hxxp://ww1[.]wwwtelcel[.]com/

Analysis

max time kernel
149s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
07/07/2023, 17:26

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://ww1.wwwtelcel.com/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133332244122746988"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4224	chrome.exe
4224	chrome.exe
820	chrome.exe
820	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe
Token: SeShutdownPrivilege	4224	chrome.exe
Token: SeCreatePagefilePrivilege	4224	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe
4224	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4224 wrote to memory of 1928	4224	chrome.exe	65
PID 4224 wrote to memory of 1928	4224	chrome.exe	65
PID 4224 wrote to memory of 1676	4224	chrome.exe	90
PID 4224 wrote to memory of 1676	4224	chrome.exe	90
PID 4224 wrote to memory of 1676	4224	chrome.exe	90
PID 4224 wrote to memory of 1676	4224	chrome.exe	90
PID 4224 wrote to memory of 1676	4224	chrome.exe	90
PID 4224 wrote to memory of 1676	4224	chrome.exe	90
PID 4224 wrote to memory of 1676	4224	chrome.exe	90
PID 4224 wrote to memory of 1676	4224	chrome.exe	90
PID 4224 wrote to memory of 1676	4224	chrome.exe	90
PID 4224 wrote to memory of 1676	4224	chrome.exe	90
PID 4224 wrote to memory of 1676	4224	chrome.exe	90
PID 4224 wrote to memory of 1676	4224	chrome.exe	90
PID 4224 wrote to memory of 1676	4224	chrome.exe	90
PID 4224 wrote to memory of 1676	4224	chrome.exe	90
PID 4224 wrote to memory of 1676	4224	chrome.exe	90
PID 4224 wrote to memory of 1676	4224	chrome.exe	90
PID 4224 wrote to memory of 1676	4224	chrome.exe	90
PID 4224 wrote to memory of 1676	4224	chrome.exe	90
PID 4224 wrote to memory of 1676	4224	chrome.exe	90
PID 4224 wrote to memory of 1676	4224	chrome.exe	90
PID 4224 wrote to memory of 1676	4224	chrome.exe	90
PID 4224 wrote to memory of 1676	4224	chrome.exe	90
PID 4224 wrote to memory of 1676	4224	chrome.exe	90
PID 4224 wrote to memory of 1676	4224	chrome.exe	90
PID 4224 wrote to memory of 1676	4224	chrome.exe	90
PID 4224 wrote to memory of 1676	4224	chrome.exe	90
PID 4224 wrote to memory of 1676	4224	chrome.exe	90
PID 4224 wrote to memory of 1676	4224	chrome.exe	90
PID 4224 wrote to memory of 1676	4224	chrome.exe	90
PID 4224 wrote to memory of 1676	4224	chrome.exe	90
PID 4224 wrote to memory of 1676	4224	chrome.exe	90
PID 4224 wrote to memory of 1676	4224	chrome.exe	90
PID 4224 wrote to memory of 1676	4224	chrome.exe	90
PID 4224 wrote to memory of 1676	4224	chrome.exe	90
PID 4224 wrote to memory of 1676	4224	chrome.exe	90
PID 4224 wrote to memory of 1676	4224	chrome.exe	90
PID 4224 wrote to memory of 1676	4224	chrome.exe	90
PID 4224 wrote to memory of 1676	4224	chrome.exe	90
PID 4224 wrote to memory of 4344	4224	chrome.exe	86
PID 4224 wrote to memory of 4344	4224	chrome.exe	86
PID 4224 wrote to memory of 4584	4224	chrome.exe	87
PID 4224 wrote to memory of 4584	4224	chrome.exe	87
PID 4224 wrote to memory of 4584	4224	chrome.exe	87
PID 4224 wrote to memory of 4584	4224	chrome.exe	87
PID 4224 wrote to memory of 4584	4224	chrome.exe	87
PID 4224 wrote to memory of 4584	4224	chrome.exe	87
PID 4224 wrote to memory of 4584	4224	chrome.exe	87
PID 4224 wrote to memory of 4584	4224	chrome.exe	87
PID 4224 wrote to memory of 4584	4224	chrome.exe	87
PID 4224 wrote to memory of 4584	4224	chrome.exe	87
PID 4224 wrote to memory of 4584	4224	chrome.exe	87
PID 4224 wrote to memory of 4584	4224	chrome.exe	87
PID 4224 wrote to memory of 4584	4224	chrome.exe	87
PID 4224 wrote to memory of 4584	4224	chrome.exe	87
PID 4224 wrote to memory of 4584	4224	chrome.exe	87
PID 4224 wrote to memory of 4584	4224	chrome.exe	87
PID 4224 wrote to memory of 4584	4224	chrome.exe	87
PID 4224 wrote to memory of 4584	4224	chrome.exe	87
PID 4224 wrote to memory of 4584	4224	chrome.exe	87
PID 4224 wrote to memory of 4584	4224	chrome.exe	87
PID 4224 wrote to memory of 4584	4224	chrome.exe	87
PID 4224 wrote to memory of 4584	4224	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://ww1.wwwtelcel.com/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffe44c9758,0x7fffe44c9768,0x7fffe44c9778
  2⤵
  PID:1928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1908 --field-trial-handle=1848,i,14367106264768928039,10308564708355289465,131072 /prefetch:8
  2⤵
  PID:4344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2248 --field-trial-handle=1848,i,14367106264768928039,10308564708355289465,131072 /prefetch:8
  2⤵
  PID:4584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2932 --field-trial-handle=1848,i,14367106264768928039,10308564708355289465,131072 /prefetch:1
  2⤵
  PID:3708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2920 --field-trial-handle=1848,i,14367106264768928039,10308564708355289465,131072 /prefetch:1
  2⤵
  PID:3884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1708 --field-trial-handle=1848,i,14367106264768928039,10308564708355289465,131072 /prefetch:2
  2⤵
  PID:1676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3444 --field-trial-handle=1848,i,14367106264768928039,10308564708355289465,131072 /prefetch:1
  2⤵
  PID:4964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5044 --field-trial-handle=1848,i,14367106264768928039,10308564708355289465,131072 /prefetch:8
  2⤵
  PID:4384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5048 --field-trial-handle=1848,i,14367106264768928039,10308564708355289465,131072 /prefetch:8
  2⤵
  PID:3820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 --field-trial-handle=1848,i,14367106264768928039,10308564708355289465,131072 /prefetch:8
  2⤵
  PID:4848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=2936 --field-trial-handle=1848,i,14367106264768928039,10308564708355289465,131072 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3044 --field-trial-handle=1848,i,14367106264768928039,10308564708355289465,131072 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5044 --field-trial-handle=1848,i,14367106264768928039,10308564708355289465,131072 /prefetch:1
  2⤵
  PID:2052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5788 --field-trial-handle=1848,i,14367106264768928039,10308564708355289465,131072 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=6116 --field-trial-handle=1848,i,14367106264768928039,10308564708355289465,131072 /prefetch:1
  2⤵
  PID:2420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=6316 --field-trial-handle=1848,i,14367106264768928039,10308564708355289465,131072 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6600 --field-trial-handle=1848,i,14367106264768928039,10308564708355289465,131072 /prefetch:1
  2⤵
  PID:1912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6624 --field-trial-handle=1848,i,14367106264768928039,10308564708355289465,131072 /prefetch:1
  2⤵
  PID:3840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5680 --field-trial-handle=1848,i,14367106264768928039,10308564708355289465,131072 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5388 --field-trial-handle=1848,i,14367106264768928039,10308564708355289465,131072 /prefetch:1
  2⤵
  PID:1516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3252 --field-trial-handle=1848,i,14367106264768928039,10308564708355289465,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:820

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4912

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
6c51ca3612df07d1d96fac8d4de2e271

SHA1
bcf647285297f754ed5bea8e7be7344352464e2d

SHA256
0241f40343060b5f37ccbba781bad8201f464fedce5df6f392fc5c120db3d344

SHA512
0ca6eecdf0f6e302ecb22f4a1041463511d7bbd2de6a3da01cc91b71ff02c9695ed9207b6d87e9a7334aaceb8d1ff4eeae1656c5c7d6a33d0ed4e65f401f3217

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
12KB

MD5
36d716ff9b0f51824c75dc5263145a80

SHA1
7bcd5a3dff59eb0a823e9e9fab4c47d43ed15764

SHA256
12a88adb70650a52c163397c4abaa85038dff385fd911b8e4148dff7a1978e7a

SHA512
bb46dc4a962cf929889793cc59011bbdccb862c02d03e75ab848fd13390a3f3e88b076ca366cef5391166a4196f5244600529af9d5e4f904de95e7d4a14584eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
a9daa4fc743f1c6288c8c1f40376c98d

SHA1
f1a0b40559d966153e7d55f85fe035417c16bc5c

SHA256
2021fae99504d3211ed5eea53daadbc65f8103bb47374b7f942276604e19488a

SHA512
27a87d28c5baea16086a176a91aee606e712958c9e0c15d19cf955766fbb6dab3e52267131fc0843129dfb541ec8d1e3fedd9d481df4a9b42bc9f2527f706322

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1c9d7c0f96963dbf5695799198a5f82a

SHA1
1e3a7cabefdefb3b9815ecb032239b7d87cd04ac

SHA256
eefd960e17fb4395424388fc71b1ed81ea4ce9c0adce50e6aaeab7942996c9ed

SHA512
4717b9d2a328bf0a0564daeb1d9876342ba7c8e3d065a0e0dce1f74fdf49b1baae709a43082f46a4542e220256959795e580d5be58358bf03f9e28c7edad3b0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c326aa0c02d7d4b6207da011cd5bbead

SHA1
de121490a09ce7228e2f4147a00120f7caed825a

SHA256
ff7bacdd23a5da43e31a73f3833bde01699737e525533dec171faf2792dbfaff

SHA512
30315825d4a7ec882d1fe8cc76950d8b47381a9fbac2c8ac51ba9fdb2d39b27996a5829ad4d1f7711079419c5715b7b1dd5175b970ff5154f6ecb9771815de31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
2ceade21da6b817d37ed9f86962e39e7

SHA1
99e988e23f3fdfc337eca87571bfc280e2cf1b60

SHA256
8f9d3a5070ad37b9f446e18d6e016ae78faff46cefa2f78f2ff8c171fd0cb234

SHA512
a687e77326b3a83ba5ed1904b4ceaa13228e686b5d0ff5c3440e1abd37c90a12b8372a789bb7b475b11c46f914a56dfc1eb60287f5a4cbdddb0ca1dcfa60c8c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\7d0c1aa94858cba6945fea554bc6075c694e1853\index.txt

Filesize
187B

MD5
73409e47c8a33e92bdf927f56d46465f

SHA1
e162fbb714c559b1ea9a267be42ac095406db41f

SHA256
a664e59802afcb2e4ee55d9b798910478834da02cef4749789ec8583009b3a2e

SHA512
6c5ad7de01058016082749195a168390ca51ac4b240523a9effb0d7e3f4dda2dfc2a2513f93b2a192e3286278c4e5e6d35d6a8fec3060ee7d5687497afdd2e09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\7d0c1aa94858cba6945fea554bc6075c694e1853\index.txt

Filesize
194B

MD5
f902ee82569185a96971a58bcaa45c6a

SHA1
418a88f4a3fb1ef8fc5bfd0153b6408e04d51d3b

SHA256
bfdca2af88473b4a2995674f1e00e8a6313994e7fc4a9d2d7f1067552f2549c6

SHA512
5253817a1e6b1c8d8ba81afac4fcf53e933158ff742a824f36473603147bd1bcffc5f22f638b56971fc1d569bf4f04491644837bc3fdd570c2b6e85cf95d26f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\7d0c1aa94858cba6945fea554bc6075c694e1853\index.txt~RFe57b5a4.TMP

Filesize
128B

MD5
e6abc658b64e3282e2e1073fc2bc2c80

SHA1
bd79a610184c4a42aa240f0ce23303bef0ca8080

SHA256
0571c85b8a744d9c2e0348d3631755dbd3e9610e380067f6571d65139a3b88c9

SHA512
688d6b350ef7a0299d6279db7926ec59a70a0d8e88b8f66b282db7efa78ebf2919284ae54cbf73ab74e01a51be71b4aca9c26e43ef16335c0a04ab115d0bc1dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
172KB

MD5
dc012f7c2b6767f99641a380e6fe7318

SHA1
dfd963b28f6f07228ae228440333652c755814f2

SHA256
564ce5a9330c54c3305df71729be1ce65bfb4bf70470322922564edc689df09e

SHA512
78f5fe85658439d92a7f8f3f60dc11e006d0aa628b4de723bdf898e35fdfa9b7949ada26008ce3d1964e7c4c6743a2a851845a2469903f1f8adae2921fa25499

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
172KB

MD5
d1a827059d1bf2d68a1d259cd1f10e02

SHA1
40d1d9c07592b0d5deceadbfa641cac3c60b69ef

SHA256
68c5ffbc4e4c6e10cc14701072a2f2916e2d40b2d58706c74273eeffd3cfa056

SHA512
cd30b70d7da97487846c30d8fb0174914940e10f801420f3c4d2d5e099aeb6674ed0422d570889fa0f2f1cb7f9708e039499a2c15b39d7bc26544204c6593495

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit