hxxp://1v1[.]lol

Analysis

max time kernel
1800s
max time network
1808s
platform
windows11-21h2_x64
resource
win11-20231215-en
resource tags

arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
submitted
23/01/2024, 15:48

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://1v1.lol

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133504992390458489"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-894477223-740240645-3565689000-1000\{E8540F31-7FFE-409E-AF37-3A5FC81D2586}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2200	chrome.exe
2200	chrome.exe
4804	chrome.exe
4804	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe
Token: SeShutdownPrivilege	2200	chrome.exe
Token: SeCreatePagefilePrivilege	2200	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe
2200	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2200 wrote to memory of 3016	2200	chrome.exe	78
PID 2200 wrote to memory of 3016	2200	chrome.exe	78
PID 2200 wrote to memory of 1284	2200	chrome.exe	81
PID 2200 wrote to memory of 1284	2200	chrome.exe	81
PID 2200 wrote to memory of 1284	2200	chrome.exe	81
PID 2200 wrote to memory of 1284	2200	chrome.exe	81
PID 2200 wrote to memory of 1284	2200	chrome.exe	81
PID 2200 wrote to memory of 1284	2200	chrome.exe	81
PID 2200 wrote to memory of 1284	2200	chrome.exe	81
PID 2200 wrote to memory of 1284	2200	chrome.exe	81
PID 2200 wrote to memory of 1284	2200	chrome.exe	81
PID 2200 wrote to memory of 1284	2200	chrome.exe	81
PID 2200 wrote to memory of 1284	2200	chrome.exe	81
PID 2200 wrote to memory of 1284	2200	chrome.exe	81
PID 2200 wrote to memory of 1284	2200	chrome.exe	81
PID 2200 wrote to memory of 1284	2200	chrome.exe	81
PID 2200 wrote to memory of 1284	2200	chrome.exe	81
PID 2200 wrote to memory of 1284	2200	chrome.exe	81
PID 2200 wrote to memory of 1284	2200	chrome.exe	81
PID 2200 wrote to memory of 1284	2200	chrome.exe	81
PID 2200 wrote to memory of 1284	2200	chrome.exe	81
PID 2200 wrote to memory of 1284	2200	chrome.exe	81
PID 2200 wrote to memory of 1284	2200	chrome.exe	81
PID 2200 wrote to memory of 1284	2200	chrome.exe	81
PID 2200 wrote to memory of 1284	2200	chrome.exe	81
PID 2200 wrote to memory of 1284	2200	chrome.exe	81
PID 2200 wrote to memory of 1284	2200	chrome.exe	81
PID 2200 wrote to memory of 1284	2200	chrome.exe	81
PID 2200 wrote to memory of 1284	2200	chrome.exe	81
PID 2200 wrote to memory of 1284	2200	chrome.exe	81
PID 2200 wrote to memory of 1284	2200	chrome.exe	81
PID 2200 wrote to memory of 1284	2200	chrome.exe	81
PID 2200 wrote to memory of 1284	2200	chrome.exe	81
PID 2200 wrote to memory of 1284	2200	chrome.exe	81
PID 2200 wrote to memory of 1284	2200	chrome.exe	81
PID 2200 wrote to memory of 1284	2200	chrome.exe	81
PID 2200 wrote to memory of 1284	2200	chrome.exe	81
PID 2200 wrote to memory of 1284	2200	chrome.exe	81
PID 2200 wrote to memory of 1284	2200	chrome.exe	81
PID 2200 wrote to memory of 1284	2200	chrome.exe	81
PID 2200 wrote to memory of 4128	2200	chrome.exe	82
PID 2200 wrote to memory of 4128	2200	chrome.exe	82
PID 2200 wrote to memory of 3308	2200	chrome.exe	83
PID 2200 wrote to memory of 3308	2200	chrome.exe	83
PID 2200 wrote to memory of 3308	2200	chrome.exe	83
PID 2200 wrote to memory of 3308	2200	chrome.exe	83
PID 2200 wrote to memory of 3308	2200	chrome.exe	83
PID 2200 wrote to memory of 3308	2200	chrome.exe	83
PID 2200 wrote to memory of 3308	2200	chrome.exe	83
PID 2200 wrote to memory of 3308	2200	chrome.exe	83
PID 2200 wrote to memory of 3308	2200	chrome.exe	83
PID 2200 wrote to memory of 3308	2200	chrome.exe	83
PID 2200 wrote to memory of 3308	2200	chrome.exe	83
PID 2200 wrote to memory of 3308	2200	chrome.exe	83
PID 2200 wrote to memory of 3308	2200	chrome.exe	83
PID 2200 wrote to memory of 3308	2200	chrome.exe	83
PID 2200 wrote to memory of 3308	2200	chrome.exe	83
PID 2200 wrote to memory of 3308	2200	chrome.exe	83
PID 2200 wrote to memory of 3308	2200	chrome.exe	83
PID 2200 wrote to memory of 3308	2200	chrome.exe	83
PID 2200 wrote to memory of 3308	2200	chrome.exe	83
PID 2200 wrote to memory of 3308	2200	chrome.exe	83
PID 2200 wrote to memory of 3308	2200	chrome.exe	83
PID 2200 wrote to memory of 3308	2200	chrome.exe	83

