hxxp://1v1[.]lol

Analysis

max time kernel
1799s
max time network
1804s
platform
windows11-21h2_x64
resource
win11-20231215-en
resource tags

arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
submitted
23/01/2024, 15:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://1v1.lol

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133504994122944884"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3632047111-1948211978-3010235048-1000\{43BF34CB-69DF-4556-8463-0FFF5FFEE732}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2676	chrome.exe
2676	chrome.exe
4604	chrome.exe
4604	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe
Token: SeShutdownPrivilege	2676	chrome.exe
Token: SeCreatePagefilePrivilege	2676	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe
2676	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2676 wrote to memory of 3372	2676	chrome.exe	54
PID 2676 wrote to memory of 3372	2676	chrome.exe	54
PID 2676 wrote to memory of 952	2676	chrome.exe	84
PID 2676 wrote to memory of 952	2676	chrome.exe	84
PID 2676 wrote to memory of 952	2676	chrome.exe	84
PID 2676 wrote to memory of 952	2676	chrome.exe	84
PID 2676 wrote to memory of 952	2676	chrome.exe	84
PID 2676 wrote to memory of 952	2676	chrome.exe	84
PID 2676 wrote to memory of 952	2676	chrome.exe	84
PID 2676 wrote to memory of 952	2676	chrome.exe	84
PID 2676 wrote to memory of 952	2676	chrome.exe	84
PID 2676 wrote to memory of 952	2676	chrome.exe	84
PID 2676 wrote to memory of 952	2676	chrome.exe	84
PID 2676 wrote to memory of 952	2676	chrome.exe	84
PID 2676 wrote to memory of 952	2676	chrome.exe	84
PID 2676 wrote to memory of 952	2676	chrome.exe	84
PID 2676 wrote to memory of 952	2676	chrome.exe	84
PID 2676 wrote to memory of 952	2676	chrome.exe	84
PID 2676 wrote to memory of 952	2676	chrome.exe	84
PID 2676 wrote to memory of 952	2676	chrome.exe	84
PID 2676 wrote to memory of 952	2676	chrome.exe	84
PID 2676 wrote to memory of 952	2676	chrome.exe	84
PID 2676 wrote to memory of 952	2676	chrome.exe	84
PID 2676 wrote to memory of 952	2676	chrome.exe	84
PID 2676 wrote to memory of 952	2676	chrome.exe	84
PID 2676 wrote to memory of 952	2676	chrome.exe	84
PID 2676 wrote to memory of 952	2676	chrome.exe	84
PID 2676 wrote to memory of 952	2676	chrome.exe	84
PID 2676 wrote to memory of 952	2676	chrome.exe	84
PID 2676 wrote to memory of 952	2676	chrome.exe	84
PID 2676 wrote to memory of 952	2676	chrome.exe	84
PID 2676 wrote to memory of 952	2676	chrome.exe	84
PID 2676 wrote to memory of 952	2676	chrome.exe	84
PID 2676 wrote to memory of 952	2676	chrome.exe	84
PID 2676 wrote to memory of 952	2676	chrome.exe	84
PID 2676 wrote to memory of 952	2676	chrome.exe	84
PID 2676 wrote to memory of 952	2676	chrome.exe	84
PID 2676 wrote to memory of 952	2676	chrome.exe	84
PID 2676 wrote to memory of 952	2676	chrome.exe	84
PID 2676 wrote to memory of 952	2676	chrome.exe	84
PID 2676 wrote to memory of 4056	2676	chrome.exe	82
PID 2676 wrote to memory of 4056	2676	chrome.exe	82
PID 2676 wrote to memory of 3404	2676	chrome.exe	83
PID 2676 wrote to memory of 3404	2676	chrome.exe	83
PID 2676 wrote to memory of 3404	2676	chrome.exe	83
PID 2676 wrote to memory of 3404	2676	chrome.exe	83
PID 2676 wrote to memory of 3404	2676	chrome.exe	83
PID 2676 wrote to memory of 3404	2676	chrome.exe	83
PID 2676 wrote to memory of 3404	2676	chrome.exe	83
PID 2676 wrote to memory of 3404	2676	chrome.exe	83
PID 2676 wrote to memory of 3404	2676	chrome.exe	83
PID 2676 wrote to memory of 3404	2676	chrome.exe	83
PID 2676 wrote to memory of 3404	2676	chrome.exe	83
PID 2676 wrote to memory of 3404	2676	chrome.exe	83
PID 2676 wrote to memory of 3404	2676	chrome.exe	83
PID 2676 wrote to memory of 3404	2676	chrome.exe	83
PID 2676 wrote to memory of 3404	2676	chrome.exe	83
PID 2676 wrote to memory of 3404	2676	chrome.exe	83
PID 2676 wrote to memory of 3404	2676	chrome.exe	83
PID 2676 wrote to memory of 3404	2676	chrome.exe	83
PID 2676 wrote to memory of 3404	2676	chrome.exe	83
PID 2676 wrote to memory of 3404	2676	chrome.exe	83
PID 2676 wrote to memory of 3404	2676	chrome.exe	83
PID 2676 wrote to memory of 3404	2676	chrome.exe	83

