bbd05de19aa2af1455c0494639215898a15286d9b05073b6c4817fe24b2c36fa

Analysis

max time kernel
181s
max time network
315s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
26-07-2024 00:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

free menu.zip
Size

41KB
MD5

1df9a18b18332f153918030b7b516615
SHA1

6c42c62696616b72bbfc88a4be4ead57aa7bc503
SHA256

bbd05de19aa2af1455c0494639215898a15286d9b05073b6c4817fe24b2c36fa
SHA512

6382ca9c307d66ab7566acf78b1afd44b18b24d766253e1dc1cb3a3c0be96ecf1f2042d6bd3332d49078ffee571cf98869c1284c1d3e5c1c7dc3e4c64f71af80
SSDEEP

768:hzyVr8GSKL6O3QOXk/0u3wqOghrFCezL1VFJdbq2QTJTw02Q:hGx8DKXE//ZhhCirFi2cwK

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
41	mediafire.com
43	mediafire.com
44	mediafire.com

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133664292246354082"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3766757357-1293853516-507035944-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3766757357-1293853516-507035944-1000_Classes\Local Settings	chrome.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\free menu.zip:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2968	chrome.exe
2968	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs

pid	Process
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe
Token: SeShutdownPrivilege	2968	chrome.exe
Token: SeCreatePagefilePrivilege	2968	chrome.exe

Suspicious use of FindShellTrayWindow 39 IoCs

pid	Process
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe

Suspicious use of SendNotifyMessage 14 IoCs

pid	Process
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe
2968	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2152	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2968 wrote to memory of 2376	2968	chrome.exe	93
PID 2968 wrote to memory of 2376	2968	chrome.exe	93
PID 2968 wrote to memory of 1548	2968	chrome.exe	94
PID 2968 wrote to memory of 1548	2968	chrome.exe	94
PID 2968 wrote to memory of 1548	2968	chrome.exe	94
PID 2968 wrote to memory of 1548	2968	chrome.exe	94
PID 2968 wrote to memory of 1548	2968	chrome.exe	94
PID 2968 wrote to memory of 1548	2968	chrome.exe	94
PID 2968 wrote to memory of 1548	2968	chrome.exe	94
PID 2968 wrote to memory of 1548	2968	chrome.exe	94
PID 2968 wrote to memory of 1548	2968	chrome.exe	94
PID 2968 wrote to memory of 1548	2968	chrome.exe	94
PID 2968 wrote to memory of 1548	2968	chrome.exe	94
PID 2968 wrote to memory of 1548	2968	chrome.exe	94
PID 2968 wrote to memory of 1548	2968	chrome.exe	94
PID 2968 wrote to memory of 1548	2968	chrome.exe	94
PID 2968 wrote to memory of 1548	2968	chrome.exe	94
PID 2968 wrote to memory of 1548	2968	chrome.exe	94
PID 2968 wrote to memory of 1548	2968	chrome.exe	94
PID 2968 wrote to memory of 1548	2968	chrome.exe	94
PID 2968 wrote to memory of 1548	2968	chrome.exe	94
PID 2968 wrote to memory of 1548	2968	chrome.exe	94
PID 2968 wrote to memory of 1548	2968	chrome.exe	94
PID 2968 wrote to memory of 1548	2968	chrome.exe	94
PID 2968 wrote to memory of 1548	2968	chrome.exe	94
PID 2968 wrote to memory of 1548	2968	chrome.exe	94
PID 2968 wrote to memory of 1548	2968	chrome.exe	94
PID 2968 wrote to memory of 1548	2968	chrome.exe	94
PID 2968 wrote to memory of 1548	2968	chrome.exe	94
PID 2968 wrote to memory of 1548	2968	chrome.exe	94
PID 2968 wrote to memory of 1548	2968	chrome.exe	94
PID 2968 wrote to memory of 1548	2968	chrome.exe	94
PID 2968 wrote to memory of 760	2968	chrome.exe	95
PID 2968 wrote to memory of 760	2968	chrome.exe	95
PID 2968 wrote to memory of 3916	2968	chrome.exe	96
PID 2968 wrote to memory of 3916	2968	chrome.exe	96
PID 2968 wrote to memory of 3916	2968	chrome.exe	96
PID 2968 wrote to memory of 3916	2968	chrome.exe	96
PID 2968 wrote to memory of 3916	2968	chrome.exe	96
PID 2968 wrote to memory of 3916	2968	chrome.exe	96
PID 2968 wrote to memory of 3916	2968	chrome.exe	96
PID 2968 wrote to memory of 3916	2968	chrome.exe	96
PID 2968 wrote to memory of 3916	2968	chrome.exe	96
PID 2968 wrote to memory of 3916	2968	chrome.exe	96
PID 2968 wrote to memory of 3916	2968	chrome.exe	96
PID 2968 wrote to memory of 3916	2968	chrome.exe	96
PID 2968 wrote to memory of 3916	2968	chrome.exe	96
PID 2968 wrote to memory of 3916	2968	chrome.exe	96
PID 2968 wrote to memory of 3916	2968	chrome.exe	96
PID 2968 wrote to memory of 3916	2968	chrome.exe	96
PID 2968 wrote to memory of 3916	2968	chrome.exe	96
PID 2968 wrote to memory of 3916	2968	chrome.exe	96
PID 2968 wrote to memory of 3916	2968	chrome.exe	96
PID 2968 wrote to memory of 3916	2968	chrome.exe	96
PID 2968 wrote to memory of 3916	2968	chrome.exe	96
PID 2968 wrote to memory of 3916	2968	chrome.exe	96
PID 2968 wrote to memory of 3916	2968	chrome.exe	96
PID 2968 wrote to memory of 3916	2968	chrome.exe	96
PID 2968 wrote to memory of 3916	2968	chrome.exe	96
PID 2968 wrote to memory of 3916	2968	chrome.exe	96
PID 2968 wrote to memory of 3916	2968	chrome.exe	96
PID 2968 wrote to memory of 3916	2968	chrome.exe	96
PID 2968 wrote to memory of 3916	2968	chrome.exe	96
PID 2968 wrote to memory of 3916	2968	chrome.exe	96

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\free menu.zip"
1⤵
PID:3132

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2152

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeff98cc40,0x7ffeff98cc4c,0x7ffeff98cc58
  2⤵
  PID:2376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1824,i,4732175474256923984,15420872005622663435,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=1820 /prefetch:2
  2⤵
  PID:1548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2068,i,4732175474256923984,15420872005622663435,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2140 /prefetch:3
  2⤵
  PID:760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2208,i,4732175474256923984,15420872005622663435,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2340 /prefetch:8
  2⤵
  PID:3916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,4732175474256923984,15420872005622663435,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:1140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3176,i,4732175474256923984,15420872005622663435,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:3888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4428,i,4732175474256923984,15420872005622663435,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4160 /prefetch:1
  2⤵
  PID:1264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4740,i,4732175474256923984,15420872005622663435,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4752 /prefetch:8
  2⤵
  PID:1008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4948,i,4732175474256923984,15420872005622663435,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4956 /prefetch:8
  2⤵
  PID:3504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4656,i,4732175474256923984,15420872005622663435,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4440,i,4732175474256923984,15420872005622663435,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:2028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3220,i,4732175474256923984,15420872005622663435,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:4288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5264,i,4732175474256923984,15420872005622663435,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:2300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5412,i,4732175474256923984,15420872005622663435,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:3712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5208,i,4732175474256923984,15420872005622663435,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:3980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5564,i,4732175474256923984,15420872005622663435,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:1220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5740,i,4732175474256923984,15420872005622663435,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:4428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5952,i,4732175474256923984,15420872005622663435,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:1584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=6256,i,4732175474256923984,15420872005622663435,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=6300 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6448,i,4732175474256923984,15420872005622663435,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=6332 /prefetch:8
  2⤵
  - NTFS ADS
  PID:3304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=6612,i,4732175474256923984,15420872005622663435,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=6648 /prefetch:1
  2⤵
  PID:3480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6456,i,4732175474256923984,15420872005622663435,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=6500 /prefetch:1
  2⤵
  PID:1208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6308,i,4732175474256923984,15420872005622663435,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=6044 /prefetch:1
  2⤵
  PID:3180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6876,i,4732175474256923984,15420872005622663435,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=6892 /prefetch:1
  2⤵
  PID:2640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=7092,i,4732175474256923984,15420872005622663435,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=7088 /prefetch:1
  2⤵
  PID:4556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=7076,i,4732175474256923984,15420872005622663435,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=7056 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=7368,i,4732175474256923984,15420872005622663435,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=7352 /prefetch:1
  2⤵
  PID:1420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=7456,i,4732175474256923984,15420872005622663435,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=7380 /prefetch:1
  2⤵
  PID:816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=6668,i,4732175474256923984,15420872005622663435,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=7360 /prefetch:1
  2⤵
  PID:5236

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:4624

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2232

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5816

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
53004048c92acc0b8271f3b14755755c

SHA1
5747aa3dfac12d541ca9374fe358a3e4c54cf772

SHA256
fc3b529cb2922531caf916196e6075b21ecb934be2d937cbe187d9881f30861b

SHA512
7a63fe242ee901e2d92237bf10f4788a2b01bafcb93bc22b8f851c4fabfa2f3e8ca58a05e8a53a1a864d2de573a69f63ed2ce6871dac99c7b859b1ff8a9d4e54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
f8d76e107053ca38cded337eb42d58dd

SHA1
2d94201471b7f42a0f39cbf6b090abf0e6ff46d0

SHA256
fbcbf7fb329ec4e044903e18596c3a10419b649bbb1f6f68209d4c021b5abecf

SHA512
97d4538e2dfb06f3a7dd3b6df4288c425c9cc9ea6b93e43e57428b5c3c069898ff2445bbc36ce24def583a57a562cb81415211211376048bce4c04888e2c5aa4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
deb9294a17240fc267b8f8c841c7df68

SHA1
3d33d04429ed0c7bf62c0e39525f7bed7e40e710

SHA256
4a76e3196c1f95d881068fd81fe72455123c9852e88434c4ef0a8186feddb976

SHA512
085ec4de0915f082c4620efca7f93960c1f4abbcc12020502cbf7bf5791716ca0f69dfe89f40644b041432d2f88274e6f8ad2cc64b2d9b68a24589791972e2dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
826b90841a3932cf9ebd6fd0b875e917

SHA1
010cf1aa5b7ac49c9c5f207152c135c1914d1e41

SHA256
6e3240927131f0582dd8ba5def9c4cd9a0b8abd5c494b9ba5952880b54741f1e

SHA512
2c41478bbca2ae2141f9c34a85198e1c094ff5e76cfcc6df94e57ab1a056e12a61d23354a8a184b8b7e3a0db180647c4c8573aad044d719481c9eb968d549113

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
21KB

MD5
e3628d1e7b73fc6e7a5bcf0daf431566

SHA1
4a9823da85cc534e104849d2cd2ac71106b103be

SHA256
619b2b6865ba8e4d13edb2d66826c54c6fb2c87601214ac34f976524ca37773e

SHA512
fde044be60e73fa1e4b962acfba15fadd5da619d29670e2b2062cfbf8f953e815b9a1761190c50b59fa7b38fb936966af6acf0d78a046d568120d7d91e06c746

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
c4223f0b930f10f3aa2c36344e66e5c9

SHA1
d30407e40c381d3c2ac8e7ea937a604699111596

SHA256
93607f168da2163f78625bcc2099332549e0baf919e818eda299daaf2358dd97

SHA512
e900d1b127b90e4e095083fe7f24b0f05ba9d3a731bc6861d9bdd4206c2adaa12abdb4c524ee3eb41c21a3c464133f4a65f58b61bc24f2eb8cf6a88cbdb1202c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
629e3baed25425a65aca436b1127298c

SHA1
b2001fbaf8237f824a70a43399b70a1baaa2cfed

SHA256
101d1e0945a35c26b97e5ce482973508fbb83ff4ec04e7b640ce13895d5f4826

SHA512
da5443171678576e7c0e3f025895ab854a04076e63316817db808061ba469db707663dc760176db3c91fc10c988feddf3d887241902fd925c9874e5bceb87b4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
79712d9230639cfbbabf10cb5ede3df7

SHA1
aa8367a3d0cdc3985aa6ade7fa3a36b8fa1bf359

SHA256
ad44ffc26c2497ff94fb376bfbac7fc8dec335d48ab2096160e40d5861cafc40

SHA512
1e15206fe71cd6510dfb7ea370b1758d7e991f4745769e47b6048ea71f8b673e50055f9f3d9e160a6842cc99b772fac160954c4e4ca8d746f450da698e4dde2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
02203dfa0edf1e4aace4d007406ad3c9

SHA1
b856660783b97364773502883e8430cb6f090988

SHA256
2d5e93d7bf0357338b4ae35d3b50f41d4a0cbdd8d09a159442db39f5b1d4894f

SHA512
bd5cc6247867340b1d9fcd03866388dae21990a2c51b1556bba71469ee6697a00ebe32691fbafde898cdfcd3ef49c6cae0c21f5d86f8601621fd397e8cecd22f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a6fce8d23f9086dddf49bc155f5ef18f

SHA1
2bb6ed6b3b034b4fcced4a1057c702b19d5efaee

SHA256
13e1582b9884b7596799e0d9b35c600e0e107386e55d6b7bc76327fdca18265a

SHA512
2c600ffc60f78095fc6474235672c0fc1d65e64f6ead05a7d90ce224c2399eefc3e96be88539516ec01039f995194cc1b3fbd185457d9bf3e02f58fcbab6db45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
afe83f6c1f9573acf775ac61af7da981

SHA1
d3d29f588f8b6927d8a72b0f61186b80bc48bf84

SHA256
447545a4d51de75de1f4d69fa5d3b1ea1bf510a04f27e5b1484586a6647071dc

SHA512
6d763ea61c49653bcf7e790424a1b24ebbd29e75bc714981feb4b48c390f1a0c176bd034c021e116e7e2b539b28258e370fa2f192a802567f6c953721a0c66e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6778e82df6f9a9da6a46ac49b328f07a

SHA1
6a4e2223a67adb972d60846c441b211186c39237

SHA256
d97b0c7a5423e9b9f647973727be81be8afa9695e7d00bf0c4ec414104bcfa38

SHA512
98988591f8b7c5d1509c2aa7930d35fbd2a04a71574ee42e5dd86b683ab582dc0ba26862c8d94f4ef3ef656cd42ea5a1c2968d62b67f287a06fd44ad066d40ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
97b3029607c38eb448558998ebfcf2eb

SHA1
02d7c60ad2fecb19a7ff38906c23896d121bdd91

SHA256
92ffdbbc2ba21ecbdef5879f4eb14909264b011546a6a5a4a9cc433d6137cbc2

SHA512
68aa86abb781b7ee028e4feb0c52a69f3bffc80d42dbd359db924a75f7fd697505bd99bc7ce92b556b14fd0d0c6b9c8fcb0fabc1520f743d3b90e8cbacf8e20d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5baeb0a127d774749d60dd964d6e48de

SHA1
738c4c0dba1939f2f66a12c3795cd68ef5585122

SHA256
72345ae859a37239f98e13c50d9838c7b0a92509b8226e3f4bcdc278d47aaad3

SHA512
3811613603c26ee8de3314b948a618ec96269e2833d0ef53371540571f09e2cb006191f419cea4dd312dec59c015150fbab3044ac75fdb54e8f85cbdc81267fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
39b94185abdebcf68f1bbbdbc81deb64

SHA1
d34973f3160102a37eacfee1eec102ccc3c1b633

SHA256
e4fef787ed4152b72a292b23525911f86352b1da591da6e682983f39a8aeaff1

SHA512
054d49695eedf77c512506cbbea1c58dd9ed69f5b04f3890f1abd50aadc9ff9a71909c0fb9f62e9234ba9e03c368abded8f03865f2ad96478a6b46cfa7becdc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
e595ad3f50afa7b11dc93caf199d2fff

SHA1
a22f3a613815bc0b922559faab5bfa13e6acb1ad

SHA256
a1b4d9418839e5ac504e78f0299efd3ec3a12831c79c2657712ed8d22b0e9454

SHA512
81ce7b40a2f838c31a7c97af40111b67c14cb6f351584c15addc0e683335813240c2d50b5b81cfd4e92cd2c0ac7dc52439d3f638fd47334ece521e4979539947

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
188KB

MD5
deabe0ea2b0109882b188435bb5f36d0

SHA1
109c8a2d8150e9bb6cfb8be7249efb809dba5055

SHA256
c327743a3bff0cce274760b2363c0bfac3ec6615d06a1c37891e6fc8f9e22b76

SHA512
087eb0f6edbf3239aa3816b583ab6e262d27b243593dc204ffd37f5c8cc4a4de29bafe3924e7e4e23276889e306d8d1099f31cdba815aa2abe1c9d70a0395529

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
188KB

MD5
78ccba81d0c40d40ebbde516ac4b76f3

SHA1
a51c263197fbbbd0a442ce5489bda41d0d8a1638

SHA256
62f47487e197d50318c154e377dd0901c7318b63e6a65a6f2060ea21bd70e11c

SHA512
295074bd630e232a861813d12dba283fcb53b08f2183158dc93dd2069814e0c886c4cdb15a04e583043fefdf3ebaada4f2739c2bb0bc60166e883a3cf608ef36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
188KB

MD5
c21f468629b133b49705323a0233d5f8

SHA1
d011e3bac67af728114e06b736470318dabfcb58

SHA256
c86e1b05e098ad4005cd77a47639526dcf1908a6a4d702f369b4e80c0950084b

SHA512
eafd1687836b88019efeca54aacbbfc92273a2fa28a3f9f7a00fb5bcf377b3a88a433300b2f493f65249bafd2f95c3d8674d60a064e2859e7f5dc05a5000a572

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
188KB

MD5
3ad1efd8d54e5a3cc5e12305dcf8b846

SHA1
ce2676f53d5fa06e5190dac8f19e130c20f88e13

SHA256
93c2e3577bfb095942eafe7551c057ada0d357917e864976a6da87e1e0194a21

SHA512
7d69a2548eeb1b2969364ee865173eff470e50a053708213fcf85c31c1ab93ebf75c7678f565f89fa3db96e6b6fe420c28605dd260305192cfd3d8570002460c

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
11KB

MD5
f14d35e09a6dc5894408e3e4d2b71cdc

SHA1
df29ec121d401c6894fa1abd4ccc73b164b2beff

SHA256
8880a0b04af6e95fed9d68f98585fa976416a373ced4706c535bb37a8820d984

SHA512
e5ec58fc970dafb685f6990b213447e9fb4e40a14c25a79567f619d68be5b05061ef736110026d389c343573e30fe134d0de442b53593af54dd29b3c446d306c

Download Submit
C:\Users\Admin\Downloads\free menu.zip

Filesize
41KB

MD5
1df9a18b18332f153918030b7b516615

SHA1
6c42c62696616b72bbfc88a4be4ead57aa7bc503

SHA256
bbd05de19aa2af1455c0494639215898a15286d9b05073b6c4817fe24b2c36fa

SHA512
6382ca9c307d66ab7566acf78b1afd44b18b24d766253e1dc1cb3a3c0be96ecf1f2042d6bd3332d49078ffee571cf98869c1284c1d3e5c1c7dc3e4c64f71af80

Download Submit
C:\Users\Admin\Downloads\free menu.zip:Zone.Identifier

Filesize
312B

MD5
6d2630643a7495aea1d1fead9b951fc1

SHA1
f9f446d06282a3ff857ce3dd397687b67b41519b

SHA256
fac797d09abeba8a0db88c7da96e73f17aefc312fa21562a2f9f10ffa85fb81d

SHA512
271582aa26d04699cb13698264283738b0a5fbf099142d128d5c818ebc852749c9dac642fa94d5e3000b285fb52abec102ea42a52c9e90bc3a6ecfe9d1b0b82f

Download Submit