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://1v1.lol
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa8b2e9758,0x7ffa8b2e9768,0x7ffa8b2e9778
  2⤵
  PID:3016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 --field-trial-handle=1800,i,14565261795500358457,10741823926488076957,131072 /prefetch:2
  2⤵
  PID:1284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=1800,i,14565261795500358457,10741823926488076957,131072 /prefetch:8
  2⤵
  PID:4128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2132 --field-trial-handle=1800,i,14565261795500358457,10741823926488076957,131072 /prefetch:8
  2⤵
  PID:3308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2956 --field-trial-handle=1800,i,14565261795500358457,10741823926488076957,131072 /prefetch:1
  2⤵
  PID:4788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2832 --field-trial-handle=1800,i,14565261795500358457,10741823926488076957,131072 /prefetch:1
  2⤵
  PID:1824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4376 --field-trial-handle=1800,i,14565261795500358457,10741823926488076957,131072 /prefetch:1
  2⤵
  PID:3340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4620 --field-trial-handle=1800,i,14565261795500358457,10741823926488076957,131072 /prefetch:1
  2⤵
  PID:4812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5020 --field-trial-handle=1800,i,14565261795500358457,10741823926488076957,131072 /prefetch:8
  2⤵
  PID:4456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 --field-trial-handle=1800,i,14565261795500358457,10741823926488076957,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:2260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5908 --field-trial-handle=1800,i,14565261795500358457,10741823926488076957,131072 /prefetch:1
  2⤵
  PID:5076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5128 --field-trial-handle=1800,i,14565261795500358457,10741823926488076957,131072 /prefetch:1
  2⤵
  PID:1640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5308 --field-trial-handle=1800,i,14565261795500358457,10741823926488076957,131072 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5136 --field-trial-handle=1800,i,14565261795500358457,10741823926488076957,131072 /prefetch:1
  2⤵
  PID:1516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6224 --field-trial-handle=1800,i,14565261795500358457,10741823926488076957,131072 /prefetch:8
  2⤵
  PID:3052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 --field-trial-handle=1800,i,14565261795500358457,10741823926488076957,131072 /prefetch:8
  2⤵
  PID:1564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5468 --field-trial-handle=1800,i,14565261795500358457,10741823926488076957,131072 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=1064 --field-trial-handle=1800,i,14565261795500358457,10741823926488076957,131072 /prefetch:1
  2⤵
  PID:4716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3592 --field-trial-handle=1800,i,14565261795500358457,10741823926488076957,131072 /prefetch:1
  2⤵
  PID:2668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2672 --field-trial-handle=1800,i,14565261795500358457,10741823926488076957,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4796 --field-trial-handle=1800,i,14565261795500358457,10741823926488076957,131072 /prefetch:1
  2⤵
  PID:1896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6100 --field-trial-handle=1800,i,14565261795500358457,10741823926488076957,131072 /prefetch:1
  2⤵
  PID:4068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=2168 --field-trial-handle=1800,i,14565261795500358457,10741823926488076957,131072 /prefetch:1
  2⤵
  PID:584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6080 --field-trial-handle=1800,i,14565261795500358457,10741823926488076957,131072 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=2508 --field-trial-handle=1800,i,14565261795500358457,10741823926488076957,131072 /prefetch:1
  2⤵
  PID:4492

