hxxp://ww1[.]theterracesonflatheadlake[.]com

Analysis

max time kernel
120s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
09/03/2023, 08:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://ww1.theterracesonflatheadlake.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133228261043625051"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4756	chrome.exe
4756	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe
Token: SeShutdownPrivilege	4756	chrome.exe
Token: SeCreatePagefilePrivilege	4756	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe
4756	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4756 wrote to memory of 4376	4756	chrome.exe	85
PID 4756 wrote to memory of 4376	4756	chrome.exe	85
PID 4756 wrote to memory of 3796	4756	chrome.exe	86
PID 4756 wrote to memory of 3796	4756	chrome.exe	86
PID 4756 wrote to memory of 3796	4756	chrome.exe	86
PID 4756 wrote to memory of 3796	4756	chrome.exe	86
PID 4756 wrote to memory of 3796	4756	chrome.exe	86
PID 4756 wrote to memory of 3796	4756	chrome.exe	86
PID 4756 wrote to memory of 3796	4756	chrome.exe	86
PID 4756 wrote to memory of 3796	4756	chrome.exe	86
PID 4756 wrote to memory of 3796	4756	chrome.exe	86
PID 4756 wrote to memory of 3796	4756	chrome.exe	86
PID 4756 wrote to memory of 3796	4756	chrome.exe	86
PID 4756 wrote to memory of 3796	4756	chrome.exe	86
PID 4756 wrote to memory of 3796	4756	chrome.exe	86
PID 4756 wrote to memory of 3796	4756	chrome.exe	86
PID 4756 wrote to memory of 3796	4756	chrome.exe	86
PID 4756 wrote to memory of 3796	4756	chrome.exe	86
PID 4756 wrote to memory of 3796	4756	chrome.exe	86
PID 4756 wrote to memory of 3796	4756	chrome.exe	86
PID 4756 wrote to memory of 3796	4756	chrome.exe	86
PID 4756 wrote to memory of 3796	4756	chrome.exe	86
PID 4756 wrote to memory of 3796	4756	chrome.exe	86
PID 4756 wrote to memory of 3796	4756	chrome.exe	86
PID 4756 wrote to memory of 3796	4756	chrome.exe	86
PID 4756 wrote to memory of 3796	4756	chrome.exe	86
PID 4756 wrote to memory of 3796	4756	chrome.exe	86
PID 4756 wrote to memory of 3796	4756	chrome.exe	86
PID 4756 wrote to memory of 3796	4756	chrome.exe	86
PID 4756 wrote to memory of 3796	4756	chrome.exe	86
PID 4756 wrote to memory of 3796	4756	chrome.exe	86
PID 4756 wrote to memory of 3796	4756	chrome.exe	86
PID 4756 wrote to memory of 3796	4756	chrome.exe	86
PID 4756 wrote to memory of 3796	4756	chrome.exe	86
PID 4756 wrote to memory of 3796	4756	chrome.exe	86
PID 4756 wrote to memory of 3796	4756	chrome.exe	86
PID 4756 wrote to memory of 3796	4756	chrome.exe	86
PID 4756 wrote to memory of 3796	4756	chrome.exe	86
PID 4756 wrote to memory of 3796	4756	chrome.exe	86
PID 4756 wrote to memory of 3796	4756	chrome.exe	86
PID 4756 wrote to memory of 3848	4756	chrome.exe	87
PID 4756 wrote to memory of 3848	4756	chrome.exe	87
PID 4756 wrote to memory of 1520	4756	chrome.exe	88
PID 4756 wrote to memory of 1520	4756	chrome.exe	88
PID 4756 wrote to memory of 1520	4756	chrome.exe	88
PID 4756 wrote to memory of 1520	4756	chrome.exe	88
PID 4756 wrote to memory of 1520	4756	chrome.exe	88
PID 4756 wrote to memory of 1520	4756	chrome.exe	88
PID 4756 wrote to memory of 1520	4756	chrome.exe	88
PID 4756 wrote to memory of 1520	4756	chrome.exe	88
PID 4756 wrote to memory of 1520	4756	chrome.exe	88
PID 4756 wrote to memory of 1520	4756	chrome.exe	88
PID 4756 wrote to memory of 1520	4756	chrome.exe	88
PID 4756 wrote to memory of 1520	4756	chrome.exe	88
PID 4756 wrote to memory of 1520	4756	chrome.exe	88
PID 4756 wrote to memory of 1520	4756	chrome.exe	88
PID 4756 wrote to memory of 1520	4756	chrome.exe	88
PID 4756 wrote to memory of 1520	4756	chrome.exe	88
PID 4756 wrote to memory of 1520	4756	chrome.exe	88
PID 4756 wrote to memory of 1520	4756	chrome.exe	88
PID 4756 wrote to memory of 1520	4756	chrome.exe	88
PID 4756 wrote to memory of 1520	4756	chrome.exe	88
PID 4756 wrote to memory of 1520	4756	chrome.exe	88
PID 4756 wrote to memory of 1520	4756	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://ww1.theterracesonflatheadlake.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcfb889758,0x7ffcfb889768,0x7ffcfb889778
  2⤵
  PID:4376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1808 --field-trial-handle=1780,i,5012727117809899905,16399977742160913869,131072 /prefetch:2
  2⤵
  PID:3796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1780,i,5012727117809899905,16399977742160913869,131072 /prefetch:8
  2⤵
  PID:3848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1780,i,5012727117809899905,16399977742160913869,131072 /prefetch:8
  2⤵
  PID:1520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3028 --field-trial-handle=1780,i,5012727117809899905,16399977742160913869,131072 /prefetch:1
  2⤵
  PID:1276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3044 --field-trial-handle=1780,i,5012727117809899905,16399977742160913869,131072 /prefetch:1
  2⤵
  PID:2628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4772 --field-trial-handle=1780,i,5012727117809899905,16399977742160913869,131072 /prefetch:1
  2⤵
  PID:1372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 --field-trial-handle=1780,i,5012727117809899905,16399977742160913869,131072 /prefetch:8
  2⤵
  PID:5044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5492 --field-trial-handle=1780,i,5012727117809899905,16399977742160913869,131072 /prefetch:8
  2⤵
  PID:3408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 --field-trial-handle=1780,i,5012727117809899905,16399977742160913869,131072 /prefetch:8
  2⤵
  PID:916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5664 --field-trial-handle=1780,i,5012727117809899905,16399977742160913869,131072 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5076 --field-trial-handle=1780,i,5012727117809899905,16399977742160913869,131072 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5080 --field-trial-handle=1780,i,5012727117809899905,16399977742160913869,131072 /prefetch:1
  2⤵
  PID:1320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5832 --field-trial-handle=1780,i,5012727117809899905,16399977742160913869,131072 /prefetch:1
  2⤵
  PID:1908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2772 --field-trial-handle=1780,i,5012727117809899905,16399977742160913869,131072 /prefetch:1
  2⤵
  PID:3472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5888 --field-trial-handle=1780,i,5012727117809899905,16399977742160913869,131072 /prefetch:1
  2⤵
  PID:860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5900 --field-trial-handle=1780,i,5012727117809899905,16399977742160913869,131072 /prefetch:1
  2⤵
  PID:4128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=832 --field-trial-handle=1780,i,5012727117809899905,16399977742160913869,131072 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5972 --field-trial-handle=1780,i,5012727117809899905,16399977742160913869,131072 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=1640 --field-trial-handle=1780,i,5012727117809899905,16399977742160913869,131072 /prefetch:1
  2⤵
  PID:1760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5136 --field-trial-handle=1780,i,5012727117809899905,16399977742160913869,131072 /prefetch:1
  2⤵
  PID:1356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5020 --field-trial-handle=1780,i,5012727117809899905,16399977742160913869,131072 /prefetch:1
  2⤵
  PID:1552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5516 --field-trial-handle=1780,i,5012727117809899905,16399977742160913869,131072 /prefetch:1
  2⤵
  PID:2080

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1156

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000033

Filesize
160KB

MD5
fa6149f8c3296135f4df001ad8bfde7b

SHA1
30552f7994fbcb3012362651f7c1ead1b672b0cf

SHA256
846db6fc429a1a1b297bad301abfab64ff1b4ed698041e486015ce33318640c5

SHA512
12db8b41ded054de70089c33157e1e629ad6016013ab0ac571351ac5870d6bb4de403db70974c745a3173c2169b71749113e9cdca0acae5f24c1d5e29c8215cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
7d7c332a412e175bb8e7a6715e43cfd6

SHA1
3c4a797770ec8ff0dd272de6c11015318d56ef8d

SHA256
faf1e3bdbfa6aba7afc8ca8a6687f2391ff365102f2f6bee739e11cbb4333216

SHA512
fc68c4e0335d6bef7a97f714353a5cb2d92da32d98a814c31fa7de5ad6ff8cb568ec711146ca05d824ad4dfda75a88bf8fd06051e9f05060a8a76ef31ab762f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
4fb8a50321dc3708194cf400d9e9013a

SHA1
5770cb4802ac6a2ee83f8cda7fe246bed7159139

SHA256
a2acb2c5a0c4ab2a34469d00d4148391df11b1cc532f31edc66cb73fec36b18d

SHA512
2a049da2e0a0ff94acefa0441eaae9772bcd26191bef7f9669602b44255c604e792fce8c16132cb0a9f85a4a6bf36d8f8386de790be5381242af7db712d8ffd6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
7a42f2f9a875e32ac20089971870ae90

SHA1
7234aa474db5ae68c2c02b31b8bff28b24d4978a

SHA256
80983cf3749cd701bcd2efc32c860faff88073074e99ad2cd6d6049d2dc32f9d

SHA512
771b0b0102f02e4a68e8ae4c94a686ee247a6338b25403cd195c1cda3a3fbd124e985e542fd3f03218016282e191794fb9b66862ed6bca30baf0e48459c7e8f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
dea251174b3d0bfdd7e26da48533bb48

SHA1
8619d48668c1e828e0b56696199d401d8ee6cdfe

SHA256
0a6070af742bdaa96cda5e3ac81e0073285b98e97f8eea03ff1cec01f8e84065

SHA512
5af1846cc023dabc64132601b64ff0c70a11a632c0ae784fca5a9115d4ea8940d12fd0dd3df5bc50e0d87af2556fbc31952ded4124a40c57daf95930739f25c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
a62d8146393b1388e53fd06268591ccd

SHA1
31d3b49e21d5bb77981188b9569b50cbef30bc0d

SHA256
86c4965311be5d7f5f32566bd04bcde0db847b3c4a10d1f730a9a3016d2d64d7

SHA512
24040c47f0c0279b92d02a49282bdde21ad96239b2211f6a9a760875c72e82f56118299bfa440769f4484c1b5ee9dea5f67fe212beae11bab2a7f5321f24ac6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
be9a867e0a8b74277266676c1d275f8f

SHA1
41bb6809384521d6a0c24a727f5f03a52517f09e

SHA256
6d44abb9d585e0a090c365cc20377dfce64dd023a088b3bdf922d94a74105a61

SHA512
7ed96f76a497c9d5b09934c511774ab341026aecb2ad493141054880746ee617c752e64e93eb513a540c7068501ffe091ca1507ba6bf25ad090a1ce2970823cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
bd588d926df9e7a769417d3f774cc3de

SHA1
1b1b27627d8d9e5794c17b3d4539c128c24273ce

SHA256
9b8535de2aea874124714d0a8a3349ccfbeab20831ed48d483e13ae806b32341

SHA512
8f12508a29ff191752021823d3b2c19b4ea2e92b1e480fffd12c113ab7e25cf73512f1c29d42904af43c4ab2ec52978e67f7eb0883e67f98d644b359097a28b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b682a3537326f9ee285bf6959a424512

SHA1
27a2e6a04e785a014d61ce05b8bc961e2992e65b

SHA256
4c043579d3f6414ad9e77710dd932f4a5504c244594a6a98dcfdcefc87b7fdde

SHA512
4dcd56385101c4396fe3cc000fd2d37c2fafe1e337eeada4a25cdac05c98e4a77e9c69f82cd66d040cdd84fe76ec59ff293c057aa88c63e8d0731b811da94976

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d07a4c23a70b88524f6b446f09b917e6

SHA1
266e40c655e84a5ebbfaae86a713229eb3a67303

SHA256
f1bea1638e8afb75ead9d4edd5b27fc2a858f7c04e54b7da8d6a3610a37a0dd6

SHA512
fbf2aefb70279f1f35c66bb394beb3a830c7d1bedfb474d132e7e01a6725c7de07c2ad346a1f491120e30b7e9ab18115b2570573382e1fb1120ab79899d95f62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
923bf5805ab857bea6508815c3293f5f

SHA1
998b4c51c88797434fccee365f80467c496c7333

SHA256
d67e26ec8e4e2afc2900d7149033ee24d3ee0bf1fa62b726c32d19982a000f51

SHA512
e46ddaf1f7b43391270a04c552cef130e91f27f16b28d6768b8b21fe9c8efecaf0b776cc01a1ba13794bf1a2597f7fd29e9a341f008fd191ef2421ef0ae4097a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
06d3c9fb7b662f1178f96f503ef90538

SHA1
02ef864493c95880fb503005b9ccf99ff532b74a

SHA256
9dbc4bcbe3256df1ef6a1bc373a9cba1054946b59749962c9bf8bb56404fd51b

SHA512
fcfcc02a7001da40b8b2728b70cbc5cd15d7b6e3e0b52a05455d68045c5c456b6b832823bef1efa5c26febb3852cf9a40ba93741723cc169f47c1029bc950b02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
143KB

MD5
035c9172ac105ae3fb415a287f1fba29

SHA1
3faec52e2c6b434b6d007580b42efab86dde7637

SHA256
70201c3796a7d6a1cca8f7c8551455d195cd959fa611b877565c46c06e490146

SHA512
5f26d10bb40ecd9a07f4dab934fb41723d4b1fe39ef574f671b816cf4cb99cc7b319b9d5881754247a0d5590f4a28be2584131b8a325a950cec66a8e60d2d282

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
143KB

MD5
3043fbc25c289bb0b94ec01ba802960c

SHA1
4396c60e6f5a44eaf9bb94f4287c685b5c1e6490

SHA256
8dd95b924fdb7c828277a92326bd54348f645c757ba240dedf8d7fa4202a0d49

SHA512
7b720bf3ff46f2893a0cfb0d59dd829a5621f3711f29bf2f8757cf3852c16bd8bf8d0d05a580d09e095d61224f233f3fea887c2ae78d4a218acb56874f48dfb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
memory/3408-174-0x00007FFD18E60000-0x00007FFD18E61000-memory.dmp

Filesize
4KB

Download
memory/3408-173-0x00007FFD183B0000-0x00007FFD183B1000-memory.dmp

Filesize
4KB

Download
memory/3796-136-0x00007FFD19F30000-0x00007FFD19F31000-memory.dmp

Filesize
4KB

Download