	86
PID 4232 wrote to memory of 3804	4232	chrome.exe	86
PID 4232 wrote to memory of 3276	4232	chrome.exe	87
PID 4232 wrote to memory of 3276	4232	chrome.exe	87
PID 4232 wrote to memory of 3276	4232	chrome.exe	87
PID 4232 wrote to memory of 3276	4232	chrome.exe	87
PID 4232 wrote to memory of 3276	4232	chrome.exe	87
PID 4232 wrote to memory of 3276	4232	chrome.exe	87
PID 4232 wrote to memory of 3276	4232	chrome.exe	87
PID 4232 wrote to memory of 3276	4232	chrome.exe	87
PID 4232 wrote to memory of 3276	4232	chrome.exe	87
PID 4232 wrote to memory of 3276	4232	chrome.exe	87
PID 4232 wrote to memory of 3276	4232	chrome.exe	87
PID 4232 wrote to memory of 3276	4232	chrome.exe	87
PID 4232 wrote to memory of 3276	4232	chrome.exe	87
PID 4232 wrote to memory of 3276	4232	chrome.exe	87
PID 4232 wrote to memory of 3276	4232	chrome.exe	87
PID 4232 wrote to memory of 3276	4232	chrome.exe	87
PID 4232 wrote to memory of 3276	4232	chrome.exe	87
PID 4232 wrote to memory of 3276	4232	chrome.exe	87
PID 4232 wrote to memory of 3276	4232	chrome.exe	87
PID 4232 wrote to memory of 3276	4232	chrome.exe	87
PID 4232 wrote to memory of 3276	4232	chrome.exe	87
PID 4232 wrote to memory of 3276	4232	chrome.exe	87
PID 4232 wrote to memory of 3276	4232	chrome.exe	87
PID 4232 wrote to memory of 3276	4232	chrome.exe	87
PID 4232 wrote to memory of 3276	4232	chrome.exe	87
PID 4232 wrote to memory of 3276	4232	chrome.exe	87
PID 4232 wrote to memory of 3276	4232	chrome.exe	87
PID 4232 wrote to memory of 3276	4232	chrome.exe	87
PID 4232 wrote to memory of 3276	4232	chrome.exe	87
PID 4232 wrote to memory of 3276	4232	chrome.exe	87

C:\Users\Admin\AppData\Local\Temp\hvtrs8_-lculcjep (1).exe
"C:\Users\Admin\AppData\Local\Temp\hvtrs8_-lculcjep (1).exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:3824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc751bcc40,0x7ffc751bcc4c,0x7ffc751bcc58
  2⤵
  PID:3184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1736,i,11107239113288942613,981958807248464798,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1732 /prefetch:2
  2⤵
  PID:1756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2108,i,11107239113288942613,981958807248464798,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2112 /prefetch:3
  2⤵
  PID:3804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2168,i,11107239113288942613,981958807248464798,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2204 /prefetch:8
  2⤵
  PID:3276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3088,i,11107239113288942613,981958807248464798,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:3652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3160,i,11107239113288942613,981958807248464798,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:4704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4360,i,11107239113288942613,981958807248464798,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4456 /prefetch:1
  2⤵
  PID:3252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4616,i,11107239113288942613,981958807248464798,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4580 /prefetch:8
  2⤵
  PID:2036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4608,i,11107239113288942613,981958807248464798,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4724 /prefetch:8
  2⤵
  PID:2320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4560,i,11107239113288942613,981958807248464798,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4868 /prefetch:8
  2⤵
  PID:3008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5008,i,11107239113288942613,981958807248464798,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5016 /prefetch:8
  2⤵
  PID:4080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5192,i,11107239113288942613,981958807248464798,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5204 /prefetch:8
  2⤵
  PID:3104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5244,i,11107239113288942613,981958807248464798,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5380 /prefetch:8
  2⤵
  PID:4660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4808,i,11107239113288942613,981958807248464798,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:4412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3152,i,11107239113288942613,981958807248464798,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:2204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3276,i,11107239113288942613,981958807248464798,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4384 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5512,i,11107239113288942613,981958807248464798,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:2756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5540,i,11107239113288942613,981958807248464798,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:3712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5736,i,11107239113288942613,981958807248464798,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:4104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=4432,i,11107239113288942613,981958807248464798,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:1984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5204,i,11107239113288942613,981958807248464798,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5368 /prefetch:1
  2⤵
  PID:3488

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3928

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1800

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\7d6cbaf3-d92c-4877-9041-534e4b0ef199.tmp

Filesize
10KB

MD5
96a31e9757a120e5be9b72c1c4da4c8d

SHA1
0c93a5f59e7a9ed67efc122ec3abbc557c312bc0

SHA256
d520a4a5b55614042146591caec4ed58aef1bd7ef1d8c7dc5bbca15b152303a2

SHA512
daa4ea9173af8f27918563ad86b358cdb6d1f8dea8c867852becb67e8ccfda43067219c0dcc6688c2ebc6585a094202fa6c07dbd65bbb64fdf26581c0c7078d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
193KB

MD5
e0a127e28875f17bc8e3e3a660a301f3

SHA1
569fb95d36f7f6d263315c0206890f86164acaa2

SHA256
31cad708da5b88d62d8d43bbaa0c6d9ee4d7abaa9216e12235a8fc2033a4a325

SHA512
926f4d82294a9c84b445e94f5a8dce642ffb029d39df7b7fcae20d0f277b843e9270be59bbeba133f07db86cd10fddb3e89e3490807d91240108df2cb18ee030

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
69KB

MD5
c5ad473c5d32a779e4ba90620b11daaf

SHA1
5ca4e94ea6246b5e1da932a00ef5545c9fa96164

SHA256
3a4db3140eebc10f42c80512dac56ebc08b3b85a71c796d45ec981c6e6afbdc4

SHA512
23fc3503f0f9e39e2c05d6c01fc1fede7c558689ae239cbacdc6d2800b8ad5c9b0c52b83a50904a11c8f2125beef445a825a64258e1fb634aaaee89d73d57fa7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
32KB

MD5
2c66f12c4d5f582f2e9ece7a8d1a5046

SHA1
b9c70eb040e4fd2795c13bd884f5bda727be5fc3

SHA256
d8b3519b602619e6f250046ffb6d94450c4428df6357137c71b98a9b4b30cb01

SHA512
ef583f9c55ca1381486d28c44cd6cba7b7ebd02b73bc7e40d07e6d6d3359c5c797ff633bd17752ec1cd41a69f54f16328c706a3947a9b07f15aa143648339c6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
36KB

MD5
aff8a3c65833dcdc600ee3bcb445c72d

SHA1
ea1d050f56de00bf7538039bf43da36076557770

SHA256
6996509c77d72194d111058954f42621c919e52c8e242bd63bef10b8b78be20f

SHA512
b2c9ae22617693389eeac6d924c5e12b2b01ff27741101ae4657c4391a57009caf842e94408bf86b7e94eac2f6334bd52d6a178974a6fa0358d24a870d3f286e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
30KB

MD5
a92347c8a389c072c998c9d99a39ec69

SHA1
bb53cef046721012ad03a41b71951a9d41ee1492

SHA256
ef1f74b8c999c1879f5fc69773bd32f32434ebfa2d5a90cb62c1d5293ae38341

SHA512
44572a0fb2d3cbc2bd5624809aad5458897afef77e89c552cc55126d9cc5781a187897571eb80e183b7b4d0ea19ecd3d31052e74923706910c1f1e754e3ec0fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
28KB

MD5
8296c905e187cb63129b740ad11a5c7f

SHA1
65b8e4b63dbc637be7dd5aea781d108e000e5ea2

SHA256
513321313450dfc483be500bd984e5aa61442f0d2bfbee55fb718a9a01c368a5

SHA512
3466d662f63a8f1f02890da0dd4335e670e5cc30f35156cea4bccc06e68a2298b1fdbd023488d365d4e16f46d16d5f9b0b0950e79ce61b458280224b67d2585c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
466KB

MD5
aa852358dc28da1a2b519e20f77a5ec3

SHA1
766f072d6ca824b57985c3513db472f3be59026e

SHA256
ec8dd167fa01bb0b5ed846cdaa11f0c42a07170d26baa0d8bfd8900ee31d4292

SHA512
5d6fc257068304e9921812a5e0d0047c5c9456e4ed8468c645c51b1bf5df57e697bcdbdd3ee0058cb3da644f0d92432886389022d0a43848e8440408f1dd6b57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
43KB

MD5
e8d1edd6d974a7eb131658f5614402fb

SHA1
ea0b4185ac88b366fb2a76f9b7ce21f3191904e6

SHA256
32f7bd5d9072cda77a1c40832a1619fc4df68d99ccbb0a04c67d490e67ae87ff

SHA512
11799ce16d52e7bef424399cda3298c4bcb794f56247fd8cbd0adaf8d839e6be082881a2df6cb3ef223a3d516a7e2853b8b390a9a30edd1c4ed9b0e7f3a6e3ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
112KB

MD5
342fac45a17b69acf739b80bc917e0dc

SHA1
fcd7605d2b18311217de63e74d06204905f54799

SHA256
af4e4e095758cf9fbe89c5655cfdcfa4b420e99cfb7341ee5c1b43bb7116f221

SHA512
d837a11b02d62f5acac9ffd511a88441b8b7045fb2e30863fb5a2c272531483c43efc12e6ec21f613d973b134720f7c121bd3958e3028eb27a03950f27c29b71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
49KB

MD5
ecc416a8e74e91cd37cdfd8c52f51c27

SHA1
5a25416a8b702639d9e68533d4d1ae6ac6e56899

SHA256
9f5fea5d9ba5a9e5ba11547d36bbed60cc2f45e2bf6d4ea8013d2e7aaa2c2783

SHA512
e802357393f1c8a907faa79afce70a66830b0a72e0c8d4d0c4ab69151f7ccc454700dc68bdb8cadeb87add773eca12075cb2c493ff9da882946dc04dce76a00c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\128b0be4cc9239e5_0

Filesize
241B

MD5
60fabd619552c8f40e6a2839a7cc4520

SHA1
1c9b8eecae79f14ba46c10c080b38b2d61d892f1

SHA256
a99f9129a55623de91f9b47b4d2fa1dd748a8edd3f041563f3f5505f91117295

SHA512
a950b3e7aed0f3218e1521143fe70e5cd32ba6f0cbc1b93b1eeca6d8637f233cf856196abe11fe8e2cc914cb7e720dfa005f39af80380d200bc2c53d4d493c86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\270ea8e3d61935f9_0

Filesize
50KB

MD5
5fe254fc5cbcb567f78483ba9a6a868b

SHA1
ad82b756c3679c8eb566a20085730abc78c2cd57

SHA256
23934ff553eea6ea81d24f140fdaa8017ae8029447a03f203a6a400c4aab319c

SHA512
541cb89fecc7c93d65910a2f7bcfd269c2c2920aecf56ef08f52292d73990863e716643c509e566d2a8e67a50fb65d5009413226137e9113d7da3bc5caa88fbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2bf44209fa183285_0

Filesize
27KB

MD5
0e25781572a3047ef84fd121d8245f12

SHA1
c94caa9089d373c8083b7a5725073ade730e7cf7

SHA256
61338e610df5e3210bf5b423cc43504f1f211e29b73fc6b1cdd5f72a79e88156

SHA512
9096987c62136b1bbc1ceb34e28240c3b46da495b6d1e60950f2eefce90a0715ae50e5b633816bc4bb3701193d59e69f4c99051f520f1bbc7623f52da49f87e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3334162a0b82c0d9_0

Filesize
294B

MD5
6b0c84971c196ab5f2088af8b6947d35

SHA1
a711fa80dc29f74f2921aab38620aa9aac2a3a0b

SHA256
0d874bb190d80e24f3d185f624646fafebcea9ee6d5f8cfc5c6d5082d5745ace

SHA512
28eea4ae8944021bb145da6cc2192adfba6a6444805ea2bb95022e3421bdf090f7344ea0607c97423bd4b41d8ca9d12d5f107d78a5c6f5099ffd6601856e2ed2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\41ad31e0b825e537_0

Filesize
280B

MD5
a5decef06ee03ec21a86c3458c11a9ca

SHA1
eac6756e566b3f77d23a395c84fae1d26070d97a

SHA256
69fea4f4141455603113761bcc53c33e513abffa8f4af47c43195b569d0911c1

SHA512
8d4b3ed393d4417c87be55224b7f75c84b5a85c34326644a001a719d9b6316dd52b1c799d2dd94c537e6e06e6ac57cd673b6abe1360a33e360065eaedb4cb1bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4314c09985831994_0

Filesize
15KB

MD5
90156764f5ec1d4504c537a5d7baf28d

SHA1
ed272665e0e7ab1c8a82e16b521b3a47df6d682e

SHA256
e9d20e0c4fb81e5f1490e1b2740ffe70895bc203d41ed9e75681be3f70368547

SHA512
515740294bb70c5c16a83a2c4781f2c2e8655f352ffd1fae073e0d0ee2398e8e71e4025f2fc175d23d59e39304d142ef762a4cb6ad29e177be263918376e5b68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\7267fb32c3a7e620_0

Filesize
414KB

MD5
597e9e46d79cfa511bb0403a82e51940

SHA1
77393307d10edd6d9023a6dc3f1f6823026bec61

SHA256
17f13d9bb3435487c11fe0e68f065347356392a411aea58953c6a4e8ee22ecd9

SHA512
acc08be2ddee8fbddb239ad496fa049123f6a67917accfedd575caaaa41d4bcde6be2310b33cde88297d7318a906be96d6866f678f92f280844ca10807b55b46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\7843f9feddccad8f_0

Filesize
143KB

MD5
7f3cc1ff9dde038f8a8291a5e8ece777

SHA1
6f39575007ac0d8030619e885a2c6ab1a7fcd5ba

SHA256
576d1631c97ad86027700f9884da820c135b41ba54f46abfb2e7433fad48797a

SHA512
295ee6801c13975848b6deac14947aa047b4787f4e2adc31c16abb25cc40340753ee0f6599770695ee5234740fc4696b1c279c8269c73738ca22d473ffc9c8bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\8b54651e6727a2a8_0

Filesize
264B

MD5
7dcb4a14e18b06376f044bd10064669f

SHA1
71dc7b69a26dbebdffc530717ee16c5fb1c3c991

SHA256
8f33ee67134288f5af6801673fa6d6708bbc5a95f9b5d66cd4c7744ba4a4dabf

SHA512
560fc30abafb5a4a6b59d4307639985969812c4d76a11ee3259a2ddbd9ac9a4f23ada4e9ad901e0612a866c3bf44faa8dff773c7d2ebe10f72c8c8bb9d64aba8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\93af6e234ca7d487_0

Filesize
104KB

MD5
3985a4721ecbb150cb84e640b99950e4

SHA1
fa0d58d7c4686f5b0b04c8f5759894c7e80ec904

SHA256
fc52da9a8f17c626a00bcfa7c87b050fa561692cd85c1d8643f312b92f53f65a

SHA512
0d831282b48b15e2c7195e9299040285171304065db27e494f3fbe16ff669d5373b3c1de35a9381d834ba3d7ae5d1df21d77467ea21f4e7b5f3597ce6b6649c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\daf45c19bce76272_0

Filesize
294B

MD5
944eedb5b410fb1b9347e3ba874a6be5

SHA1
10294989c4a1faeaba3265006045072547948980

SHA256
352e6e2b5dc7e2fc468913ccb9403fc79147186ac0fbb1330eca7ca0db50dc5d

SHA512
e78ed050d28ce43c7bcbecab903a94c61bce86f867169fd42abde1c87719f9c0a5ef9ae01599e4ea352426848b6521e637956443bbdf0fd3fcd6be9603fb04e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
0e6519a72e3d2917434f9b41a2fe824e

SHA1
079db4c65a32706ef3bda5e2bb013c9ca5c36084

SHA256
c3478aeae5ed9c87a4cd4c95687382f31d4cb8055b7c9ee42c27c1e79efde424

SHA512
1d72bb66330d4f145d5acbdb18315a5cc3ceaa44614e20162c1e8b3627460ff25a03c6afaf6d19d1344501d814cf04023f41105e567e63d3ae158d1df3d588ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
d4a94c3b63aba127476c4c68185d6045

SHA1
e4c25d5e64a429d48ac94475226c781c7a3ba66b

SHA256
64e5c4a720c77ca079e113a3fa106af7c95f5a260c2fb00f13a45e129c12616d

SHA512
886d3f3330923073ccec0a1cdbfa439d2147cf734ef95cdae46821e54f29d2d8c62e308b7fddfcb91ab45f975d9302cb79edd8978a06321b6993aed9227b7649

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
2c3b989e59204fa31b84a3330a29fec3

SHA1
02f1d0dc3a797982fdd96b1e835ebb8449b79b66

SHA256
9b8c117c13f7727dc9370d683b9b553db877113e4b6100a22eb557bd044cec4c

SHA512
d99c13a11616359ff02b6d5aaff89b25e50e24f5b6fb0fc7d842d7959ca257a6c3147908c03a307b702f75e562304613956b4f6838cd2c1dd87a7a3a59087933

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
ffdadfdeab0f78803e2e6199edaaa2d0

SHA1
fa11f8fd8c15a182afc96cb9e83e0e5227940fb4

SHA256
ef340338190dafb83a621f5f611f5ee228a57d1d04ea5657cb024014c53cbfb8

SHA512
52dbe17f6f9fc3d186af77a5076a6d98dc4b6f2c3ece6d06b0166dc2e70fff6cd1b361a637b1b1320be17116a736a9775f668d02a9bf5169396bb3916d8463d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c54ff3ec36fc9e29c6c265c151081d36

SHA1
a22e1e35a04919073631da6331c1a84c6d2a8295

SHA256
b5ff8d4650969d0149e7940b923f6633bcdf85985c148c75c28f3398d1f8d065

SHA512
0364101ca8acecfe2848facc84f88dc2796fe37dea0aeb401ba58d417f7f4e4473515ebf6d31a3991cc63bd5e012b2707393ad217a93697fcc69ec7b57f8fe03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
603b3f8c0139edebf349d8f707fd6af2

SHA1
7e1c610b5cba06e890afb5a5880f23b777744ade

SHA256
b7ba180addda5e4738ca6df289ba88552b0c26470407505a9b7439d7364d353b

SHA512
260bb1259566dc578bd14411cbc32c7a768c36bb38d584416c508f02b354a77aa6a80277a4c44581a6aacbfad46057a6d677de84c10886768895e5cfc6ade096

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
01849dc9da0689bc4f4b3aec14829119

SHA1
0a2f34106291fe588a8ebde9cd78970aeb9d4256

SHA256
791d2898cbe515ccb7f77822fd8b70bad5f240ba1eeda50af86891bb46eae8bd

SHA512
1a757df274704ccbdb3beb4222c615215c5811420f21ff354267f14f6493ed1aff7da502b7457139c989ebe756fe013e7c91fb57151638debf61647c81780535

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0789df50721aeaf80b7cbf427ee9c4ff

SHA1
eca8f54e0b05725c7d093d0f65a71d8c5f49a579

SHA256
8026608e8535b575c9353103d7c043c3ce202f5b984846cbe780349cf8863869

SHA512
c02b8a52ff4f2edb355d7eaaa260a664caf9c4b333509ee99a92490cedf82390213ff502ebb8fa01d87096e498a9fc1251e79d2a113053022b2fa61de8f32cfb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
db1d9030cefa13ae4b4967c52d1f7c02

SHA1
371680a52f2b405b52667d60db4efc315a77c0cd

SHA256
a6d333c634af8e5d7c1f1b38483767009a015d9b24a8949544da3f812da7e7db

SHA512
485c91a086c7cd0c2c7734cb0fa849fd3412d50ac1c924d3bd25f3da46432f4232ad07d09bc2b0a6d04704ab967654f9cfafbd857933a65271154f22618bb60f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
227KB

MD5
fdc91044ed2466c5441f750f24265cb6

SHA1
0ed646bd00e07bf0b2903cf90b8ba07736b593f9

SHA256
d211df60c448b5541ce44c8f95477c6e844e78788d0f73f0839849322bb58514

SHA512
1fac8fb4b506886264fe670638395609f494f71718c90686621312fb0c497df956931e27ecb7dc984e652d864a2f529f53152a8c875d0a7ff8024458278a830a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
227KB

MD5
821c06c3a0701ec5c16d20495d7921f5

SHA1
14d217921c731ef7723907db09d5e6cfe5ccd40b

SHA256
a20b0cb706092d73ae03daa4696ea6fc6f7d4b58a538106b7d0e352b7fda69c6

SHA512
4a1165cf0b94add0ed9eb4467977bb611148a6113c5d0e4dbfba434cf550d6b90aa9e7377ea686491f73ee55b3b40f95374d13c06e0d2b5c7f85b812483623d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
227KB

MD5
8167f603bb10873a36596228801a3514

SHA1
05c86eef53d5a4bf13816333999670af61eec128

SHA256
a851eea539568c6680f0067c2aad2cc787a3d9397b37c84a451c828cdda534ad

SHA512
a0672a5ee875d930e2cc8c478c9f152bae8ee5a3400be2ddf59c0f77d742e26655e130705498924e3eeccce08a0228004f3c2247a5a9594d1dfd7a1b1c814707

Download Submit
memory/3824-10-0x000000000BD10000-0x000000000BD48000-memory.dmp

Filesize
224KB

Download
memory/3824-54-0x0000000074A0E000-0x0000000074A0F000-memory.dmp

Filesize
4KB

Download
memory/3824-0-0x0000000074A0E000-0x0000000074A0F000-memory.dmp

Filesize
4KB

Download
memory/3824-11-0x0000000008F30000-0x0000000008F3E000-memory.dmp

Filesize
56KB

Download
memory/3824-55-0x0000000074A00000-0x00000000751B1000-memory.dmp

Filesize
7.7MB

Download
memory/3824-9-0x0000000008ED0000-0x0000000008ED8000-memory.dmp

Filesize
32KB

Download
memory/3824-8-0x0000000074A00000-0x00000000751B1000-memory.dmp

Filesize
7.7MB

Download
memory/3824-7-0x0000000074A00000-0x00000000751B1000-memory.dmp

Filesize
7.7MB

Download
memory/3824-5-0x00000000084A0000-0x00000000084A8000-memory.dmp

Filesize
32KB

Download
memory/3824-4-0x0000000074A00000-0x00000000751B1000-memory.dmp

Filesize
7.7MB

Download
memory/3824-2-0x0000000007870000-0x0000000007A32000-memory.dmp

Filesize
1.8MB

Download
memory/3824-1-0x0000000000AB0000-0x0000000002B06000-memory.dmp

Filesize
32.3MB

Download