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4484

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D0 0x00000000000004E0
1⤵
PID:3548

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
fdf19081de75811f830b4e0dfe994c38

SHA1
36f3c6c578b21a9b22d2434bf9cd59dff9a544d4

SHA256
229fc8fe35b645b3348a38b1722d861f76dd162120e2a92c5df26844d9055aa3

SHA512
6b7e0df1c97516e57f6d5e3041cda33c99eaf16766bbb9977bc3bc662d251018595b8891d2b8962e22d9e6c502e83c20e28bba47fae54842c3a807d64f8b11cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_1v1.lol_0.indexeddb.blob\5\00\3d

Filesize
512KB

MD5
91df751e144ff3c329cad33847a9afb2

SHA1
84c690affdc7a6aea1fe6c1c263fc8384a498e51

SHA256
e3b0ece4a1fa1d95ced7dcf5afee78ebc64696281104dd91af8bae04baba626f

SHA512
1b3a20bd629ac25e0c6c60f90efa158d769a2c74ef6c0591cbe7ee0397fa443b78e43254ebfa0640ab31f1fc2425d309ebf87c76531632efef9a939e2cd7a9d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_1v1.lol_0.indexeddb.blob\5\00\3e

Filesize
512KB

MD5
f2ddf2e8de648cda88d6276d8d75df75

SHA1
4745625fc1e1f70690db359a9b28ea55b5636e14

SHA256
7a20a52c8cf4bc11b9819cc7b36b5d029c27e0ee6459d907a38908f1953d6bce

SHA512
8407ab427aad8f45295a38f7dd9a6c43765d3d5d1a0f90b6c850a8f23049355d5166782695a0d026b61b62c8661532efbbf263d108ecefb4e76c6ec1b108a9ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_1v1.lol_0.indexeddb.blob\5\00\3f

Filesize
10.5MB

MD5
6e574c9bec8386cad2fb6ec4c0816270

SHA1
7f7ee5363721d840d876dd0592a9f9f35ad59856

SHA256
9585fd6cb73202f5f9dde5c65166504d3c442b6dbc021b5e38e4e40c412fb320

SHA512
7d8bfa19e279f00c97010155ebc830995711e391b8117594a29d7fc8608cdb6e5ee82182c6c824c8edc3d3889830da994bfaa942259676ea0a9e76c4f6b7e8f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_1v1.lol_0.indexeddb.blob\5\00\40

Filesize
10.5MB

MD5
4164026ff6a21d1ed3a69115792a85be

SHA1
1edf890476d3e3dce6ed10ac04b48ac0573ee441

SHA256
953f00b02dfcf649519c0febc10d27de93122c74b86e8133c4e31067fb28deb2

SHA512
950f988e7cd284254dd76c2a148d728f5a145de838b0afc228debcaac7cc4866d6554a1c13b1c233fbdbd60e3faa5cd0dd97bb4f5a4c9ef92619f42e63875cb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_1v1.lol_0.indexeddb.blob\5\00\41

Filesize
10.5MB

MD5
7898070a5e5244c5788bd6f819c7fa18

SHA1
daa4b39f346e11e12e370f79f0261e731ecb11c7

SHA256
c9160f3308672c5f6bf14bff387ce3b2be4b5ea714521953e66991eee4651dc5

SHA512
607de60ebacaabdc5300f909eecd7c644e56320c4bfe0c6257d86a38f05f5d4997e7e0b9f8bbdb209367262b8081fb83e5864b9673412390b32f9d29246e0e66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_1v1.lol_0.indexeddb.blob\5\00\5

Filesize
512KB

MD5
22ba2158a31bb28af7372779e27da238

SHA1
dd1bd263815adad13b8b9581d6ce29b920b87854

SHA256
ad4bffc66db410db8e15dfcb55b9744025a0e23efef68f7896ec58f23b106510

SHA512
77c66a07279133d29e5b608eda6faf3583dbc2d37e31176dccad26f7e7f756bf962b1427b5d199c7507de8d5c78bf58436a08cb883490cf1f202db86cf4b6d64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_1v1.lol_0.indexeddb.blob\5\00\6

Filesize
1.6MB

MD5
800ede07802648ad272a44cab755348e

SHA1
f31390bcccdec79b134132dcb8b7e232ec73e596

SHA256
fcd1c5b4636e1a0f5ad08b29df90c6a513728ac4f2202668f031eb17880ac18e

SHA512
ca92ee828c7d0dab0facbf6ebc9ca34918e94bf6d5f2d898962a2fa26411c0ced216c771e03b36f450bbc41005b0f8ca22acca662acdc707397121038a7ee95d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
ba37c80222f8c131cf674f34bc30b694

SHA1
879e66ea35997786f1b2bea9fe88f5ac6f07e2e0

SHA256
4f2714cc35a62fd647d02649a686828f8f2aaa87f1e9ee061f2c296c72cb5dde

SHA512
23535a9dd58cb6c326c947fb84c79d44e2f01e2f5092290062fdd91fff595e43eaf17f12d162822914476c5db2753ea66c70e58cf4ab859914802f249f3a4b51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
8ad6bb0e2895ebfef290dde045d9d3d9

SHA1
8fc5f240a425c9b0d0b9457fe2af463d1b7a5b5f

SHA256
ad8499b06a9f33c65ee3f197f749646503d92fe0adb1637251986e9c5e17c253

SHA512
eb6c9309666d8f9cc0d669016e5c9b456843dae5a631fbbda6f59c546cb3a38bb5168050d5b1d7cebfe4632a5ab512d1bec6691bca3596cfd21bde4001216d95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
70e824577f137c83dbb4cb74d4df7d33

SHA1
bf4000acae3c8182d7796d80cdc745a1a1c89518

SHA256
d20905fc300daafdce87d4d38371ff71e3e0fb55e6d46bb6e1144683ba2583d6

SHA512
a389919c8b1e3be62d8d6fbfea98a56c17af05ae71b3c4d5a05874b22624d57627cafc774fed20520c63871f74db4e3da3697d5593ac6ddaebfa7de412bba14d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
713acf1b58ddd057077368f4a5fb1931

SHA1
f573cbb16673cc8101bb6281134a9c18241cb19c

SHA256
1967f26bd3842370bbcd84e1076a7bc07c630ace050f806d9397c6f9518b9785

SHA512
15ec7a09bdb4b54f7ef159b13d22a4437ca608d37efc81796522baa28c26063405a583ebba347b49264a094510f939fb945f85dda4a2572e747855fdff530fa6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
08261bd8ee0aa32b46f9500646cd6363

SHA1
c6750b61d6b8fd0e5c5a54870bb3ea08af3f786a

SHA256
a051a1ddc6da1a403b0920d82ec49388c7bd90156ee93acb33ae23810f260473

SHA512
73a698ad5e4efa13337c08c525b087f51e270e4ec8e0a0300156e374112a38dd7d568e6c0fd0d3035c6ab36c4ebe3d202fcad6d7aa1911c84d8181173a42f17b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
36dba3a2831c6a88e7ea40e1f8e3bbc5

SHA1
326b25ba73b2d88ac43d1d24ffa91e644aec88b3

SHA256
f177287c72f8d754e2eaa7a5d04fea32e18c30d2dd19b930ab68f841e37495d3

SHA512
9dfcc0a19bf00992aeb81f0aa400a6a9a9632a7827c585131313aaa3e4ff27cfeaf81a03205e34df622b3e7de98810d1928db1fcd6b2f2d00f49e0303773e575

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d0ae50c533299a626d2576913fec334d

SHA1
9d9187506e0305af6f047b7e5ec445ccbda58bff

SHA256
1c00cbc4f16aa35a9daa95abf960a148ef5af1c77427932c47ab3052d1638ef5

SHA512
d14753e7b8a56c16acaab6aa3869cecaaede6115660c673faeb22672a6189f4c41babf0ffd09230500e23d86743913d6fc09eda6ce017a1133234c88a50be71a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
26f86458ea0b0ecec9f19de42229318e

SHA1
d5a1f25ff13a87669bfb40c6fd75b2b369b09d90

SHA256
dcaee4870e43c6d7ff2464f5438c7128420aafe0234b8ceee29a2861c71b3366

SHA512
4e177532174a2b7b4f33831df96a7daa89d17f57d17325e6c462495cbab20ebf7c5d84818d9f22d2a9852a0727a41e6eea792d779dad28f24f8d2831175d745b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
004ab3cbe11a17a447c523a102bc4f0f

SHA1
2d33028d04d1b0fb7a429941dac5af366a89ba30

SHA256
4b3a6400a367b16841b93b81332534fa46315fc2d6027b4d6f19247e8cf088f8

SHA512
cf466840e80669847beab84a80b308513d8305af77af7a43ba956c1f8382a536d63f96157f5dcc0e7f69d68a30d38be9fa59a0eda5e1839836e59875bee6d9a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a05e17abf0afca3e90b6bde8f39d30c3

SHA1
caff14205f97a27b88af7a163c00e267b1be789b

SHA256
9dd5bb44756aa49b75d8ce41d52a2948d4f8c3213a2c9324ba54c9b54180de4a

SHA512
353f57e717191dbf3aba8cfcc4ae5c278cc45ee69a4f64bc509212de4ea1182b6386b68432c0bb0aa855dfa829651ce7d9fca9a1df34f61fb925905710ee136a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0036191c9a0839fe06e62ca081693d18

SHA1
91bc53db0c9adaa54b357180f498d8ba479b1b05

SHA256
33bab3048ced6c54467330e00937567bdd56b30daa537ffd6709c54bb4e71f86

SHA512
6a06815691ba86203fd5b704f8544498f0b44da1b6b8c03f7b072c04a2a3e70f4e8f6e22d97ef4afb8a9e9f2453e158735d670eaa9ec81716f6946d5315ab8b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d89d7132cca607e20463439ce5d0e6b6

SHA1
637be1d9ea6bb11ede578b56720f7f7f8582daa4

SHA256
facdb8a7e671d935afa9dca6494a0c5c45a9a7bbca1cf7a8f34e0eebd22de4de

SHA512
2b234706f7e445d2e9b2a05a0bc254f22034bce76d58277efcfcbad0bb431bda76cf5f0e96dce170676bb7271d9f6ebf568d68bc29b688e710d55db6f4675c2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\blob_storage\bd74fb19-36b5-4490-bf28-1065b3205e6f\22

Filesize
10.0MB

MD5
2b3869a43e94bb8f86476ccf90cdeb25

SHA1
c432247a568da6ff0b85ceee0fd6f1f9883cfdef

SHA256
aa0739a9fca637a75a219a955e856aef906243b87416c339b08b0894d7a0b0c8

SHA512
d248af0d71f56268210cb11f4aa6eef20c7ec4cd70e0690e37f7dd65af629ced560bb52d95f3072a441af580241072d8a65ea4b399d897e867ac097a128372fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\blob_storage\bd74fb19-36b5-4490-bf28-1065b3205e6f\26

Filesize
10.0MB

MD5
5377703891016e723054b4087cbaab93

SHA1
2011fb9eb174d04a48573a2d71178943ccf60c9d

SHA256
f3d4c0099ec42707457cfbec401f5caef880caecb57440d7edc3fc3b5850a72d

SHA512
3fa7e29ae30b7de45ccad2316e0df098dae46c4629bfdf4169c5a57fadca934d38d641b2b136de6e6defa3c743d57aa2ab1e827c24deac8a4386b9d572184381

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\blob_storage\bd74fb19-36b5-4490-bf28-1065b3205e6f\30

Filesize
10.0MB

MD5
6e51fb98eec7ff49dcab39b84af7e17a

SHA1
63b9935c758ce766ef5b2c93f55fa41d1976d63d

SHA256
664e8678a53d2455797feca6c77ae5e6869dbe9c7f9eba5810085c16bbb8e8a6

SHA512
12370a986c7fa4fbacf56f9e9bdeef7c1fbf462ac012dbc6e4d0da54cb0b881010de681eb4d0ee4c6d96f56d1b95575e829b9cfdfdc87141aaa85e851f682725

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\blob_storage\bd74fb19-36b5-4490-bf28-1065b3205e6f\33

Filesize
10.0MB

MD5
acbc3282d5870e9c40a93423f1097654

SHA1
ed9f447230e91e1ae01d082a95777f68ceacbae3

SHA256
d4e15443630f45654c96064c8772cf41ddd73face9ef1ef3652a1064b9e79af5

SHA512
9846e280feb5c3d6f473897e950fd3c0edf8a1066a3fcdb8e94297f0bbd3c539885cebc1ba825654d2754d2fbb0c66b8e71a444053b9b2e42a4385e37f1ca243

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\blob_storage\bd74fb19-36b5-4490-bf28-1065b3205e6f\37

Filesize
5.9MB

MD5
3e236ab4d914148efaef4509ae75f632

SHA1
fbc8e60d1ce3c6192842d1d09a264bd3767cdc5f

SHA256
2251cef8efb5bcdffae894d6e1bcf73e1bfaee914a1b1cc4d8a5972b9ea034c1

SHA512
5a64932d423377dcb0016530524b40bb4d173857a14997bf2b9ecb8653a424ae8ebbee3b18d86e3176f4b2fcfc4855f97d6e23735db673d08af3b462e69375fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\blob_storage\bd74fb19-36b5-4490-bf28-1065b3205e6f\41

Filesize
37KB

MD5
b3f39ab15b97e87b47316e916349e4e8

SHA1
8b215c4a6b7c3d5a2ad657261675c3c47af4e322

SHA256
963255e305f9290d5630932af330e7d875aad5b263d80dbb5dcf2ea911399fc0

SHA512
5d6bf94da3d89752383e1b5c886b17e4ecbdabe6b9219dd906c65cb4dc13bd97ea56b2c6a825ea9af40f3b925002e1cf6d1d08ebae48cbab12bcfade6a64d75b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ac713432-119f-4749-aa7b-c5b3d2349c3d.tmp

Filesize
114KB

MD5
638b6c48ea1fbc19bba666cd704d12e9

SHA1
78aa1dbefb5af8c23ee69ebf0817c63f1ad06efc

SHA256
ea6ed2eb51db3c57a1126206209c94fc72847975231a0e4f84d2561478758877

SHA512
99730642d9d94c7d5817d17a0f4716462d76f6114a078e6733aadb31ebc962b26bd9c7e88aab0e0577744f5a395a42c6aa770f7d9ce7289c0bb17c0d374e1d62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit