96349b4ca999a16f0e3b2159c41d25685e3dca999322b3a29b25369a24f63ed1

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
30-03-2023 21:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

modest-menu_v0.9.8_(Kiddionsmodmenu.com)_.zip
Size

15.3MB
MD5

af9c9de33a29273cae626d0f17969783
SHA1

dbd02372275e226a5bc98d3f40e59e217caf4a14
SHA256

96349b4ca999a16f0e3b2159c41d25685e3dca999322b3a29b25369a24f63ed1
SHA512

c5853928e27029c653d036e096cc5add55a32fc22d760e35fe20271e36d4e5bce4edc17be41f87b05ccd2de886c1222ed390040e4e767b4a6fc32ea8e1ed275b
SSDEEP

393216:SppNV85+fjQdAYnLHbcnM/tIMZTLmhvnq6LuuRopdp3vVoJocfx:cYkcdAcLHbcnM/t5Wh/6HpdpdoScfx

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133246912049739576"	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1529757233-3489015626-3409890339-1000\{DE1D9EE3-1BC5-4A3E-98EE-C7A15398CE3D}	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

3656 chrome.exe
3656 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

chrome.exe

pid process

3656 chrome.exe
3656 chrome.exe
3656 chrome.exe
3656 chrome.exe
3656 chrome.exe
3656 chrome.exe
3656 chrome.exe
3656 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3656	chrome.exe
Token: SeCreatePagefilePrivilege	3656	chrome.exe
Token: SeShutdownPrivilege	3656	chrome.exe
Token: SeCreatePagefilePrivilege	3656	chrome.exe
Token: SeShutdownPrivilege	3656	chrome.exe
Token: SeCreatePagefilePrivilege	3656	chrome.exe
Token: SeShutdownPrivilege	3656	chrome.exe
Token: SeCreatePagefilePrivilege	3656	chrome.exe
Token: SeShutdownPrivilege	3656	chrome.exe
Token: SeCreatePagefilePrivilege	3656	chrome.exe
Token: SeShutdownPrivilege	3656	chrome.exe
Token: SeCreatePagefilePrivilege	3656	chrome.exe
Token: SeShutdownPrivilege	3656	chrome.exe
Token: SeCreatePagefilePrivilege	3656	chrome.exe
Token: SeShutdownPrivilege	3656	chrome.exe
Token: SeCreatePagefilePrivilege	3656	chrome.exe
Token: SeShutdownPrivilege	3656	chrome.exe
Token: SeCreatePagefilePrivilege	3656	chrome.exe
Token: SeShutdownPrivilege	3656	chrome.exe
Token: SeCreatePagefilePrivilege	3656	chrome.exe
Token: SeShutdownPrivilege	3656	chrome.exe
Token: SeCreatePagefilePrivilege	3656	chrome.exe
Token: SeShutdownPrivilege	3656	chrome.exe
Token: SeCreatePagefilePrivilege	3656	chrome.exe
Token: SeShutdownPrivilege	3656	chrome.exe
Token: SeCreatePagefilePrivilege	3656	chrome.exe
Token: SeShutdownPrivilege	3656	chrome.exe
Token: SeCreatePagefilePrivilege	3656	chrome.exe
Token: SeShutdownPrivilege	3656	chrome.exe
Token: SeCreatePagefilePrivilege	3656	chrome.exe
Token: SeShutdownPrivilege	3656	chrome.exe
Token: SeCreatePagefilePrivilege	3656	chrome.exe
Token: SeShutdownPrivilege	3656	chrome.exe
Token: SeCreatePagefilePrivilege	3656	chrome.exe
Token: SeShutdownPrivilege	3656	chrome.exe
Token: SeCreatePagefilePrivilege	3656	chrome.exe
Token: SeShutdownPrivilege	3656	chrome.exe
Token: SeCreatePagefilePrivilege	3656	chrome.exe
Token: SeShutdownPrivilege	3656	chrome.exe
Token: SeCreatePagefilePrivilege	3656	chrome.exe
Token: SeShutdownPrivilege	3656	chrome.exe
Token: SeCreatePagefilePrivilege	3656	chrome.exe
Token: SeShutdownPrivilege	3656	chrome.exe
Token: SeCreatePagefilePrivilege	3656	chrome.exe
Token: SeShutdownPrivilege	3656	chrome.exe
Token: SeCreatePagefilePrivilege	3656	chrome.exe
Token: SeShutdownPrivilege	3656	chrome.exe
Token: SeCreatePagefilePrivilege	3656	chrome.exe
Token: SeShutdownPrivilege	3656	chrome.exe
Token: SeCreatePagefilePrivilege	3656	chrome.exe
Token: SeShutdownPrivilege	3656	chrome.exe
Token: SeCreatePagefilePrivilege	3656	chrome.exe
Token: SeShutdownPrivilege	3656	chrome.exe
Token: SeCreatePagefilePrivilege	3656	chrome.exe
Token: SeShutdownPrivilege	3656	chrome.exe
Token: SeCreatePagefilePrivilege	3656	chrome.exe
Token: SeShutdownPrivilege	3656	chrome.exe
Token: SeCreatePagefilePrivilege	3656	chrome.exe
Token: SeShutdownPrivilege	3656	chrome.exe
Token: SeCreatePagefilePrivilege	3656	chrome.exe
Token: SeShutdownPrivilege	3656	chrome.exe
Token: SeCreatePagefilePrivilege	3656	chrome.exe
Token: SeShutdownPrivilege	3656	chrome.exe
Token: SeCreatePagefilePrivilege	3656	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe
3656	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3656 wrote to memory of 2992	3656	chrome.exe	chrome.exe
PID 3656 wrote to memory of 2992	3656	chrome.exe	chrome.exe
PID 3656 wrote to memory of 624	3656	chrome.exe	chrome.exe
PID 3656 wrote to memory of 624	3656	chrome.exe	chrome.exe
PID 3656 wrote to memory of 624	3656	chrome.exe	chrome.exe
PID 3656 wrote to memory of 624	3656	chrome.exe	chrome.exe
PID 3656 wrote to memory of 624	3656	chrome.exe	chrome.exe
PID 3656 wrote to memory of 624	3656	chrome.exe	chrome.exe
PID 3656 wrote to memory of 624	3656	chrome.exe	chrome.exe
PID 3656 wrote to memory of 624	3656	chrome.exe	chrome.exe
PID 3656 wrote to memory of 624	3656	chrome.exe	chrome.exe
PID 3656 wrote to memory of 624	3656	chrome.exe	chrome.exe
PID 3656 wrote to memory of 624	3656	chrome.exe	chrome.exe
PID 3656 wrote to memory of 624	3656	chrome.exe	chrome.exe
PID 3656 wrote to memory of 624	3656	chrome.exe	chrome.exe
PID 3656 wrote to memory of 624	3656	chrome.exe	chrome.exe
PID 3656 wrote to memory of 624	3656	chrome.exe	chrome.exe
PID 3656 wrote to memory of 624	3656	chrome.exe	chrome.exe
PID 3656 wrote to memory of 624	3656	chrome.exe	chrome.exe
PID 3656 wrote to memory of 624	3656	chrome.exe	chrome.exe
PID 3656 wrote to memory of 624	3656	chrome.exe	chrome.exe
PID 3656 wrote to memory of 624	3656	chrome.exe	chrome.exe
PID 3656 wrote to memory of 624	3656	chrome.exe	chrome.exe
PID 3656 wrote to memory of 624	3656	chrome.exe	chrome.exe
PID 3656 wrote to memory of 624	3656	chrome.exe	chrome.exe
PID 3656 wrote to memory of 624	3656	chrome.exe	chrome.exe
PID 3656 wrote to memory of 624	3656	chrome.exe	chrome.exe
PID 3656 wrote to memory of 624	3656	chrome.exe	chrome.exe
PID 3656 wrote to memory of 624	3656	chrome.exe	chrome.exe
PID 3656 wrote to memory of 624	3656	chrome.exe	chrome.exe
PID 3656 wrote to memory of 624	3656	chrome.exe	chrome.exe
PID 3656 wrote to memory of 624	3656	chrome.exe	chrome.exe
PID 3656 wrote to memory of 624	3656	chrome.exe	chrome.exe
PID 3656 wrote to memory of 624	3656	chrome.exe	chrome.exe
PID 3656 wrote to memory of 624	3656	chrome.exe	chrome.exe
PID 3656 wrote to memory of 624	3656	chrome.exe	chrome.exe
PID 3656 wrote to memory of 624	3656	chrome.exe	chrome.exe
PID 3656 wrote to memory of 624	3656	chrome.exe	chrome.exe
PID 3656 wrote to memory of 624	3656	chrome.exe	chrome.exe
PID 3656 wrote to memory of 624	3656	chrome.exe	chrome.exe
PID 3656 wrote to memory of 4240	3656	chrome.exe	chrome.exe
PID 3656 wrote to memory of 4240	3656	chrome.exe	chrome.exe
PID 3656 wrote to memory of 3032	3656	chrome.exe	chrome.exe
PID 3656 wrote to memory of 3032	3656	chrome.exe	chrome.exe
PID 3656 wrote to memory of 3032	3656	chrome.exe	chrome.exe
PID 3656 wrote to memory of 3032	3656	chrome.exe	chrome.exe
PID 3656 wrote to memory of 3032	3656	chrome.exe	chrome.exe
PID 3656 wrote to memory of 3032	3656	chrome.exe	chrome.exe
PID 3656 wrote to memory of 3032	3656	chrome.exe	chrome.exe
PID 3656 wrote to memory of 3032	3656	chrome.exe	chrome.exe
PID 3656 wrote to memory of 3032	3656	chrome.exe	chrome.exe
PID 3656 wrote to memory of 3032	3656	chrome.exe	chrome.exe
PID 3656 wrote to memory of 3032	3656	chrome.exe	chrome.exe
PID 3656 wrote to memory of 3032	3656	chrome.exe	chrome.exe
PID 3656 wrote to memory of 3032	3656	chrome.exe	chrome.exe
PID 3656 wrote to memory of 3032	3656	chrome.exe	chrome.exe
PID 3656 wrote to memory of 3032	3656	chrome.exe	chrome.exe
PID 3656 wrote to memory of 3032	3656	chrome.exe	chrome.exe
PID 3656 wrote to memory of 3032	3656	chrome.exe	chrome.exe
PID 3656 wrote to memory of 3032	3656	chrome.exe	chrome.exe
PID 3656 wrote to memory of 3032	3656	chrome.exe	chrome.exe
PID 3656 wrote to memory of 3032	3656	chrome.exe	chrome.exe
PID 3656 wrote to memory of 3032	3656	chrome.exe	chrome.exe
PID 3656 wrote to memory of 3032	3656	chrome.exe	chrome.exe

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\modest-menu_v0.9.8_(Kiddionsmodmenu.com)_.zip
1⤵
PID:3528

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4260

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3656

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd82c49758,0x7ffd82c49768,0x7ffd82c49778
2⤵
PID:2992

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1820 --field-trial-handle=1836,i,10630841430190009161,7403120488449350530,131072 /prefetch:2
2⤵
PID:624

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1836,i,10630841430190009161,7403120488449350530,131072 /prefetch:8
2⤵
PID:4240

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2252 --field-trial-handle=1836,i,10630841430190009161,7403120488449350530,131072 /prefetch:8
2⤵
PID:3032

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3192 --field-trial-handle=1836,i,10630841430190009161,7403120488449350530,131072 /prefetch:1
2⤵
PID:3528

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3316 --field-trial-handle=1836,i,10630841430190009161,7403120488449350530,131072 /prefetch:1
2⤵
PID:3996

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4568 --field-trial-handle=1836,i,10630841430190009161,7403120488449350530,131072 /prefetch:1
2⤵
PID:1796

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4732 --field-trial-handle=1836,i,10630841430190009161,7403120488449350530,131072 /prefetch:8
2⤵
PID:4292

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4848 --field-trial-handle=1836,i,10630841430190009161,7403120488449350530,131072 /prefetch:8
2⤵
PID:4260

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5028 --field-trial-handle=1836,i,10630841430190009161,7403120488449350530,131072 /prefetch:8
2⤵
PID:3736

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5112 --field-trial-handle=1836,i,10630841430190009161,7403120488449350530,131072 /prefetch:8
2⤵
PID:3780

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 --field-trial-handle=1836,i,10630841430190009161,7403120488449350530,131072 /prefetch:8
2⤵
PID:1248

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4852 --field-trial-handle=1836,i,10630841430190009161,7403120488449350530,131072 /prefetch:1
2⤵
PID:5016

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3176 --field-trial-handle=1836,i,10630841430190009161,7403120488449350530,131072 /prefetch:1
2⤵
PID:388

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3188 --field-trial-handle=1836,i,10630841430190009161,7403120488449350530,131072 /prefetch:1
2⤵
PID:1784

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 --field-trial-handle=1836,i,10630841430190009161,7403120488449350530,131072 /prefetch:8
2⤵
PID:3356

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3288 --field-trial-handle=1836,i,10630841430190009161,7403120488449350530,131072 /prefetch:1
2⤵
PID:1196

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3300 --field-trial-handle=1836,i,10630841430190009161,7403120488449350530,131072 /prefetch:8
2⤵
- Modifies registry class
PID:4152

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5308 --field-trial-handle=1836,i,10630841430190009161,7403120488449350530,131072 /prefetch:8
2⤵
PID:1856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=936 --field-trial-handle=1836,i,10630841430190009161,7403120488449350530,131072 /prefetch:1
2⤵
PID:1564

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1480

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\7ca767f5-9ee0-45bd-91c4-df89ba30a573.tmp
Filesize
7KB

MD5
d74448ef00f3a439a916693b22a63830

SHA1
899cbc4eac6f7ae14ffefb8f4d75aa5a1ca35050

SHA256
6eb8d49b4b7b49af5324a5b84de3089454210f4367334ca171f7978597f6f768

SHA512
0c671f97353355cf4972d9817f6a08211b6eefae7f607309c6ada20ccdd8e3dcf7f62b5ae907cfc6171928b33006a447b462b3c68214a9e25fcd0c295063796f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e
Filesize
37KB

MD5
47ae9b25af86702d77c7895ac6f6b57c

SHA1
f56f78729b99247a975620a1103cac3ee9f313a5

SHA256
9bde79a1b0866f68d6baa43f920e971b5feb35a8e0af7ffadc114366f8538224

SHA512
72b5296e3dd1c5b4c42d8c3e4a56693819779167b9f02bc2d5f5a626b519a9cf10bee59846d614c929c42094b65d13039f6024f6cb1c023e740969aaefd060c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
b76fd48a4187571890ad8148d4b0c2de

SHA1
18848140bde9958319d0f31a4387344ae4806d1a

SHA256
71b70e02eba129f6205159bacacfb64d898ebf53814ddb411f542a00e76af4ec

SHA512
99cba0f803b1b63d718209e7d2877a73c1428690b064e5b2f0073c52d323e9943da36781b257a712f68f430b9353aa1231466adb9e4693a2784989217bd30ed2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
65d17f7cfa391e02dfea0209c42b1f45

SHA1
6f7e798cfae027cdfd84d2b8c1b4b0e6ea5a6e67

SHA256
fd1fbdef8ba5389b6e01cffdc186355f79c1eae2d539abcd7e81089dd9b6c7a9

SHA512
5feaa022d5eb6ece74f45774e451df0b0aedb58307c1ec3efa1316ce60f1b3e27596bd9cacc61a687f8709af73d886e7ed337cb0e824177dabc467681e23f1bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
371B

MD5
a264e71651292c096eab10da3c136692

SHA1
d4ffe6d28d1b49627d5b7ef1b33bfb5720e7f359

SHA256
326ce2b961c16465d977b9968bf5f95efe3867f71c1e9cc61e3e0731904cfe36

SHA512
64774323dd6f72ec5cba732e83a503b73dbc5c0d4f1c57b5d9e470dcff5bda1a20c5a13d5fe1108ed0c3e84d5275bf94f3d6596fdacc0b880598d40d51f7f920

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
539B

MD5
e4f4845302febe0e572354520029be37

SHA1
8a6c8678f62671d61f05d80c2ce8f3bd70cdf323

SHA256
e5a7f6ad1ca559b5d2b1b6f2d382325c87235f8d252b37cf3d99731cf6797d76

SHA512
236856fb77640e79bcf2fe26f576523e359e6bdd13c6d2c87eb83a5b70984f53576a30b4944a9be1cbb3674e4d80209249cc1d5ab7ab57f13f9b85e0bfe3c9be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
42ea7ec8d9d24eb70fbda71a63df9ce7