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://1v1.lol
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xe4,0xe8,0xdc,0xe0,0x10c,0x7ff9df019758,0x7ff9df019768,0x7ff9df019778
  2⤵
  PID:3372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1940 --field-trial-handle=1808,i,10291896618252204314,15864770489377983114,131072 /prefetch:8
  2⤵
  PID:4056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2200 --field-trial-handle=1808,i,10291896618252204314,15864770489377983114,131072 /prefetch:8
  2⤵
  PID:3404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1624 --field-trial-handle=1808,i,10291896618252204314,15864770489377983114,131072 /prefetch:2
  2⤵
  PID:952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2804 --field-trial-handle=1808,i,10291896618252204314,15864770489377983114,131072 /prefetch:1
  2⤵
  PID:1228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2796 --field-trial-handle=1808,i,10291896618252204314,15864770489377983114,131072 /prefetch:1
  2⤵
  PID:3388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4368 --field-trial-handle=1808,i,10291896618252204314,15864770489377983114,131072 /prefetch:1
  2⤵
  PID:1876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4888 --field-trial-handle=1808,i,10291896618252204314,15864770489377983114,131072 /prefetch:1
  2⤵
  PID:4040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4648 --field-trial-handle=1808,i,10291896618252204314,15864770489377983114,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:1528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3124 --field-trial-handle=1808,i,10291896618252204314,15864770489377983114,131072 /prefetch:8
  2⤵
  PID:3180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3084 --field-trial-handle=1808,i,10291896618252204314,15864770489377983114,131072 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5676 --field-trial-handle=1808,i,10291896618252204314,15864770489377983114,131072 /prefetch:1
  2⤵
  PID:4688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5472 --field-trial-handle=1808,i,10291896618252204314,15864770489377983114,131072 /prefetch:1
  2⤵
  PID:4540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5400 --field-trial-handle=1808,i,10291896618252204314,15864770489377983114,131072 /prefetch:1
  2⤵
  PID:4456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6160 --field-trial-handle=1808,i,10291896618252204314,15864770489377983114,131072 /prefetch:8
  2⤵
  PID:2652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6624 --field-trial-handle=1808,i,10291896618252204314,15864770489377983114,131072 /prefetch:8
  2⤵
  PID:3420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6744 --field-trial-handle=1808,i,10291896618252204314,15864770489377983114,131072 /prefetch:1
  2⤵
  PID:3652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5428 --field-trial-handle=1808,i,10291896618252204314,15864770489377983114,131072 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4720 --field-trial-handle=1808,i,10291896618252204314,15864770489377983114,131072 /prefetch:1
  2⤵
  PID:2644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5232 --field-trial-handle=1808,i,10291896618252204314,15864770489377983114,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6924 --field-trial-handle=1808,i,10291896618252204314,15864770489377983114,131072 /prefetch:1
  2⤵
  PID:3076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5932 --field-trial-handle=1808,i,10291896618252204314,15864770489377983114,131072 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4720 --field-trial-handle=1808,i,10291896618252204314,15864770489377983114,131072 /prefetch:1
  2⤵
  PID:3036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6900 --field-trial-handle=1808,i,10291896618252204314,15864770489377983114,131072 /prefetch:1
  2⤵
  PID:4012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=7008 --field-trial-handle=1808,i,10291896618252204314,15864770489377983114,131072 /prefetch:1
  2⤵
  PID:3652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5844 --field-trial-handle=1808,i,10291896618252204314,15864770489377983114,131072 /prefetch:1
  2⤵
  PID:3768

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1776

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004BC 0x00000000000004DC
1⤵
PID:3012

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c57b491ed2c91cf373aa37580d19e5e9

SHA1
2f66b4c587e3699b91f5a3abcbb8e68bd57c3592

SHA256
ba2e93acc447f1d77cb70e5b23fb1c2d3c876919aa54cc0bf4ada54dfc12b336

SHA512
21e42bbc155b6140da09cf59147f523ed03cf034c865434217659b5158ce9c6649a18de34c0d8f75ff3d7e8c8a6e0885083299a53f8f80e653211201948c49af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
89a25c94640668216e3edfb7895aaf14

SHA1
b91e74b1a0f79e93cedf710f96e6c320afd58c1d

SHA256
60abf7ff8b695170ae6632b645522777bfaa57d43398cc1ebd2b536899237ce6

SHA512
77075ec8b55e0fc30e3fd04290fec53de580fd546992a91f1a2cc576d09cbdd259ae7b6184d58e6ead26bc3e6f7bea897fdc276d3fbb61aae779f77f5b39444f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_1v1.lol_0.indexeddb.blob\5\00\37

Filesize
58.0MB

MD5
21fa4839bef1e60ca49a576344b1c39a

SHA1
b4dfe45fb4ca6300a55e03c8992d9271dcea7c51

SHA256
ba0a9ba96e6a55cc94b0c06baea062d2dd0d517a705925d802441c490f2e993b

SHA512
34e3c355f8fd4012c3a2cb34adf4a84fa40a3f287af077a49b3c27fbdf62d5945604c5e00a8a3cf041d76706b6637a0a321fb06d293f0ce9b2c6f321d8cf2eec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_1v1.lol_0.indexeddb.blob\5\00\52

Filesize
512KB

MD5
32918d01b4334c4868664d129f933423

SHA1
f1d3c23a101904eff998afde4237c89253734a9e

SHA256
fdcacc299eef8d8c373e06c01942817b6c971c980ed086b549edf6581c012224

SHA512
fdb955f7d98882068ce2c714c321de64a6dec62131d0b8d206d86c3fff2552d19327aeb67df2ea22861e33dbf18f4c785f4189f8dec8444c1dc7dbe24e0ea313

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_1v1.lol_0.indexeddb.blob\5\00\53

Filesize
1.9MB

MD5
8ed205744f23fb3d3689397bcb6973f7

SHA1
2f442282748fed0b63c9f84ab24f80f8081d7191

SHA256
23ce89ce056412685279cd9f38bbdbb3df0ffa49b8ed668adf933662037b4aca

SHA512
2540375798e0f481cd1ad72b632768ad37089fc58b42fbf8df40c47f2e3051fe25f73af970f7b0f3412dc9697a9d40ae12eb69479cef3d11cebef78ad0828917

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_1v1.lol_0.indexeddb.blob\5\00\54

Filesize
512KB

MD5
7c476a208f7ac91dc59c665f50b32d7b

SHA1
a62839640c74b6a6638f17a93881252d2fef0568

SHA256
eb7d13b7cb7c309d27c98c33a470f3e08b491e5807801d4178ce54d1e308ce19

SHA512
bb2c41b16046d150dee7db4b8d740075a60530322d510815eb685f2042fd93dfe0ff82bcd99e4bfc82493baf68b8d1eb3f6672280538cec83c3727b1dea42de8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_1v1.lol_0.indexeddb.blob\5\00\55

Filesize
2.6MB

MD5
2a9bed975816f461abd8dcbef25b61e4

SHA1
257c4cb662b9539cdcbebad0b16e88e917643188

SHA256
3b5d179aff12f930bce30efd065297555ee98958876f2a6a9a2f2ef7d90c3454

SHA512
a3e62ebeb9157408f74897cb924572c2a9c7ed4ffabb22500a1d1170654fc64ca7510fb838f6c9e112ca779b5b061c91747a01c3a9524e6b4c7beb5371b63e7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_1v1.lol_0.indexeddb.blob\5\00\56

Filesize
1.3MB

MD5
60d785b27394d009bc06620cf95d1465

SHA1
da1b21054d50d345fd69b5832ecb24b3a2c883b1

SHA256
36ea133661d6e3bfa01e85b25117216a443c518be390a4dafd9d1e68ac40580b

SHA512
cf504f782bd70ee5aa51aabf40d26c21f02806e5f7b7ebe2be5ab3b09e2a1afb8b64da57945ed2e34283d85405272e578520e5ccf4e2d8bebaa812d245c6f306

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
30b96287dc6dafbf36f7ebfc0dc1d61c

SHA1
31f08a62c1cc4d8d5f5c0bed8b1fb8777a1ff777

SHA256
e77b6d6dc862b6cb1681fd6b450a4728f1b24992388433127b4e51192364bff2

SHA512
e8329a873ee4aa293b1586e17366af7f5014207dca04b062503b1a9e444edd2133e4d9177cc85d4d76ceae924fdd4b5bb7cc0947227b7e8703e8f7feacd3b79d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
0aa0339be5cfbe9f045fba8b845d544b

SHA1
9494185dc3f66fdba5d47067f37b3ad327dfd6a1

SHA256
520220931d856603bb4e5eb07521200b968c7faa6a10fe3ccd29e400871dce2b

SHA512
23059939ce7d7a61763e725cfd00332d65cd2a8900b2c32f7d5e2d28b0fdab9db13edebd02bdfc9156b3b1a137fb4cc63525f6e6baac746e3294c3b22b202c84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
e90a44a63975e3e81c9766940f282ee8

SHA1
efe9f4652fbec7caff44b26acb986c744d9f9095

SHA256
96d6049c9fb0fa6db2c8e54e95c56e6102f4e1481ad0807f27e02864b3e32403

SHA512
2b61952b2da591e1b5e1c4ba801a1bd4a0175fc3e6b5c1ff2633ee2664b4057aa38247cabfc86d909e82abf07ef5bbf7bb19f4c7800a2a8b7a39ea99c5c76d8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
49476213ab2ce330c503aaace6111bb7

SHA1
9f19d363fd121f6a2d10bf9961800a16321771f6

SHA256
af4b544bf44303d0cacaebfe0a98ac4b6c4e998ab1108b5d9cfc21648a217330

SHA512
34b40bd35016a59564a7834ea6785ebf02cedd92f0e4f20dcca4a319a87d1375c79bab4cee72b156f3485f26da3761d579cfb29e1cca9a2c087411aef9b23b58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f6dbf69cbc3093e84084f95c9ef23269

SHA1
6a8e0ce5a0bc0cedfd219957e57dfd12955b3ec3

SHA256
40f6125cae06cb53e66d1eff4038c49f79a3ae87485d13ecc915130e8fc771b2

SHA512
5a2b2a4767a0d288cc2a230977e9cfce22ed6abc7f700254570e7967983460415ce41076e7b00a3fad6839fa64f65681ae33d6c6aea8b809212e8edd80075654

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f361b622804009ad81b55bd4886623ff

SHA1
7579e34542043467f2119226a17ab2ebe15779cc

SHA256
25e3c1520eae8964c6b4c4fc6666b9ebcdf1adc2af3d69b951b789ef804c78af

SHA512
24f6355e5e1694d62c5a030afd800d293509293da1fac06ac26a4a960f6bcd68814acd09bccde06c6e5863ebb9523957de70bc9693841809cc77b30528c501d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
fa8aa0e8ee3cfd4861a627dbe876bdb1

SHA1
2e3e85a264063c8fac21d5cefef7c9cf80a97850

SHA256
232bbc0371a67b633dbc238143303b9f3e4beb695af417619d0670883769fcdc

SHA512
aabc43d403b0a6c69dc28c9f000d06240b580c75eeeb7c94e3fce8e57c62e3688b57be61aa64c3187a68e1d034eb61af545a58169f8cd3a9d9b80489d2f125db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
cfb5ff724d032d06886f7caf99691c84

SHA1
6d0d26d9223be79ae058b09eb930a86918dfc25d

SHA256
b240c5f8b55bdc3379e15959f452476fb23d729a3aac5ed4ec15dc976be61c78

SHA512
9f33a91d009a3a8c18edf0c1ad427fea33266987cedcae8dce90a23e964d484cec7a30e67cf5608f683a649e47871ab9b1585836a10a9f7910edec68c5d51053

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
87e84354d2ed5e41c33bb47348dd7f8d

SHA1
8af4c1ab414be0686b5c552376937f9a46dca3f7

SHA256
2601f4e8967bf7adb144c39806a372e9fc2dd049cf7adfacbe64ad76406d2818

SHA512
cb74696449eca2d8666fe14e8267b17d254c1b35cf515c2ebda8ae9fc352d2169d12419536c351a35c55cb324fa5bdbabd6e50718c76749f9514fd36688f7d14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c9ddce8e54a03f3c845835346da03124

SHA1
791e88e1891d27502bc4d335edadc820081d27f7

SHA256
984731e54c191eaf4bdfa55eca9bc5d12d630384611ac0be521e69d5b9b042b1

SHA512
878de60311e70a302f104d91c639d0877fa218c691468567f141bfca5109a5eecff4605465d810c3d9099b198bb7dd4717ed013b7e791c67024d5e12d23def9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2cd4c034802b71e82e2cf77aa1aeeb22

SHA1
8108b0b4d3130df0424879c056e44abb6a2fa67c

SHA256
048291d37e7fcc7cb9ba554e8dc5b7f861a77c7e42d09a1161ab0effc4979d58

SHA512
49a3c17e7eac35b13382d6e73294bd9b70c5f34347be696f248c0cda4b2f84415966466bbc3e99289471dbe1f9ce34b226eb10a47057ec2bdeab1645f1102bc6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3a3c79a9af99073a732b9a89aa6dda23

SHA1
7f785ff60cd5ef40c06ca2f9c0a2a7336014a956

SHA256
9fe0f6799840dd1a67894f0d88f384bf1b9e0c11e00d82c94831abee83e3fa9d

SHA512
82e5d5d0a3f18928862bf0466e73d83925e30598201110a31ba47d6518383be659b2b35220e7dfd3a4a061a1434a935bb821fc6a15bb59037d9eb1bf37c1cf42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\blob_storage\702d8679-1776-4d07-a2e8-ab67a19f5ebb\18

Filesize
10.0MB

MD5
f5a51daa2a56ed5e92fc0869a5358ea7

SHA1
c332b4d3e9b98a23a5d8939dae6bab9728220049

SHA256
5640e80407828b763790f789bf795ea4f49c2812090dc4fc4b208f24ae682884

SHA512
9b594d848f09fcc07923eba83b5fd9a911dc4ef171d8a250b67a33a0edec766c0cfedafbd297ecfbfef0b2b80803c61118f27bcf9a61bc83db723f92ebc7cb8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\blob_storage\702d8679-1776-4d07-a2e8-ab67a19f5ebb\2

Filesize
9.0MB

MD5
efd83f0375f425db2bb6f12cf9a13da8

SHA1
4ae90832d8880598437000375a4e6b78426c0615

SHA256
0f32a73c0a33093f882761429f5b243bc56cc779bb722391d17056e8f9485d5d

SHA512
714c63182b591f3a5b47a4ecd2443eac3a763df57301dada36310a410611a8d9f1acf935ed175145fba3492e8cd785e10ba2e24bd35d0ca03ecc6e025632ef3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\blob_storage\702d8679-1776-4d07-a2e8-ab67a19f5ebb\20

Filesize
10.0MB

MD5
d5708f1b12194a9cd3314c6ae79bc30c

SHA1
450554b149a0fc7cad7f461084857cd06d83d4c8

SHA256
faf5f5dfa2c27bad2c4e2c77421d3306fe86fb0e26d529cd85f58e67cf4a50b2

SHA512
6c568d2f977fae04b3cedc01bd116ff91f25121be901e6e3a466d5b0dca8cb6df9f5afaba7b93126d4820fd21f05be26254fa493a8f91e5e094c8536f3efd133

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\blob_storage\702d8679-1776-4d07-a2e8-ab67a19f5ebb\22

Filesize
10.0MB

MD5
acbc3282d5870e9c40a93423f1097654

SHA1
ed9f447230e91e1ae01d082a95777f68ceacbae3

SHA256
d4e15443630f45654c96064c8772cf41ddd73face9ef1ef3652a1064b9e79af5

SHA512
9846e280feb5c3d6f473897e950fd3c0edf8a1066a3fcdb8e94297f0bbd3c539885cebc1ba825654d2754d2fbb0c66b8e71a444053b9b2e42a4385e37f1ca243

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\blob_storage\702d8679-1776-4d07-a2e8-ab67a19f5ebb\27

Filesize
12.3MB

MD5
53e41e018067acee3fa55f6715e4a549

SHA1
c6b298f22334e02496bb7c0801c10af00be43fba

SHA256
0cafebd8ae61fa377ebe563b6660358b8abcd5280f91a7d3cd2702a90f5a6c54

SHA512
33d17f2b599a1a516b59f06def8dcab6297d29ae18d53ff53ed4b4f21e600030e1c388d8002b87f617a7b26265e6d84a0320713caa461943cf8a40f9779c7a5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\blob_storage\702d8679-1776-4d07-a2e8-ab67a19f5ebb\32

Filesize
6.6MB

MD5
3521d4d3d95eeb04f2306f0da5f20615

SHA1
2521425454ba28c3a69d7782d03ad6bac6a89fae

SHA256
8ac972a622be908cd0687e78ce1a7e7b1db274afd4de026b0d1b15413faa098b

SHA512
0a0da3e1d1e35f52679bb40bcbe8c24d5573a6ac3fc6f9e096f0a85c18726ed28390d4d02394a7b17fa30c183ed98efa13a44fe21bed64975e367f1bc6bfcac1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\blob_storage\702d8679-1776-4d07-a2e8-ab67a19f5ebb\37

Filesize
10.0MB

MD5
5377703891016e723054b4087cbaab93

SHA1
2011fb9eb174d04a48573a2d71178943ccf60c9d

SHA256
f3d4c0099ec42707457cfbec401f5caef880caecb57440d7edc3fc3b5850a72d

SHA512
3fa7e29ae30b7de45ccad2316e0df098dae46c4629bfdf4169c5a57fadca934d38d641b2b136de6e6defa3c743d57aa2ab1e827c24deac8a4386b9d572184381

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\blob_storage\702d8679-1776-4d07-a2e8-ab67a19f5ebb\47

Filesize
6.7MB

MD5
2754b9ecad2aa5b9ea8f7acc1e4584c2

SHA1
d46822f09ec9f2faf4445f0c4108d84d6fa6c709

SHA256
89f7ef98fda806f0a58ff9f0ffa850b73fe06a18f9950c39a4f693bd7781acbd

SHA512
7a0cabf9c1d171ad0390489c26160144bc472624f6400b35c20d837fac0781c9b6c49652b9464187bb194b9f2fafa4273b6da2d7f1462062f2698a6a2696d60a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\blob_storage\702d8679-1776-4d07-a2e8-ab67a19f5ebb\49

Filesize
4.9MB

MD5
81f63431dad3b4e0c935901c59be81ef

SHA1
c60542979149aeb9b77d870e7102ce014f4feaaa

SHA256
b2b824c8454b6d2c1e9c5e866606401cf6dae89f57b2704b5fad6e838b35251f

SHA512
411b54435c2d2d75b6626b29510e8a734302fbd8692dcb65057cf75d4afbba0f43d849cf6c37765e8b48b2a1d365bee7c9cd6400c1c948a404d771a6286b1890

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\blob_storage\702d8679-1776-4d07-a2e8-ab67a19f5ebb\5

Filesize
960KB

MD5
da42a8862d0d7863a5844ec50607c195

SHA1
dce3b27fb4cb922c58fb692501691d13209b85f5

SHA256
9d93b3502fad50c60c6000b4d7242d157ddeead38a29b994f368398debe25f57

SHA512
3c283531fa91c54faf74bfc3224cd335e8f52d1870b1147da9c276363c18dd0758c6715272a27d2b7539c854893d11496c0445a6c8f3dce831494f06fcfca95e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
19968701a8b54bbf3702f4faf00da2b3

SHA1
2a04927ba907facfcb3f7d8a2547ea3930c58dd0

SHA256
2d9dfdffe82cdc06f919df68f989bc314c8008d7aea7f8e6396aaea9de350965

SHA512
5eaabb6e3a345ea5eff2a563cb7db5fcdc7e5bf1ef8400f40613a0859d6079be00dd79b3d6399c2e3b3b3af967cfaf421699158d2d6908439c002aaa579ea471

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit