cryptbot | 627091b5638f8273affbceb55ec75caa3fcf91ea847f855033a2504acd49bcfb

Analysis

max time kernel
696s
max time network
443s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
29/03/2025, 14:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

open-need-this-117.exe
Size

8.4MB
MD5

e8d4eaa75a6f7405af1aae1f7e50fbc5
SHA1

74edeb21eef6d28c762111ac73c97cf26e05cd10
SHA256

627091b5638f8273affbceb55ec75caa3fcf91ea847f855033a2504acd49bcfb
SHA512

dfd8a861fa4205fa8db82a5c3708e147d727824d4a09c7fc9bfedbec0d5b8e9dfd9eae06c7b5bd880275a9c601e68bc4c8342d51f20e9c754ff880c665d98d89
SSDEEP

98304:Js4d3tgTma9NcpMZbPBqCkNh5YxDPMK7yz80Sy:xJeTvgm4ENMsG80Sy

Score

10^/10

cryptbot defense_evasion discovery spyware stealer

Malware Config

Extracted

Family

cryptbot

http://home.onebb1mn.top/guDuUgLBfcehRYlFfBKg174

Signatures

CryptBot
CryptBot is a C++ stealer distributed widely in bundle with other software.
spyware stealer cryptbot
Cryptbot family
cryptbot

Enumerates VirtualBox registry keys 2 TTPs 1 IoCs

defense_evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxSF	open-need-this-117.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	open-need-this-117.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133877339619142460"	chrome.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
312	open-need-this-117.exe
312	open-need-this-117.exe
312	open-need-this-117.exe
312	open-need-this-117.exe
312	open-need-this-117.exe
312	open-need-this-117.exe
312	open-need-this-117.exe
312	open-need-this-117.exe
2408	chrome.exe
2408	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe
Token: SeShutdownPrivilege	2408	chrome.exe
Token: SeCreatePagefilePrivilege	2408	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe
2408	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2408 wrote to memory of 3740	2408	chrome.exe	112
PID 2408 wrote to memory of 3740	2408	chrome.exe	112
PID 2408 wrote to memory of 2976	2408	chrome.exe	113
PID 2408 wrote to memory of 2976	2408	chrome.exe	113
PID 2408 wrote to memory of 2976	2408	chrome.exe	113
PID 2408 wrote to memory of 2976	2408	chrome.exe	113
PID 2408 wrote to memory of 2976	2408	chrome.exe	113
PID 2408 wrote to memory of 2976	2408	chrome.exe	113
PID 2408 wrote to memory of 2976	2408	chrome.exe	113
PID 2408 wrote to memory of 2976	2408	chrome.exe	113
PID 2408 wrote to memory of 2976	2408	chrome.exe	113
PID 2408 wrote to memory of 2976	2408	chrome.exe	113
PID 2408 wrote to memory of 2976	2408	chrome.exe	113
PID 2408 wrote to memory of 2976	2408	chrome.exe	113
PID 2408 wrote to memory of 2976	2408	chrome.exe	113
PID 2408 wrote to memory of 2976	2408	chrome.exe	113
PID 2408 wrote to memory of 2976	2408	chrome.exe	113
PID 2408 wrote to memory of 2976	2408	chrome.exe	113
PID 2408 wrote to memory of 2976	2408	chrome.exe	113
PID 2408 wrote to memory of 2976	2408	chrome.exe	113
PID 2408 wrote to memory of 2976	2408	chrome.exe	113
PID 2408 wrote to memory of 2976	2408	chrome.exe	113
PID 2408 wrote to memory of 2976	2408	chrome.exe	113
PID 2408 wrote to memory of 2976	2408	chrome.exe	113
PID 2408 wrote to memory of 2976	2408	chrome.exe	113
PID 2408 wrote to memory of 2976	2408	chrome.exe	113
PID 2408 wrote to memory of 2976	2408	chrome.exe	113
PID 2408 wrote to memory of 2976	2408	chrome.exe	113
PID 2408 wrote to memory of 2976	2408	chrome.exe	113
PID 2408 wrote to memory of 2976	2408	chrome.exe	113
PID 2408 wrote to memory of 2976	2408	chrome.exe	113
PID 2408 wrote to memory of 2976	2408	chrome.exe	113
PID 2408 wrote to memory of 2916	2408	chrome.exe	114
PID 2408 wrote to memory of 2916	2408	chrome.exe	114
PID 2408 wrote to memory of 4748	2408	chrome.exe	115
PID 2408 wrote to memory of 4748	2408	chrome.exe	115
PID 2408 wrote to memory of 4748	2408	chrome.exe	115
PID 2408 wrote to memory of 4748	2408	chrome.exe	115
PID 2408 wrote to memory of 4748	2408	chrome.exe	115
PID 2408 wrote to memory of 4748	2408	chrome.exe	115
PID 2408 wrote to memory of 4748	2408	chrome.exe	115
PID 2408 wrote to memory of 4748	2408	chrome.exe	115
PID 2408 wrote to memory of 4748	2408	chrome.exe	115
PID 2408 wrote to memory of 4748	2408	chrome.exe	115
PID 2408 wrote to memory of 4748	2408	chrome.exe	115
PID 2408 wrote to memory of 4748	2408	chrome.exe	115
PID 2408 wrote to memory of 4748	2408	chrome.exe	115
PID 2408 wrote to memory of 4748	2408	chrome.exe	115
PID 2408 wrote to memory of 4748	2408	chrome.exe	115
PID 2408 wrote to memory of 4748	2408	chrome.exe	115
PID 2408 wrote to memory of 4748	2408	chrome.exe	115
PID 2408 wrote to memory of 4748	2408	chrome.exe	115
PID 2408 wrote to memory of 4748	2408	chrome.exe	115
PID 2408 wrote to memory of 4748	2408	chrome.exe	115
PID 2408 wrote to memory of 4748	2408	chrome.exe	115
PID 2408 wrote to memory of 4748	2408	chrome.exe	115
PID 2408 wrote to memory of 4748	2408	chrome.exe	115
PID 2408 wrote to memory of 4748	2408	chrome.exe	115
PID 2408 wrote to memory of 4748	2408	chrome.exe	115
PID 2408 wrote to memory of 4748	2408	chrome.exe	115
PID 2408 wrote to memory of 4748	2408	chrome.exe	115
PID 2408 wrote to memory of 4748	2408	chrome.exe	115
PID 2408 wrote to memory of 4748	2408	chrome.exe	115
PID 2408 wrote to memory of 4748	2408	chrome.exe	115

C:\Users\Admin\AppData\Local\Temp\open-need-this-117.exe
"C:\Users\Admin\AppData\Local\Temp\open-need-this-117.exe"
1⤵
- Enumerates VirtualBox registry keys
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:312

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff837f2dcf8,0x7ff837f2dd04,0x7ff837f2dd10
  2⤵
  PID:3740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1868,i,4661120272408088606,15727484377907020821,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=1860 /prefetch:2
  2⤵
  PID:2976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1588,i,4661120272408088606,15727484377907020821,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2272 /prefetch:3
  2⤵
  PID:2916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2352,i,4661120272408088606,15727484377907020821,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2408 /prefetch:8
  2⤵
  PID:4748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3212,i,4661120272408088606,15727484377907020821,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3416,i,4661120272408088606,15727484377907020821,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:3580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4456,i,4661120272408088606,15727484377907020821,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4420 /prefetch:2
  2⤵
  PID:1920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4760,i,4661120272408088606,15727484377907020821,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4792 /prefetch:1
  2⤵
  PID:3848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5408,i,4661120272408088606,15727484377907020821,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5420 /prefetch:8
  2⤵
  PID:1880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5484,i,4661120272408088606,15727484377907020821,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5512 /prefetch:8
  2⤵
  PID:1252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5416,i,4661120272408088606,15727484377907020821,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5500 /prefetch:8
  2⤵
  PID:3448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5396,i,4661120272408088606,15727484377907020821,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5608 /prefetch:8
  2⤵
  PID:1812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5836,i,4661120272408088606,15727484377907020821,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5788 /prefetch:8
  2⤵
  PID:4984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5896,i,4661120272408088606,15727484377907020821,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5908 /prefetch:8
  2⤵
  PID:812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5868,i,4661120272408088606,15727484377907020821,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5860 /prefetch:8
  2⤵
  PID:1180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5444,i,4661120272408088606,15727484377907020821,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5940 /prefetch:8
  2⤵
  PID:4192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5624,i,4661120272408088606,15727484377907020821,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5928 /prefetch:8
  2⤵
  PID:220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5860,i,4661120272408088606,15727484377907020821,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4556 /prefetch:2
  2⤵
  PID:3548

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:3048

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1972

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
19ddeb060547500d0bf2b6f3a26aa6ab

SHA1
eaa02aa24b03342cf270897c6d164694b6a035c6

SHA256
5956c71fef0817562c337aa8de7ea4ab82c01a5ef174612b4d2c35829ad04820

SHA512
a445aad2e2166b9e773c571d6481329b5408930cd9df9bf9bad81ca7e2ff71a1330391cfb40a27d00be0dab30c042533ca6634ad55095e7cc15bad8cd3a46626

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnWebGPUCache\data_1

Filesize
264KB

MD5
2cd2903a84e69b13ab92890c7d78a1b1

SHA1
dc2945950329ad42a3f64dfe58c94483c9516b70

SHA256
f8c337bbcaa9f754916e8ac4048b4c38738360535034018f7936257e74a882f3

SHA512
cd927dfd2f9325d751c95b42cd5a2403bd51d0f51f91483f1b55bdd8c5040a07db62fbbc9bcd53af16b80d011f4ce71a0dd30c49ca21ca03c848932059154566

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.90.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
c351873f180347e3f9b49497249ef546

SHA1
0fe4206b323320ae8711e54b944393a185183c65

SHA256
a39328bb4e3d830ccb7e7026fa653feec2a8b2d08b13927313dceef00498bfad

SHA512
b9755fa33c8f12f4900f4ba3fad9ea8c3ac75e0a30be9dc9a28826e6d727c7fc09357ea997ace1518cd124ef64f0e2c72823c8cd8f19f51855e1d305dc8f1f48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
2375666be5220a9d599f14d6bda4a82e

SHA1
1f75ce8390149d84ca4c04cde99156f84f62a8c3

SHA256
ffc30197ca7882c37b0300f92e3641affc5fe278b05ebc845c78a812d7efed8c

SHA512
aaa9f4d76e4e80670a6d21a3757afee78e421c19e5f36971f9c4beb343060678cab405efbc4fc8ce3c71475edb42ed0d925ef2058ba2f2cb186c0dc23f9ccb97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
12e06bea911e4a9a148a47e619630cb7

SHA1
413171d6f19aac8ee7d518dc2f782bde2592d557

SHA256
957264a3ced69145fbafb9801530ce6fe8c64e9f08b20308d9ec228321322ba7

SHA512
cc1493c24a28599f4f636ed563d47f4ff6a282ce4ffc06947d494b6432394c61aeef6b3e1f4199f4c8c06dadb86a3c13ee4f2f248b7f815d74e00dac511fe516

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
be03a7160ea2b7177a16f61534c2b832

SHA1
fc5f588d7a6f26f74d51348e028ed3642cbe6fe1

SHA256
aa90e26c85d6d46c2e4601e7b6a4144df2c6b92ca712080be55135d234d05858

SHA512
36ffe673ad912f833456827b0ef693f165deac71cb08f64772cf86b8ed122de2291e55f458dbbc0c5a032f736d912429b62a5fe1a578736a0e90a39c18956b71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
df00aa011782ec92d5d68d985b812e12

SHA1
90509c38ffde08446b144c0a27d3fe0fa6754bfa

SHA256
6bfdf510ec34b34f12adffabb4047c91ab63f4992003debd786a5fc260eb70da

SHA512
cbe72a0db62195a4789184b2557c303fa1dc4119abd043db8b16aead9f0a1da542fdf875b58633dcd34b80982ba212f0078cfb1fe0c8aa3ba961f3c587b35839

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
18KB

MD5
f85a89376a600ba417c8da828b0228b0

SHA1
b492076b3f54bd0a5f9fdb9d7d7e9e86e9670210

SHA256
62b96e69aa0f7348567789618493bd4fd7c74b2c909706a1506a2e9049435771

SHA512
435e8b7a68fbb581b8f805deceb7e8c36bc7780fc12b475155ff9a5bf40c5ebc7fde1aaa80dcc75023b9610f21c0ffb372b6d9ffb2e57ba9466cf801f0d1b6fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index

Filesize
72B

MD5
cc82d2d18786ad2b961bb3007d172d39

SHA1
16b2efb2da43a161cb30f802f16415ad317d8102

SHA256
751d9c7b5373423b96cf16e0ca36500d5810f27f9565c417341815e293a06574

SHA512
66b6de0952798ea04c426ff766bed783d3c97500ad997716d82fc512ca3fc45420af01212e6e6b96bdf395fbf4f0c4fdf026e37edd81e7a26146ceb50c7321ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
4441f4aa6b50ed1734ff2792d728a7b5

SHA1
c6337cc09d0c7e8e8b100ce173bc09fb974682d9

SHA256
fc309b1decc6e56bb8c58f127e655fd02c18edbdce08af80f0890c514ce6c090

SHA512
591e17c1bae0c2dc6cea94da5b271d76617077ec077d52c3317c40ac509d501bf61c3045e9bab1477a4dc7196eb8f846fe8a256156a9ea4190aecf606290b95f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58c52f.TMP

Filesize
48B

MD5
4490d206aba65071dd1f8deb5579e905

SHA1
e5238ef8f350397500047b0163e93f3f5d215dd4

SHA256
84f2dbe4df65e66913bcc9bcbc72e830a31af0ab940aafbef83bf1f4ef7bbe89

SHA512
1c11594455bae4b63f088f994e586a3b032e6816c1ceeaf8ed5eefa0750c8f901f30d8663f2f710a6fb2cc0f7560b0389f2c8524dc2ce12eaf35c3d86f90ff27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\e1e2b3ae-552c-4358-8c95-fc025c424e63.tmp

Filesize
15KB

MD5
973597fed09a4b4fa32051345933f109

SHA1
1cca337448ff68f1d0fa79fb341a471519b32b0f

SHA256
0a40c7a91088cadb5bab7ee67f095a3045115e454743faa5f9b60df00645f738

SHA512
19e68eba74f111a626dbab09bae3cb72f0aa6a9318be145b6b87571250de20f4927689ae5db57f6694cfaec4bcfaf88efad74992b3afa40fcf673b1ec5d21776

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
24420bccca0d9ca874efb679be1ec5da

SHA1
7690692220197c1ab6397d4fdca1b7f7dadb092f

SHA256
961dc0b30353f19cea7c4122be3b0b481ebc0160cac79c04fe6910b9ecbe99fb

SHA512
cbcd4dc4ff071860535f5ddbf67efc9f0c4a39b0e92171fe57e1e0bf41f1c0be669e1ed42ebc7d210841057fab3bbb1f68ef5b227b61bf5ce30ac122c2a58f00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
cf5d9e510bb40ffec9ad9f77ef875b99

SHA1
bcf4695c6b3b46fc5300642a8016a1c08c7f8bb1

SHA256
fc80c11c5fa5dcca275d3a47600a4f6ecf26f817ca7f0249a75218c4b39016c3

SHA512
73e34ba2decb8005ece1c263c83000774cdf248c6fd07e725d682adb1b4a98d5aa76212f3f8f5b3ede6331705068f44ae6663151bc4e15a35ae954bae6db75fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
efe0724597156be5e7ac96bb22e61fbb

SHA1
37fddc55250a0d092e51450652f816c6881213c2

SHA256
550588cee2c0f4b026812e8b6098d55d943846e1e57f1d4308c73fa3da618752

SHA512
c164ed591fc26274fd29b6d9d8bf3fb67d917858765bfb8ca75d77113346f678215eda3e587743d8693444f0fa50fb90bcd369a36492f4c1216f7446e4a96f07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\fd2ece40-4d1c-4c60-b488-1a8c3711afe1.tmp

Filesize
80KB

MD5
c5932f0c7af7ae88ea41e7bec2018a0f

SHA1
c402109afbfeca1aee5d3ab2c5cb42847e3a4dd6

SHA256
61c64307f84a476669675937515666cba5b1367f60f060f8d7cb37c524623b27

SHA512
312687d6f96199b3af370d2469a8be551cde5f43fbc8e52370560cbdcf9ae3e109bcf650863f003e1dc32925ab44b8a010f987fd503ae9cb6bc9e24188645472

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2408_1691176928\7db8f3de-050c-4f87-a2bf-2928afdbe20e.tmp

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
memory/312-0-0x00000000007B0000-0x000000000101D000-memory.dmp

Filesize
8.4MB

Download