hxxp://claro[.]cc

Analysis

max time kernel
750s
max time network
756s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
11-07-2023 12:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://claro.cc

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133335524482216753"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3820	chrome.exe
3820	chrome.exe
3816	chrome.exe
3816	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3820	chrome.exe
Token: SeCreatePagefilePrivilege	3820	chrome.exe
Token: SeShutdownPrivilege	3820	chrome.exe
Token: SeCreatePagefilePrivilege	3820	chrome.exe
Token: SeShutdownPrivilege	3820	chrome.exe
Token: SeCreatePagefilePrivilege	3820	chrome.exe
Token: SeShutdownPrivilege	3820	chrome.exe
Token: SeCreatePagefilePrivilege	3820	chrome.exe
Token: SeShutdownPrivilege	3820	chrome.exe
Token: SeCreatePagefilePrivilege	3820	chrome.exe
Token: SeShutdownPrivilege	3820	chrome.exe
Token: SeCreatePagefilePrivilege	3820	chrome.exe
Token: SeShutdownPrivilege	3820	chrome.exe
Token: SeCreatePagefilePrivilege	3820	chrome.exe
Token: SeShutdownPrivilege	3820	chrome.exe
Token: SeCreatePagefilePrivilege	3820	chrome.exe
Token: SeShutdownPrivilege	3820	chrome.exe
Token: SeCreatePagefilePrivilege	3820	chrome.exe
Token: SeShutdownPrivilege	3820	chrome.exe
Token: SeCreatePagefilePrivilege	3820	chrome.exe
Token: SeShutdownPrivilege	3820	chrome.exe
Token: SeCreatePagefilePrivilege	3820	chrome.exe
Token: SeShutdownPrivilege	3820	chrome.exe
Token: SeCreatePagefilePrivilege	3820	chrome.exe
Token: SeShutdownPrivilege	3820	chrome.exe
Token: SeCreatePagefilePrivilege	3820	chrome.exe
Token: SeShutdownPrivilege	3820	chrome.exe
Token: SeCreatePagefilePrivilege	3820	chrome.exe
Token: SeShutdownPrivilege	3820	chrome.exe
Token: SeCreatePagefilePrivilege	3820	chrome.exe
Token: SeShutdownPrivilege	3820	chrome.exe
Token: SeCreatePagefilePrivilege	3820	chrome.exe
Token: SeShutdownPrivilege	3820	chrome.exe
Token: SeCreatePagefilePrivilege	3820	chrome.exe
Token: SeShutdownPrivilege	3820	chrome.exe
Token: SeCreatePagefilePrivilege	3820	chrome.exe
Token: SeShutdownPrivilege	3820	chrome.exe
Token: SeCreatePagefilePrivilege	3820	chrome.exe
Token: SeShutdownPrivilege	3820	chrome.exe
Token: SeCreatePagefilePrivilege	3820	chrome.exe
Token: SeShutdownPrivilege	3820	chrome.exe
Token: SeCreatePagefilePrivilege	3820	chrome.exe
Token: SeShutdownPrivilege	3820	chrome.exe
Token: SeCreatePagefilePrivilege	3820	chrome.exe
Token: SeShutdownPrivilege	3820	chrome.exe
Token: SeCreatePagefilePrivilege	3820	chrome.exe
Token: SeShutdownPrivilege	3820	chrome.exe
Token: SeCreatePagefilePrivilege	3820	chrome.exe
Token: SeShutdownPrivilege	3820	chrome.exe
Token: SeCreatePagefilePrivilege	3820	chrome.exe
Token: SeShutdownPrivilege	3820	chrome.exe
Token: SeCreatePagefilePrivilege	3820	chrome.exe
Token: SeShutdownPrivilege	3820	chrome.exe
Token: SeCreatePagefilePrivilege	3820	chrome.exe
Token: SeShutdownPrivilege	3820	chrome.exe
Token: SeCreatePagefilePrivilege	3820	chrome.exe
Token: SeShutdownPrivilege	3820	chrome.exe
Token: SeCreatePagefilePrivilege	3820	chrome.exe
Token: SeShutdownPrivilege	3820	chrome.exe
Token: SeCreatePagefilePrivilege	3820	chrome.exe
Token: SeShutdownPrivilege	3820	chrome.exe
Token: SeCreatePagefilePrivilege	3820	chrome.exe
Token: SeShutdownPrivilege	3820	chrome.exe
Token: SeCreatePagefilePrivilege	3820	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe
3820	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3820 wrote to memory of 1184	3820	chrome.exe	39
PID 3820 wrote to memory of 1184	3820	chrome.exe	39
PID 3820 wrote to memory of 4684	3820	chrome.exe	86
PID 3820 wrote to memory of 4684	3820	chrome.exe	86
PID 3820 wrote to memory of 4684	3820	chrome.exe	86
PID 3820 wrote to memory of 4684	3820	chrome.exe	86
PID 3820 wrote to memory of 4684	3820	chrome.exe	86
PID 3820 wrote to memory of 4684	3820	chrome.exe	86
PID 3820 wrote to memory of 4684	3820	chrome.exe	86
PID 3820 wrote to memory of 4684	3820	chrome.exe	86
PID 3820 wrote to memory of 4684	3820	chrome.exe	86
PID 3820 wrote to memory of 4684	3820	chrome.exe	86
PID 3820 wrote to memory of 4684	3820	chrome.exe	86
PID 3820 wrote to memory of 4684	3820	chrome.exe	86
PID 3820 wrote to memory of 4684	3820	chrome.exe	86
PID 3820 wrote to memory of 4684	3820	chrome.exe	86
PID 3820 wrote to memory of 4684	3820	chrome.exe	86
PID 3820 wrote to memory of 4684	3820	chrome.exe	86
PID 3820 wrote to memory of 4684	3820	chrome.exe	86
PID 3820 wrote to memory of 4684	3820	chrome.exe	86
PID 3820 wrote to memory of 4684	3820	chrome.exe	86
PID 3820 wrote to memory of 4684	3820	chrome.exe	86
PID 3820 wrote to memory of 4684	3820	chrome.exe	86
PID 3820 wrote to memory of 4684	3820	chrome.exe	86
PID 3820 wrote to memory of 4684	3820	chrome.exe	86
PID 3820 wrote to memory of 4684	3820	chrome.exe	86
PID 3820 wrote to memory of 4684	3820	chrome.exe	86
PID 3820 wrote to memory of 4684	3820	chrome.exe	86
PID 3820 wrote to memory of 4684	3820	chrome.exe	86
PID 3820 wrote to memory of 4684	3820	chrome.exe	86
PID 3820 wrote to memory of 4684	3820	chrome.exe	86
PID 3820 wrote to memory of 4684	3820	chrome.exe	86
PID 3820 wrote to memory of 4684	3820	chrome.exe	86
PID 3820 wrote to memory of 4684	3820	chrome.exe	86
PID 3820 wrote to memory of 4684	3820	chrome.exe	86
PID 3820 wrote to memory of 4684	3820	chrome.exe	86
PID 3820 wrote to memory of 4684	3820	chrome.exe	86
PID 3820 wrote to memory of 4684	3820	chrome.exe	86
PID 3820 wrote to memory of 4684	3820	chrome.exe	86
PID 3820 wrote to memory of 4684	3820	chrome.exe	86
PID 3820 wrote to memory of 4216	3820	chrome.exe	87
PID 3820 wrote to memory of 4216	3820	chrome.exe	87
PID 3820 wrote to memory of 1428	3820	chrome.exe	88
PID 3820 wrote to memory of 1428	3820	chrome.exe	88
PID 3820 wrote to memory of 1428	3820	chrome.exe	88
PID 3820 wrote to memory of 1428	3820	chrome.exe	88
PID 3820 wrote to memory of 1428	3820	chrome.exe	88
PID 3820 wrote to memory of 1428	3820	chrome.exe	88
PID 3820 wrote to memory of 1428	3820	chrome.exe	88
PID 3820 wrote to memory of 1428	3820	chrome.exe	88
PID 3820 wrote to memory of 1428	3820	chrome.exe	88
PID 3820 wrote to memory of 1428	3820	chrome.exe	88
PID 3820 wrote to memory of 1428	3820	chrome.exe	88
PID 3820 wrote to memory of 1428	3820	chrome.exe	88
PID 3820 wrote to memory of 1428	3820	chrome.exe	88
PID 3820 wrote to memory of 1428	3820	chrome.exe	88
PID 3820 wrote to memory of 1428	3820	chrome.exe	88
PID 3820 wrote to memory of 1428	3820	chrome.exe	88
PID 3820 wrote to memory of 1428	3820	chrome.exe	88
PID 3820 wrote to memory of 1428	3820	chrome.exe	88
PID 3820 wrote to memory of 1428	3820	chrome.exe	88
PID 3820 wrote to memory of 1428	3820	chrome.exe	88
PID 3820 wrote to memory of 1428	3820	chrome.exe	88
PID 3820 wrote to memory of 1428	3820	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://claro.cc
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb06b09758,0x7ffb06b09768,0x7ffb06b09778
  2⤵
  PID:1184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 --field-trial-handle=1892,i,10899379054956270459,13343995344497673361,131072 /prefetch:2
  2⤵
  PID:4684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1892,i,10899379054956270459,13343995344497673361,131072 /prefetch:8
  2⤵
  PID:4216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1892,i,10899379054956270459,13343995344497673361,131072 /prefetch:8
  2⤵
  PID:1428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3036 --field-trial-handle=1892,i,10899379054956270459,13343995344497673361,131072 /prefetch:1
  2⤵
  PID:3268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3004 --field-trial-handle=1892,i,10899379054956270459,13343995344497673361,131072 /prefetch:1
  2⤵
  PID:4192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4552 --field-trial-handle=1892,i,10899379054956270459,13343995344497673361,131072 /prefetch:1
  2⤵
  PID:4908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5044 --field-trial-handle=1892,i,10899379054956270459,13343995344497673361,131072 /prefetch:8
  2⤵
  PID:2644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 --field-trial-handle=1892,i,10899379054956270459,13343995344497673361,131072 /prefetch:8
  2⤵
  PID:960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=2716 --field-trial-handle=1892,i,10899379054956270459,13343995344497673361,131072 /prefetch:1
  2⤵
  PID:1824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5244 --field-trial-handle=1892,i,10899379054956270459,13343995344497673361,131072 /prefetch:1
  2⤵
  PID:620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5248 --field-trial-handle=1892,i,10899379054956270459,13343995344497673361,131072 /prefetch:8
  2⤵
  PID:4980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5360 --field-trial-handle=1892,i,10899379054956270459,13343995344497673361,131072 /prefetch:8
  2⤵
  PID:220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5524 --field-trial-handle=1892,i,10899379054956270459,13343995344497673361,131072 /prefetch:1
  2⤵
  PID:4384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4652 --field-trial-handle=1892,i,10899379054956270459,13343995344497673361,131072 /prefetch:1
  2⤵
  PID:1132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4720 --field-trial-handle=1892,i,10899379054956270459,13343995344497673361,131072 /prefetch:1
  2⤵
  PID:224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5644 --field-trial-handle=1892,i,10899379054956270459,13343995344497673361,131072 /prefetch:8
  2⤵
  PID:4016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 --field-trial-handle=1892,i,10899379054956270459,13343995344497673361,131072 /prefetch:8
  2⤵
  PID:408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5840 --field-trial-handle=1892,i,10899379054956270459,13343995344497673361,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5932 --field-trial-handle=1892,i,10899379054956270459,13343995344497673361,131072 /prefetch:1
  2⤵
  PID:3668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4572 --field-trial-handle=1892,i,10899379054956270459,13343995344497673361,131072 /prefetch:1
  2⤵
  PID:1964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6124 --field-trial-handle=1892,i,10899379054956270459,13343995344497673361,131072 /prefetch:1
  2⤵
  PID:4952

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3084

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
52KB

MD5
b1b34a3e7160942246a5237e5eb09b0c

SHA1
bc3ef866e9315516fd3798014d1b7050797e7131

SHA256
d4e2c15c0f5fa363070aba567212e1423d7c9bcb5415ec8882b8c63e54082fe2

SHA512
9ee6d19e942cfd66c1e4b47283ef9ce35b443a486f673a21e6f8d073b18c9ef821df6dda65b1b35d6087f745ae45382382bcc4ea83f2834525328791a79490b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026

Filesize
171KB

MD5
7a88e1edbba1ad7bd345eb14f1377a59

SHA1
b299cf2eacc2d17d1f2fbda9391079b6f05fb022

SHA256
3f6aa29738172f431b8e2af2e39cba0c2f91583d7bc23f988c7b7b35975bef2c

SHA512
48870540a5e7aedf4513610e23dad5d37ff48dde92909345771f7235d4526893e65d11915b46191e62dbe6e9bed4626215703fc90932bdebed356568c1557f95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002f

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
43ea1757df9e5a3a7e9bee8ea56779b1

SHA1
9f5f9eec20d5f4d714f2a7361b36303e0116b739

SHA256
78347e0e9cf4739b99f27305b50e8fc2705eb45dc3d455ec255999305373aaf0

SHA512
c8d5c70e93cee9e1f76d6c2134080454e961a1b920019b9b3d2fe25b03ad64e0b2dfe9b280a572151d5f1ea40e91d36cfa7b97272eba8d65ea2b25d17fb488a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
87ab42373c2caccad37d8f0c7db10af6

SHA1
abe6d074718310f3cff1c35855c16ef36eba273d

SHA256
ee8e8574c1e537353974214611788dccbec48a2f178da9b9a569bc7aaaf7b003

SHA512
cd5f1b04e1fc6227689dd7f0a1674e8dc572ad6f0baa5906451cf05abad4a2fcfde50d174ff87a03ba03184f2da292b977eada7358909ac5ff158bd49a20b32c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
c02c3e8a241a68a763e2806b4e33e2f7

SHA1
09999902d2fdfa215835ef6aa5b563ab94cf45ca

SHA256
c71478aa98e1ab4851d4744ad55132eab0718ab87fc62907cfb5c76d4924f659

SHA512
dca1f959a146d54bfbb676274ae933bad2b2cae5191282ea5fab46760d82fe608d65724f3585f5e328e0dd0f5b4e2c7213d445f021caae256109d74b700feb47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b2ab6a004af3a9e18a4cf38d1fb84753

SHA1
a06b4a6274c65401e5afcb4572a00314f10ae33a

SHA256
37dd1c71f7d16d052a89c1a370e9ff3afbaad17113134177e8f9a9c9dba548de

SHA512
7c25186ff4bb32e30fc30937e2d6bca35d7cc98e14087ddc6e163eab7ddd1ff52a7b98cf3cec44ff7b07b984502978605f6193495b0518aae2bb978607bdee1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
c0aff09ebd4d5b077b2eb83b29e7c6f1

SHA1
40a6fbaf68dc3c8a78180375ce07b1caa411fc99

SHA256
4e45d82f4202acb199c94bdbeb76f57f23823b51e77ded641bdbb085b2972035

SHA512
7b30bc01c1dcfde9bb87cbc45f84dfefd051829ae41a65ed0399d667393179b73c12959b3219c62d8c785beb855306c3fdd74d18fd3351275c2dd912d5937073

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
12aee1a98cd7eb5f9f52dd773768157a

SHA1
51c599e7890015c495742ea346b7b363bf0b198d

SHA256
820453d852df4dca7252dd4b082c9f70fe4a5caba6bf1fb4432f3a1109835e0d

SHA512
fd1c19305ff889b88b9cb763dafadf13e116ce6e1e3a47a47acbbb884759676124b9382c04da3d9327373e635c159d709f21fb2d5295035deadd4f6881e8c603

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\01b11f23-0ced-4483-80c5-e92ea670b534.tmp

Filesize
1KB

MD5
241c86ac2b35d9cb124e8f68c26069da

SHA1
99d0ea83c4fece78038d7b47f2273fa5d0b7d271

SHA256
f6f49217bbf9b0878fcd2f30b8474096343d5b044514cc835f46cc83d83b9510

SHA512
160b00a55d9a11f925549f5db7d40a179d1e9ee6425c99226cebc99d9287e40590e7266a33bc93e49f88e7df531c7b3667c07b4e4bcfe722882f20381e012ff7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
2e677e3ea841bdb0d3e70cbfc7e834f5

SHA1
0f99708ee6e5c4e55122ed9fdcb99fa58f0158f5

SHA256
c9e784f1a2cd1c656621b86f8078fb01e1820790fd3c90d50477eac7cc8a2c91

SHA512
26a602a2a8209087cf888e0262ce9720596cb30b14b881d87e0df11df06e39da6ee84449dfb3d4250516b58a6d1cfc400b8e39d5f860e2be56c02bfab8069aed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
1c0ecc5518eefea07e2d89b600a1722f

SHA1
14169a585c243c51413de0c50746f439bf264689

SHA256
7e44eb1386ecb6858564864d589dbf67834e78f49b5026664717d108793161e2

SHA512
923433df17c5ef5457d1782efa510e5aed545070c5e91f7de2a19954f184d234f3fdf27fc89a5a686de7d4b3af5191f77d7c8a22ea9266edb8a6eb7ebf52db6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
e1f2188706f49aa490fef8595e0672b2

SHA1
258b60408166bcb5b438fd0f10a0845a9cc5fe1d

SHA256
6b58919663800adb14ad6b513d9e8b4944e40fb1be892457fc9a016331f02c2e

SHA512
64b35996ef7b6521b548bc2f21864b9b2cf5628cfcf4872dd4747bc754e86a8aa96384952dae9754b3224ae047bf79f9a1c1137beaa1718851c245f6b58c1086

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
a724081f07cc415b08e198c5d7a1ae49

SHA1
44f74356b8c351e4ab567feb19fbb6cd27a2d9c6

SHA256
95bf314237c79bcc34aa1e9342e15e5b07f24e1dc9dbc99c0c050839a1bc6b7c

SHA512
f674e81d4b40601c9030b8d67bc4724154580b01b75be38fe0d060df117810b224f9d18fb7c84e0a0561bcf19172440735f1429bc87102ecd0fa08bc6dd8d55a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
d7732b42d79b7f85350ab451e527e07c

SHA1
b3d98e0003455abecbacffd5e7a03d4ccf8493b6

SHA256
32ab3212e04a47fcc0bb1b104c9cb91efec909bba8dd05f92f4ccff5eeef2c4e

SHA512
0eb702901a604796c299da064e26c67ffc870a10fe5ac64bfe0e38718471f2380ce153dd63a3d86a783d1cc37a1bfc4918c69da561f0b980ba23650d49f4667c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
873B

MD5
4ae79ebc47049200efa4ca76638e11e2

SHA1
5e9e807507151c52500a8428810f85a78976dac7

SHA256
d4eda98c6e1cd2f1a3f9b26e51f4f377335ea49aefe06c1a0e99a3078346d989

SHA512
5f505380d32bc863036ba612aba9e31e0c7beb97bdfbd63f01cb7f15116e418977364240f8e2cce1227a1f4fde8b11c6eacf9f08a5eec2d4eb40874d4f45d19b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
31c6ca2297bf4a482f4e4d9670efce14

SHA1
c436de429a2c6f0d918c2fd7308fb238ebd220bf

SHA256
463a17be10a702dd49bd767de0f0c6d2f84d9b2c7ddeb40a1ac26305e2978dcb

SHA512
ca6bef9dbba15580028604a25fa5a70ea5a61a6cc010fd24215ed98b3f03e6e7db9c908de10850205cbac858ff29db4a89ad0244fcbc94a118f8baa1b7949577

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
40bc010c249a8d5ac7e11a91e4966fa9

SHA1
c65aa70c4020811bb6307611f551aef35cab141e

SHA256
9fceca39d6f95acca57b34acb09e6ab5f07f69e9ab410ae40b4863c4a36042b3

SHA512
f1a6dc1fdeee82dcc1974f2a3c6adffcb1454272cb20ef9f2c13096fe6120fa313f6ad3f1b527c60ca53dd203a018469ab85e61a64dcd9cc89ac887afe0dfc4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
565a3031af10566f0ac391920294dc80

SHA1
37de04aac2c760dec8dcec7bc19cc1781bd06849

SHA256
ef61304354c97e5fc28f3fc3034e932b270f7cf0b7d22f3de8544dec073e2a74

SHA512
a1b5d18cd6614d496ca4182da0e260f28a945663dc38694d7e325b022663b16f6851f821ad2efadf698376102b9d310c4487bbfb397901e4d69cc9b5e5e707ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
54b9d3ad5c9e94bf3e34638194e5ec23

SHA1
5ac8b29d041ab92bf9041a50e2fe14e1d024ee32

SHA256
60cdefbea2aaaf07512a1e305f10e0b38b77abb3cbe98afb643248276aef2a11

SHA512
17c6dc48fe2bd6cfb49b35522ed453a70f9f9c1cf9bcb6baddefe782a2aa998c2f1e0bb458024e272e81a22bf43a60cf488079ab7b382f617e80e36a89cb5eb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
234d44b16406148593f17c1474bf6378

SHA1
50b021fbdef76596601c0a1586349069fd6560ed

SHA256
a90d4424652a9cd913718151e629c4a260fd4517270887c63b4d263c6e33403f

SHA512
b7e59bd76956c5d7a7686ed745ba666a176ffe04bdc440ed03ea849ca3c0528873205318861ffd913fa4707c1b11456eea34a2bfcb5c6fedeeffd4d735db8eb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
190e5d8c096061b1a3642c60bddf3910

SHA1
a6c9fedcac9a3b9ccfc2985b563cd6e46489a723

SHA256
edcef183d8f3e87bae8d7cf6b3e6631a707cac5921c66a5d786350fbd0851ad8

SHA512
3f70b82b3e96d655a773992f94f6687d482d20d8b1a3d0fbeef4b4588a14fcb974c94b03fc6edd66d02b27279d12536ac10852bd499ecbfa47fbe4a1d130469c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3e8b092797fb1dec09cb327f1232156a

SHA1
9d6b58745be6bb39c90b3726970995142dfce6fb

SHA256
737b0b624248fd32fd6f8431327902e06eb69c975645d6c58890edf1d968799a

SHA512
035aade7da8b2fe3a36b1a2c40a31aa5c3be7a55bce037441f74f8eeff3877b483d705cfcc84d395ba60f417a55149d9b920a082928fffc22451f32a70008214

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
4e80fdbbefab3f874b07d0a765b9c5f1

SHA1
7c99c43f6f4139893eac595defad9c7a760cfa7f

SHA256
ada9248bba871d5916230464e2a9ac54e3811e9195cc69f10710abe4ccf0e3d7

SHA512
d82e8ea1bbd11f4012444f9837304c5ab02b1497cb66ec7d45c55057d43b4f553a18880dd0aeebc7d36a4cad30cc4a6c5641f7f019d42e933fb544d8026653f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
a7680fe04ab230a5f5a1f734c060ea4a

SHA1
45249153d8b422714d7afcde1fa4cb94cc8bb172

SHA256
1a675dee95236bd8b6c3380b74bea562caea58c0f3fab025e8347a51ee5bd9d1

SHA512
e0181e1bea1d209432a784dbb4c6c88d589918fa24704cc42de9f041f956a787dafe846a1044ad0e334e846d84564d141eb42d08a6ee84f08e36ece51257e2e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
972b37116e89c4a1cb47d078ccf33dc1

SHA1
f097016986f067a347ac966d0912fdf3e4f99751

SHA256
23760ea90d13ced77a0fac829440cb235935c127e01a11638930beebb240e60d

SHA512
13c69d6c7b1048ea9825f659b8b3b0b576eb7e19fc7b17d819b1eb9eb078055638feb7ac5fb5096da33c23da5f6e3cdc04ebd86596379e46fff7d699cd6d0880

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f739cd8f66e7571941304e3630a4018a

SHA1
687c66b2d99f5fb88139c170952aea43608fe212

SHA256
c82b446c983af34b5bc7bb6e4b9720ab88ba14abdaa4c5280e760cd685ab7191

SHA512
661049b1130d90ed6f4609c02145d02339040de487395bc4fbcdf62240c57f1a8fa65a80b22b8829e218f42e6d8ab7b885daa97431db05a00b50607d4bbefd38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
1ebf0b31784a57a0a2741524f6080fab

SHA1
e9392c6e6e12e8a629641c9e12b901e83cb81ee6

SHA256
4be2c5cd734f95071212b0aac62d8a86000508c1c629ff698a2d3d116b3df78b

SHA512
d341c77ce3ae36cab4e861a4bc1f51b9aeee6d8bf39917e6ae8e7e8233d68cef0f279c382219a856e83755c80c9296efe2e806c043ab3a3b811744f5900d66fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
de629cc6803b6d1ddbf924cbb189d4de

SHA1
e57bd8202e3a66e8dc8001ad09265f7e5d1d7d2d

SHA256
a729267da0c92482953645ae75f5f42fe8f0b9917fa11262d150be6d702f6ea0

SHA512
7dec7135a5806551d6b876ca2d48d8a4a9d79763b0c023a084d05e8ec1b4c4ca5303bc5bbe2d2896af0630082ab44435bc4b6bcf7651aa22ecc280855fb507b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
397db6cf9e854d9cdcd9a5f68bee7a4a

SHA1
5d87c45a02dc662b0e2ef65a217435a9268f2b2c

SHA256
c762f48cf4c143018f93df1dcbb234830f118b5def07761a8a50e0604d4fe65f

SHA512
9c31a5ef72cde9c32e54e2936bfbf76d5c98ffc3ec83c01716fc59757115b405d413af9b0cf6f4344701ae3a38f992894b74952f455faf199745b773444125f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59f68b.TMP

Filesize
48B

MD5
8e165f812fd1f3e3e8c2a4aa392ad31d

SHA1
4c97fd3d941f6ba85b6f8d6b2bbef5664db84bc2

SHA256
aecd9ef810739aa324efbb1bbf90bbf912ec54b6b240edfe4a6eb699a271d0c5

SHA512
6f0a5954db75fff0c1f4a451268c8b1019d840fe0fe98cde9f32eb58f6f64fa84260d2ec5d1822763f131854d15dce800ecedb298fb108e7459bd8acde7eea8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\bf7da6f5-e3e6-413c-a895-660f5845039d.tmp

Filesize
7KB

MD5
08d43e13341db1b646d1ec166c174530

SHA1
2d5b269815ca860a94c7765b0af23dc5c8686124

SHA256
a54a4916b2a1fc5bb6cd9b8880e49e01a78e3d0fa002be353390af096c739e14

SHA512
ad923552ead5ee841af64829cda9618a440747cd4c9adeb3c5c850c3af27a4774726d268703e1552c98a52c52ad3e2742eff59de575367e3bbccf2c2a1538003

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
172KB

MD5
ff34da50c32f812ab28b8316bae46100

SHA1
03edc0fb61b3d32d10864a0986c9b75109de44b0

SHA256
c79a88fe2a4e6c7cd76d2fcb6ac4f8643516965227f47cddf0d373c15c7b403f

SHA512
e2bfb496204ba3b25d78eada84754d9cf0d4c124864ff2af170325032a44ff9d02eafc0892aa374c44608172eb06f1de650e3eeba9269787e6c905f55ae3454c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
172KB

MD5
2374bc3d7dde08f51a6e82c13bfc9fac

SHA1
9e4d09b575d26431c5fd017e0e51206d100125fc

SHA256
197a30258554246e545afab53a2ac7c2dc6afe330ce6dfbee9c02bc1e6328202

SHA512
2eb3a15276902b3c31a06a0a74279c6eb716655487b23301efd8c9d9fce865ea97769793f7ce28dc7a8231c8418484dce285613b9a526b74699d9140ade81e50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
99KB

MD5
13e75071717a98dbfdc911bd9cac6370

SHA1
5414c784b941e11ec9807c284e79548083ad0f56

SHA256
a89315249d68c74dc7fc4f66c62719bafb9f0e12668735ee7bff63fc8da1bc19

SHA512
109a76c046c28245baac1cf8526b62727ea3b639f97b6d6b2fb74e689d2fee0d84b9a8de2c0ef6cb4c76d1bc5c731b6293cd81ed45c9d57680e1bb73a33f2dbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe59ddc4.TMP

Filesize
97KB

MD5
dfd1ac181aeb514e559c41b4e32e1289

SHA1
effa6e85643f18b3bd21d0d60ce664012b8bc8e0

SHA256
3e0e0432491ef69e07ee1dcb54b09d139da5956c90e33778e78df1300a58c0ef

SHA512
be1dff6dd9b8fcebfa837c430a5e032f2c290bb232ec99878d0271bb45677f34b04b7c485b8d3d07cffc1541ecb26b2ad21b782c352532c4c28d0751d5ea8180

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\e3a5e89e-46b0-45e8-b22e-cd22af05736e.tmp

Filesize
172KB

MD5
112ac3f568a3b37490ea97b09c127c30

SHA1
35d0c658bf331167099328da225f4880b61c317e

SHA256
6d34667c4b68489fe5a7d95d8f950552eeec213f7ec1db31d932cfd909b3018f

SHA512
feb749f55402355fef4756abe72183097b7beaa0e574ecf9d40f0fe92fdd9c216f6ed436dac8fa093729c737f04e8c4e29c07d40fed74603d219a1bfaf9a7ffc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit