314413bf921651d8a282257208f9f56d65be935470fe220b419224d609713e1d

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
13/07/2024, 15:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

lp.js
Size

3KB
MD5

590e6c6e14574cfe939d1fe94250f609
SHA1

05766028e7c1868e4bc4226e6b4bcfb4c6db0cbe
SHA256

314413bf921651d8a282257208f9f56d65be935470fe220b419224d609713e1d
SHA512

18d46166769c70c6b10ead086787040a5b6e987656279e204c6539058c950cd65bc113e0d04dc7b9f0b0f2c373d17706cc206e2d12948a5be946d29a51567abd

Score

3^/10

execution

Malware Config

Signatures

Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133653585992729041"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
880	chrome.exe
880	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe
Token: SeShutdownPrivilege	880	chrome.exe
Token: SeCreatePagefilePrivilege	880	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe
880	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 880 wrote to memory of 1156	880	chrome.exe	92
PID 880 wrote to memory of 1156	880	chrome.exe	92
PID 880 wrote to memory of 2076	880	chrome.exe	93
PID 880 wrote to memory of 2076	880	chrome.exe	93
PID 880 wrote to memory of 2076	880	chrome.exe	93
PID 880 wrote to memory of 2076	880	chrome.exe	93
PID 880 wrote to memory of 2076	880	chrome.exe	93
PID 880 wrote to memory of 2076	880	chrome.exe	93
PID 880 wrote to memory of 2076	880	chrome.exe	93
PID 880 wrote to memory of 2076	880	chrome.exe	93
PID 880 wrote to memory of 2076	880	chrome.exe	93
PID 880 wrote to memory of 2076	880	chrome.exe	93
PID 880 wrote to memory of 2076	880	chrome.exe	93
PID 880 wrote to memory of 2076	880	chrome.exe	93
PID 880 wrote to memory of 2076	880	chrome.exe	93
PID 880 wrote to memory of 2076	880	chrome.exe	93
PID 880 wrote to memory of 2076	880	chrome.exe	93
PID 880 wrote to memory of 2076	880	chrome.exe	93
PID 880 wrote to memory of 2076	880	chrome.exe	93
PID 880 wrote to memory of 2076	880	chrome.exe	93
PID 880 wrote to memory of 2076	880	chrome.exe	93
PID 880 wrote to memory of 2076	880	chrome.exe	93
PID 880 wrote to memory of 2076	880	chrome.exe	93
PID 880 wrote to memory of 2076	880	chrome.exe	93
PID 880 wrote to memory of 2076	880	chrome.exe	93
PID 880 wrote to memory of 2076	880	chrome.exe	93
PID 880 wrote to memory of 2076	880	chrome.exe	93
PID 880 wrote to memory of 2076	880	chrome.exe	93
PID 880 wrote to memory of 2076	880	chrome.exe	93
PID 880 wrote to memory of 2076	880	chrome.exe	93
PID 880 wrote to memory of 2076	880	chrome.exe	93
PID 880 wrote to memory of 2076	880	chrome.exe	93
PID 880 wrote to memory of 4648	880	chrome.exe	94
PID 880 wrote to memory of 4648	880	chrome.exe	94
PID 880 wrote to memory of 3604	880	chrome.exe	95
PID 880 wrote to memory of 3604	880	chrome.exe	95
PID 880 wrote to memory of 3604	880	chrome.exe	95
PID 880 wrote to memory of 3604	880	chrome.exe	95
PID 880 wrote to memory of 3604	880	chrome.exe	95
PID 880 wrote to memory of 3604	880	chrome.exe	95
PID 880 wrote to memory of 3604	880	chrome.exe	95
PID 880 wrote to memory of 3604	880	chrome.exe	95
PID 880 wrote to memory of 3604	880	chrome.exe	95
PID 880 wrote to memory of 3604	880	chrome.exe	95
PID 880 wrote to memory of 3604	880	chrome.exe	95
PID 880 wrote to memory of 3604	880	chrome.exe	95
PID 880 wrote to memory of 3604	880	chrome.exe	95
PID 880 wrote to memory of 3604	880	chrome.exe	95
PID 880 wrote to memory of 3604	880	chrome.exe	95
PID 880 wrote to memory of 3604	880	chrome.exe	95
PID 880 wrote to memory of 3604	880	chrome.exe	95
PID 880 wrote to memory of 3604	880	chrome.exe	95
PID 880 wrote to memory of 3604	880	chrome.exe	95
PID 880 wrote to memory of 3604	880	chrome.exe	95
PID 880 wrote to memory of 3604	880	chrome.exe	95
PID 880 wrote to memory of 3604	880	chrome.exe	95
PID 880 wrote to memory of 3604	880	chrome.exe	95
PID 880 wrote to memory of 3604	880	chrome.exe	95
PID 880 wrote to memory of 3604	880	chrome.exe	95
PID 880 wrote to memory of 3604	880	chrome.exe	95
PID 880 wrote to memory of 3604	880	chrome.exe	95
PID 880 wrote to memory of 3604	880	chrome.exe	95
PID 880 wrote to memory of 3604	880	chrome.exe	95
PID 880 wrote to memory of 3604	880	chrome.exe	95

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\lp.js
1⤵
PID:4840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffc6283cc40,0x7ffc6283cc4c,0x7ffc6283cc58
  2⤵
  PID:1156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1920,i,15489340443139703954,9724939234561028699,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  PID:2076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2204,i,15489340443139703954,9724939234561028699,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2448 /prefetch:3
  2⤵
  PID:4648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2256,i,15489340443139703954,9724939234561028699,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2476 /prefetch:8
  2⤵
  PID:3604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3180,i,15489340443139703954,9724939234561028699,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:1064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3380,i,15489340443139703954,9724939234561028699,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:3760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4636,i,15489340443139703954,9724939234561028699,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1788 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4872,i,15489340443139703954,9724939234561028699,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4444 /prefetch:8
  2⤵
  PID:4832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4960,i,15489340443139703954,9724939234561028699,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4912 /prefetch:8
  2⤵
  PID:4584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4544,i,15489340443139703954,9724939234561028699,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4528 /prefetch:1
  2⤵
  PID:3624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4548,i,15489340443139703954,9724939234561028699,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3888 /prefetch:1
  2⤵
  PID:2140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3236,i,15489340443139703954,9724939234561028699,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:2520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4476,i,15489340443139703954,9724939234561028699,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:3260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5240,i,15489340443139703954,9724939234561028699,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4912 /prefetch:1
  2⤵
  PID:1064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3252,i,15489340443139703954,9724939234561028699,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3472 /prefetch:1
  2⤵
  PID:768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3248,i,15489340443139703954,9724939234561028699,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3492 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5284,i,15489340443139703954,9724939234561028699,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:2476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5228,i,15489340443139703954,9724939234561028699,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5316 /prefetch:1
  2⤵
  PID:4208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5520,i,15489340443139703954,9724939234561028699,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:1960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=3576,i,15489340443139703954,9724939234561028699,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4744 /prefetch:1
  2⤵
  PID:5076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5376,i,15489340443139703954,9724939234561028699,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5320 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=3280,i,15489340443139703954,9724939234561028699,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:1112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5348,i,15489340443139703954,9724939234561028699,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:2932

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:2780

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4840

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
acee73179189722f063b667c57496769

SHA1
6689932fd151d29ed9b1fe8b42d2aaa7c2171c5c

SHA256
d752e6fd993f1e4881a0d245e93115592b0abaada897ac11ead2ab1899825c8e

SHA512
6ac476e6b753239a4f5779766f09a366de9499b22a50f2925a5e5a9fe84efb858e9232d2782e626a4d092df3ba15c3fa3166274c38936a0891a23575447f2be7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
988ac3a88f2463b0c448ca9a7ff5bbb9

SHA1
ec0c2c6d101676a0675e1d7878ac5b65afec1f52

SHA256
b1f63c9ff31b3729695e4c8aaa8ea97b41d7b57b773b5ffd918418b1b579efa5

SHA512
f528a3052c3e92dc53d063036ce000bf88f1b46a929d1fee927d09b8936e2ed784664ef4f88aa0a22cba8e4dd96cb55166c3f36fb5b9d20acf388463413e5da3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
19408780e7ca5725b25b71c73a2ae6e8

SHA1
7a5be7afc57ecb9b83187cb2446cf48a1cde465f

SHA256
62575a884521708113639e3984b73c9999379f68cbfb1a30f1b1e020c5f8b086

SHA512
b5aef4179765ef70ec5dd8227f1d2cf5f4d7465219098130f10fdb17390701fe5512067ee843a2c43e0f8ecebab57c5984fab1756b6c54a2cd9bdf4c2fbee302

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
6d0ce74fd6291c8a7b43e8abf9becc5b

SHA1
540054c9b9da98bad8cbeffb83bd54a6d47e49b9

SHA256
ade5b678e791b3dc945aa08d5a40e730e70019140de90ee7b28ce8e5dbfd53a4

SHA512
9a5e06ac8b5a34eaf8f0b08478a1720515381001a4aab2423bf9028aa702102e23a8864d8824c38f9aa9115aed5cfc78cede6a9e1ca98b16e3828f787af07e9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
2c340be935214311b51216c804c9a2af

SHA1
b9abb3279d1d04995d74011f8f75046065c0f4f5

SHA256
10a6bc31961d1b70fa4ed0546f2af8d37dbc338df8ea2f69171f9deaac268194

SHA512
e0de4f491b32d72ef8a50ddffc53ec60e21fe634e4260429c50583c6a1f88c75cf1f5d6a7dfa64adabf75fd2bed89498f2eb171ae9e472e9619fecb83957e391

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
5ce23865e823d25e103a21b6c589b721

SHA1
78d55169b4131c245a807bc3a3780b71290bc4bf

SHA256
709d4a4dd6815b3fa387d6c83239274109c012d1f300ff957e077e51860a2e6f

SHA512
4f29a030b2a5aba6a1ff59cf8febd54ef4195b3c3e2ae0bb6d99cb90d44adf143e532e042f8873d2abe60b332512f76ec94e1867601514999cfb5be368e48635

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d3d7ecd1353d18caf4c7e91cf9d009a3

SHA1
5cb23adeae58d77ce33ebcf958f32a6a45322590

SHA256
ce4676fdd6c684a8e11b2efbedae3b69437589df1c373aa6fbe20efe008cfc71

SHA512
722bfefa7dbfe0ce5791a62693be37230809b51f3efd7ff98b631b7cd09c3e60d3d3750031f4e69d801818008be09324b132afa5c823542add7622eccf275eaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
af8b7bd3fe2b804e466d8221d9aae3e2

SHA1
4368c04ea4e4acf5f98cc5fa50ceb3ef43b95440

SHA256
1a873c8694d9eef9d00cd8051643ebdf14b4aedd4b3217c47776148a2752a6a5

SHA512
f82aa5271597f630a33dfb883ad8d9f736b272c68731629a534d1b7f2e05274d142b09a817886bc0d7d1f8de716e7b41659bf83fd642549f06cb5db1ad0ab849

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
b2c87455d0289418b6a255c24ddfae5a

SHA1
7405c519bbfbb96cdc2ac25e582ba53b2cf88b70

SHA256
edf8fed7d16532e781c19f468931efb28f119441043582c881037653f42d1ae0

SHA512
b0c9357c32ad8ec0842840e482880469d44902495b23dd87ded1584400ca5d6059a4b58293e11f6e1e59d9eec66b0e73302d8b3efdf27fae2a643eaa14bd0e47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
dd4fbbbb3479d0d61d3a9466e981f4ea

SHA1
a59ad87b2d8f7693c6f3e84342bf04ba256bb7db

SHA256
48361f22c19324d16eb7402123c4a446aa58e38815249d781b83974b864d7d20

SHA512
bf4339e7ac77a182df380c3b4bbf212a4f121f17cd3bfb5aa73fb1542853a60d1def3fd69a8244ed37a559d6991a6f21aeda08c0141c6e9ea1c267db344ce0cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
a6fd3cf5a33510b3947f22d827cec8ac

SHA1
d0e7508a3b39fb73b9d036e25144c82ce3c9b080

SHA256
00bd15f6f3ec008cdefa8152bf2aa33bb968f92f653ffa9289081f2d87ddf0e6

SHA512
caed31865a57302716219031ca8d2e5a24858ed5d54a627cbe8b3a233e15d75e4df2bb64bfbe95ce77cca03821511a7624ea31e867e4b9b60f7a59bed6bce3cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
4682c5a8676ede71f9290d95aecb78ff

SHA1
378984a814915890efae40b98b297fcc5be1ef1b

SHA256
ae177d0e6cbcda4395813b4094973c852c173dd6c66d23214a9597b322bc0962

SHA512
7acd8cc9c5b5625d4ac4533d7cf6cf22234bd658860f8d20d0b54e09329c7d96797763a3d49ba3372f6de377b070df50ea7556962932ce96f506e7eacd7b16ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
183KB

MD5
aa0e83272c24223eca2300fc208bd63a

SHA1
cc59af421c2bbfb598c788316e64db692290f368

SHA256
4f144bcb2478bc9cd73ca96abe6ee1f6796446ec1805079af65b79dddefe9aab

SHA512
419ed43fee11f957674b290b48c6401bf8ea845549f7432d19dc981600498c4aa4a0fa47967e59e1429e54d1c01c16ea18fc83e95a15572ba9d840fce6fa7bde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
183KB

MD5
96c979bba4807a8a65f997b2ced15d65

SHA1
5f9d5d1e36178be9029c79ac3d27317e728cb588

SHA256
2ef648b64e5ab916c1332f9a034dadfffcfca77eae8e0b272e12f77f3185b792

SHA512
1668f2c65af85766a6390fd8a421191a323211b41ab8cfdb8bf8c9b3258170673779dd8ebdf4d2695cdc00ee3b228d79fbea357dfeb073ced0a4eae2d5f02706

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
183KB

MD5
4c7271613f0e7c13e3a7e73223b39c0b

SHA1
b801534b8735257d925d4c5062b7e172cb6e0d2b

SHA256
cf9b690b681f93a0900f53fcf07e915b7401b577af83f8c44cf3df100356af9c

SHA512
1e7e33028f868b460896b0cfa342713fee74d0a380e29f7d57a937495db5e038e971b703f2d28c4cace2b15adf1340715ce5af2b296767c16cbbc150ef57840c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
10KB

MD5
67cb5d48c0d68aa42ca8d1f569b29e50

SHA1
a1d1ec5774a39e2f1d200ee1bed80511262a304a

SHA256
bbc3b9ca02a263aeee719bd3b02fa3491957c1b38d7c60e582e70024cb1e88a3

SHA512
ff57ca8d201b2c758c7411ee847d97ba6e5e4fca647f9302cbe445ddc7c76a7037f131a31ed63bcdee7c7ae685bba1649146f9930e384429b7739df09700b1fa

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
10KB

MD5
556df2a79723cec6b6e5662d970ce30c

SHA1
3f99132cd35bf7369342348ea2d4da1c9c449951

SHA256
b7cf472ed6851a4ab6b3a859d8f3f2ab6d89e50931910f59b465be3e7447e7cd

SHA512
db3c02bc2197962a1079ad9b3f0a1906a7807e4248de27c83ed8db20dc86a3700d4b8d3c4b8c389fdeb018655480997ca6adcc44b67aa4bc3f5ac80bbecba0d6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms~RFe59e620.TMP

Filesize
8KB

MD5
96244b582142be30048f62b91ba535e8

SHA1
e9c1ff4b85ba3824e3b49cea4e5f242df901a056

SHA256
c605fd01b49b4e996a499302aa3d03e02fa9f16c2c4f31f5fa6926865359c078

SHA512
bd68b537a36700c3e17c88695d7e65cbb7031f9f593454e29550a76d5d1b1c9d29e45319d1e44466bd846b32e87c91fa5fe040a9cfc0f3bbe0e3ebb841292316

Download Submit