SHA1
c5920bdaccfd734e6936ba961bed8b4cf1e7982e

SHA256
41c2a32bc5bf02d1fec9d3b197c4c38ea1e68e221b6193d279e7b6fa7cadc536

SHA512
db5053e70705d0fc5a3130b282337a4137938b98330846702cdf930ca531a54c2176b0dbcf7ad69b793ad84a236ace83d3c238c1113413526b451cfb3efdbd61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
de2ec72454bdd3a62921707c2a98b9da

SHA1
c71223487d8907118c4cbd9546a810fb63e9dc0d

SHA256
9847e61a99bf58bdb304008718b60b7ab72316d3de3d2ccc800942bfab56b34b

SHA512
8d79fe153f3e6be39e1145cba0f5701bc4329fb298cbbf1288c255ffd32cc0da8724b75ca9f0d34334aa4870d4edd4377dea33fcd28b0eee6ca0d706ef8528e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
1d83b364602572f14c337f7ba0516390

SHA1
66f3f0912ce021b6fda89f4383a1085952ab29f6

SHA256
617c55e49217c05bf0483ae91bf2a14e7de744d92f53d705b9ebb495e43d6285

SHA512
9a69a2eacfd1ea6bb5b6c2ed2a4c5df0e256ea510946ab5a8272a9694a279442468afa4ee5a2155adaacc95ef05cf576242bebcf98eee6f0f8773396d7143db1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
38734b2fee6e5a4276ad5147cc5a4ef6

SHA1
21aa04ce4fbc85195296e1d8f10fd1f5875bac8a

SHA256
ec0f44730369fcb49b9e6a7c7327c342856ffac82ec7e44f03a09e88d6c22965

SHA512
a960e6af7521ab9478f4533a9b1c2f4606c8ed37e6a5ba410e5a710c3d7fe3522aa1ec663bc7b7a9c3c89c3c47ee4688be74ec146a1fb976c06956e3661294d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
96003b4052a5048e4dda36bf98e4d9fe

SHA1
28f63fbcc8d4acde771e404c34cc9252c6ed27aa

SHA256
c3220471bd27e40d286bffdf2c89beb1c26814936533af0f24a28cc73f62ef3a

SHA512
5202b9ac5c57ba4c32e99864bfed5ca47e5eff84e6911cfe54cc37b4a5206d358c8395fa7db9b4fdb8a4a28cc3dc828182bf940b2cc08e419d29eefdfd1383c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
173KB

MD5
c0984da26a815b7ec2ccc30c719386f6

SHA1
30d3b8f9dae303b1b2e74ee6d2288b38156e0a8d

SHA256
13de980047cc10cf3148871f492a9e02bcd7678a4eb7e8af2822b70b9cdb6fc7

SHA512
a2e00e90c356bce83843dae95ada10c1975c8f9707ba217348265451c6d25ffe50fa0347973efefe01b4f3992d032d34e29176ef443723c002852e55b2159074

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
173KB

MD5
517132fc06283f94015e2003413cbfe3

SHA1
a2250d137e507b591dc91912b7c1ef717d749f4a

SHA256
396c446883b5fafc5ce234341a5a05d49808e7e0a9d2f894ae014c7dbdf70c57

SHA512
86400f53a8ec242133874adecd5d8afc00557ad3ccc2b6b792e88f505773cbbf8bbb14a65db29d1ca8f0337d709a9fc1e86d940998b46a1e506eaf289c38d2d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
98KB

MD5
71ca3b1023166a3417f00325f1cb5a09

SHA1
20f1d07f7bdc4e770d77c2bea5a8cd99d2e0042c

SHA256
e1eaf8dc02a5b685ed7feffe55153c39f29e7231fcfcc1ac91e38042bed763aa

SHA512
e4fa3d594934087eea5daf86083914fd8fb26935266260e8323994f108122329553431d780ac47c088ca6cf7f75ebe25b873f7a30d1a95b09a613b4e4b9f300d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57fe55.TMP
Filesize
96KB

MD5
2156225a96f9ea3ae54436fdfad3f776

SHA1
f683989c24f48396be5497ea47a36e3645999222

SHA256
b7a5fa023bd215ea62c934c36cafab4694254747b6371d0e1a442cde4141fbea

SHA512
08a3da6ca618fb7bafd6c9e451b7aa9aa0a9ce7cd33c3dd6a1aec1e122f0b467ec4e7657e46cdb56ce8d4d1b8d075f02bdeaf53930aa71960477801d902298ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_3656_POXWUALMMFGSESLM
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit