hxxp://www[.]scriptpop[.]com/ERLCScript

Resubmissions

11-10-2024 11:43

241011-nvrlysvhlp 3

11-10-2024 00:25

241011-aqql7svdrg 10

Analysis

max time kernel
124s
max time network
204s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
11-10-2024 11:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.scriptpop.com/ERLCScript

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133731206149667292"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3884	chrome.exe
3884	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe
Token: SeShutdownPrivilege	3884	chrome.exe
Token: SeCreatePagefilePrivilege	3884	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe
3884	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3884 wrote to memory of 3572	3884	chrome.exe	83
PID 3884 wrote to memory of 3572	3884	chrome.exe	83
PID 3884 wrote to memory of 312	3884	chrome.exe	84
PID 3884 wrote to memory of 312	3884	chrome.exe	84
PID 3884 wrote to memory of 312	3884	chrome.exe	84
PID 3884 wrote to memory of 312	3884	chrome.exe	84
PID 3884 wrote to memory of 312	3884	chrome.exe	84
PID 3884 wrote to memory of 312	3884	chrome.exe	84
PID 3884 wrote to memory of 312	3884	chrome.exe	84
PID 3884 wrote to memory of 312	3884	chrome.exe	84
PID 3884 wrote to memory of 312	3884	chrome.exe	84
PID 3884 wrote to memory of 312	3884	chrome.exe	84
PID 3884 wrote to memory of 312	3884	chrome.exe	84
PID 3884 wrote to memory of 312	3884	chrome.exe	84
PID 3884 wrote to memory of 312	3884	chrome.exe	84
PID 3884 wrote to memory of 312	3884	chrome.exe	84
PID 3884 wrote to memory of 312	3884	chrome.exe	84
PID 3884 wrote to memory of 312	3884	chrome.exe	84
PID 3884 wrote to memory of 312	3884	chrome.exe	84
PID 3884 wrote to memory of 312	3884	chrome.exe	84
PID 3884 wrote to memory of 312	3884	chrome.exe	84
PID 3884 wrote to memory of 312	3884	chrome.exe	84
PID 3884 wrote to memory of 312	3884	chrome.exe	84
PID 3884 wrote to memory of 312	3884	chrome.exe	84
PID 3884 wrote to memory of 312	3884	chrome.exe	84
PID 3884 wrote to memory of 312	3884	chrome.exe	84
PID 3884 wrote to memory of 312	3884	chrome.exe	84
PID 3884 wrote to memory of 312	3884	chrome.exe	84
PID 3884 wrote to memory of 312	3884	chrome.exe	84
PID 3884 wrote to memory of 312	3884	chrome.exe	84
PID 3884 wrote to memory of 312	3884	chrome.exe	84
PID 3884 wrote to memory of 312	3884	chrome.exe	84
PID 3884 wrote to memory of 2728	3884	chrome.exe	85
PID 3884 wrote to memory of 2728	3884	chrome.exe	85
PID 3884 wrote to memory of 1508	3884	chrome.exe	86
PID 3884 wrote to memory of 1508	3884	chrome.exe	86
PID 3884 wrote to memory of 1508	3884	chrome.exe	86
PID 3884 wrote to memory of 1508	3884	chrome.exe	86
PID 3884 wrote to memory of 1508	3884	chrome.exe	86
PID 3884 wrote to memory of 1508	3884	chrome.exe	86
PID 3884 wrote to memory of 1508	3884	chrome.exe	86
PID 3884 wrote to memory of 1508	3884	chrome.exe	86
PID 3884 wrote to memory of 1508	3884	chrome.exe	86
PID 3884 wrote to memory of 1508	3884	chrome.exe	86
PID 3884 wrote to memory of 1508	3884	chrome.exe	86
PID 3884 wrote to memory of 1508	3884	chrome.exe	86
PID 3884 wrote to memory of 1508	3884	chrome.exe	86
PID 3884 wrote to memory of 1508	3884	chrome.exe	86
PID 3884 wrote to memory of 1508	3884	chrome.exe	86
PID 3884 wrote to memory of 1508	3884	chrome.exe	86
PID 3884 wrote to memory of 1508	3884	chrome.exe	86
PID 3884 wrote to memory of 1508	3884	chrome.exe	86
PID 3884 wrote to memory of 1508	3884	chrome.exe	86
PID 3884 wrote to memory of 1508	3884	chrome.exe	86
PID 3884 wrote to memory of 1508	3884	chrome.exe	86
PID 3884 wrote to memory of 1508	3884	chrome.exe	86
PID 3884 wrote to memory of 1508	3884	chrome.exe	86
PID 3884 wrote to memory of 1508	3884	chrome.exe	86
PID 3884 wrote to memory of 1508	3884	chrome.exe	86
PID 3884 wrote to memory of 1508	3884	chrome.exe	86
PID 3884 wrote to memory of 1508	3884	chrome.exe	86
PID 3884 wrote to memory of 1508	3884	chrome.exe	86
PID 3884 wrote to memory of 1508	3884	chrome.exe	86
PID 3884 wrote to memory of 1508	3884	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://www.scriptpop.com/ERLCScript
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffdce02cc40,0x7ffdce02cc4c,0x7ffdce02cc58
  2⤵
  PID:3572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1884,i,9399206116062811052,14735797242461081486,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1880 /prefetch:2
  2⤵
  PID:312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2132,i,9399206116062811052,14735797242461081486,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2360 /prefetch:3
  2⤵
  PID:2728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2176,i,9399206116062811052,14735797242461081486,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2380 /prefetch:8
  2⤵
  PID:1508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3044,i,9399206116062811052,14735797242461081486,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3080 /prefetch:1
  2⤵
  PID:784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3048,i,9399206116062811052,14735797242461081486,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:2068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3036,i,9399206116062811052,14735797242461081486,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3664 /prefetch:1
  2⤵
  PID:2812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4028,i,9399206116062811052,14735797242461081486,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4436 /prefetch:1
  2⤵
  PID:2716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4796,i,9399206116062811052,14735797242461081486,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4800 /prefetch:8
  2⤵
  PID:2308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4820,i,9399206116062811052,14735797242461081486,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4816 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5156,i,9399206116062811052,14735797242461081486,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:4224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5108,i,9399206116062811052,14735797242461081486,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5396 /prefetch:8
  2⤵
  PID:4320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5428,i,9399206116062811052,14735797242461081486,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5508 /prefetch:8
  2⤵
  PID:2852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5148,i,9399206116062811052,14735797242461081486,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4416 /prefetch:1
  2⤵
  PID:1464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5068,i,9399206116062811052,14735797242461081486,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4652 /prefetch:1
  2⤵
  PID:3940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5500,i,9399206116062811052,14735797242461081486,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:1852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5016,i,9399206116062811052,14735797242461081486,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:3688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5580,i,9399206116062811052,14735797242461081486,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5840,i,9399206116062811052,14735797242461081486,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5856 /prefetch:2
  2⤵
  PID:712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --pdf-renderer --lang=en-US --js-flags=--jitless --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5976,i,9399206116062811052,14735797242461081486,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5972 /prefetch:1
  2⤵
  PID:1740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5220,i,9399206116062811052,14735797242461081486,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4420 /prefetch:1
  2⤵
  PID:2136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=4412,i,9399206116062811052,14735797242461081486,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5948 /prefetch:1
  2⤵
  PID:1852

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1464

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2472

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\85f99b1e-00f2-4e95-acf6-fe99e909028c.tmp

Filesize
116KB

MD5
18f6e00dff0ed9fc71b0f31e136a63ca

SHA1
c952a2d57bb0c7c6b6d0915f9220b960eb5955fc

SHA256
f8a7904858afbf705b5780854e2fc368012be4d210a3ac1c5ede8d6cf8cb7617

SHA512
d87fd9b918458971f14ae614889b3d31e699d1abb8e86d5a9b0ed693fa742f965188e5874153c111709d03b607b42a7dca2b64cd5190a64d475e27a4cc2b9f6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000053

Filesize
215KB

MD5
1585c4c0ffdb55b2a4fdc0b0f5c317be

SHA1
aac0e0f12332063c75c690458b2cfe5acb800d0a

SHA256
18a1cfc3b339903a71e6a68791cde83fca626a4c1a22be5cb7755c9f2343e2a5

SHA512
7021ed87f0c97edc3a8ff838202fa444841eafcbfa4e00e722b723393a1ac679279aa744e8edde237a05be6060527a0c7e64a36148bd2d1316d5589d78d08e23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
7648dd206d82972bf4d499068022d0c1

SHA1
f482a2af52f95512c6f9ec6966e7edc0ea267497

SHA256
d739de1e7ca0ad991301b5f4a7e2a25f6cbba0d8e8681e2e557979ac1fe4fa9d

SHA512
6955d8345808fbdcb571d058cad22be7452262b00205acc02502470960ada5ce3fc71bc12cfc2a53a317e01882d7a2ea2798d5d4b18e19e43c879ca0277ab261

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
0c17415ef1538c23c4bc665e16e87bb6

SHA1
d46d1af8340c26cec5f6fa3184a51665ba3ab9da

SHA256
7aaed0b5e31d4c89f0f0ad28dc7774f92d339c3367e87f75f0380d8c0b43669e

SHA512
98edb718c6ce6dc9c098a3e39f3b67d3815a077bbde937143e1f40840de3a4e3945a44ded6636f111c0c1ee570db4aaf327b7841978bc1804dadddee6d92c70c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
567c4f21ac6baff14667c8289611fd7a

SHA1
f47318114022b4ac79fcae76b586ee3b9cdf70c2

SHA256
da104169173de1edae7729180b97bc8cd64526214e252e6adee6c62b67a20f4d

SHA512
c176164ac11e752b2ca4037f1cc8b2ed43aee6fcf9d3dc3e7c0429c1b757d7ec671fa4829ca58f2340daeac4823d9845b51649a48a87ea2a16108199c423422b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
492053baa7420702da5f0a27db427f97

SHA1
1d555d595d982fd80ff22c36c6b23f5121ac6d47

SHA256
caaf99a05e9e0d8f7f888bf8ea4c2c9e4f1763f0902356b1683e9fbfb1dd7e94

SHA512
ef11af391a2f0cfefe8ac9338223ab04c84ba61379de88de83a3e96d65f5203ec47d0efae0801ace14964f9c8ad0df35ebf0138b82373e7b8e77329747ad65ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
692B

MD5
e05ef07758978bfcbcdc8cea12b8e758

SHA1
f7fd44e9e631f0c142e465fa9c5d0c4948b63a94

SHA256
6e2e9b43870d529237f39915bc92c1a8cd895d1034124a9470369ee9d8fd76d9

SHA512
2a504818b215afff5693359261a1dbf16a6d2eefee3553806ca04034132aba3b794756d72f2641326d0b2b4ab849215acc995740da2c489eb31ae794e2102a08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e5b3801ecd6a70b2f85d2311c76130b4

SHA1
1f92c95da2a4db2e790c6eb64ae4f8102a393aec

SHA256
d8167f9a985a6b54b01cadfb5fae5a822b5affb9411668df2f747f22dbe55223

SHA512
7e271cb78385aa45fbfbae21f829f31f327424341aa2ac954d7ee9e51843352040f02c8a3418018e7603501bbdebcfcbbc1ad7718e4c97fd1ef16c672b6249c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
e53bf0754b670327da8d7a6f73a1d098

SHA1
62d1cfb7e60bc73ddc380940d4444ddcf3ab2920

SHA256
b2302099f0f790b7491cc158bbd03a3daa1d82b4cf605a6dbedf26ea46c32cd8

SHA512
ef29f6d15e70cebb6a396f63af800eb5cc7e51bce0552bf29e08d11759b87ccea24e681fb23a5708ab9358cdf7b30eb1f77e10a5d527610771f9f1906e456e79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
2237214405e3f94d1fda84f1583d4f37

SHA1
3bffcac1ab3f0941a765a6e1f75e7a59e64929ab

SHA256
5810178a9ccf23872c45ec34009a429afae616099c08999fef705a339f6ffaa5

SHA512
f35f8c54ecbd5a36e8eee54b5e112dca851ca3206369b8eac13d83fb0556ab20e153b32179ff28278a870facac7530a4aac679ac1d2a3e016b259c817087732f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
77eb0cf10841d0317021522b88210b56

SHA1
7c79ed97556e92a7763cc6bff97402a3c5aa4dab

SHA256
f97e4fb067caf6301188d4e200958742662d5036426d28e635f8f232c63b14d6

SHA512
d8fbc077f276dec9e791b85eb78178f559b1f3c241fb468b83191ec1b0f919425599597e671f8fa2f0727816845920499931f2639bd0126cc6be93f69fd1c694

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
6c27324be52ad86772b90cee0131a565

SHA1
93a87ba6fa99312caf08af484ced1e06f1a73a40

SHA256
24252b252a2631a615480bc13accb184273649a1bcb1aca3df7394b7b100e677

SHA512
4a5fca2311f28c80c73467d5ab594d6f606a55e4a75e33602625066b458d1fee5a527009fddf678a5018e5f59c385b9b3df553e3847209c3c670241d629175bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9a3cc1549da2e505f12205d8feff19ce

SHA1
ebeeb864e4e98f0f4e66e4d82e4a411010596989

SHA256
f75287eec8fda674551e2d3c89f3e7e6af338adc7c23eaa004724793304d2924

SHA512
b5947c1d11de47edcbeaf67dd91dcf93b25d7896f752ae2dbdbdd6f3240fed4c49d32377b9c49a99e2e190c3b1d1e521a04a94a185d293c7aa67eca593f11895

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
efac61e37e372b64681dc28dfe64a83c

SHA1
ab6470422a381ddf8c0dee5de9f1009d4ce96c27

SHA256
15a2303f9dcfd03e14b85acf63488d4a131816a70345923dfd5b33038303b4ad

SHA512
f9cc8d485e4846f6f4f5a08a169560387934aa8da22182da76b6b74c8047271fb05b7219791f90651bbb89629adce54d5354ce0a96eaa93caf2181508d04eabc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
6a551bf44f3fd694a4fc28f52d64a456

SHA1
bb79e28b560d814fe052155ba3953ee6adfce8aa

SHA256
cc9869944b92c19e43b2910b403277496976e3c4e5ed389586e12171f147a73a

SHA512
415478a21f1d90616dfad926da9fa148c2f3d920e2e8cb9b0cceff758d03a2b1f855b51a119d16760c8d896f95d5ffea9da7612f05d9a90f65d1add04a1d5843

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
defe1a010bf6609e9677d44e0d533f74

SHA1
1c529e94121aaab97a577d6beb276e9c74300daa

SHA256
ee996badf1974cbe10fa9f90a35023e0f14433eee43a379572fbea62d049d668

SHA512
c0a4e25f96d90df205205009e7fc974c3c36d9527668aef58e04267153b521b79763d8f97fa4c4c2f5e8e6cc71c6eac50b0e6999f71e617b7a6c741d6f936542

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2fd471387342f02f3420c0198c7160ed

SHA1
5cf2fd24d1788d559c77062f3f997613a2e9ef9d

SHA256
5c4f6009d4c3e0d13982d23559bf230b28db823519c16f636a8f817ac890c724

SHA512
83bb19f7b127f9c2c9371099f8cba1c981d97ac549de62bbb153aa16cb5d4d6a84e0bdbbe94830870f7cb5d44c84354621d557d6f19ce72d5ad62356026682a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5ab40939b39b69cffa1de814c3212b33

SHA1
dea6eedfd511c1f0663cca48b6e08055a17dfa5f

SHA256
74564ca46aa127ca3a6289fa228fe7c29a819794b1c4b7aeba870ee4b7636636

SHA512
903743fb8dbfa0221d2b12f47432e7a906699f85311a2cddf8b4ab7d07101218d5f8a2ec14c6ea30bbcf349158c46e527d684cb02ef534d22ddb2a7184b10625

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
0dfb582c61d262b48f5b5d61941c3359

SHA1
a697732ea28f523ab815d310828cb6903885a81f

SHA256
d0131e01ea6df912b8b1c371ad737815b617c8797dbb5e8afb41b001a2d9c2bf

SHA512
f63a84090c56beaffc49c7b9d9e6ce8489664b9ef0f2da5285785143a37f04ef7dc39f6512653cc437abd1816a8798d670b29d59f3ce79489e268622b61ad5c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
452254b0d457cb38a6c2b58e36ec8574

SHA1
bb48397c4278ac56f5ad17e4f036a4dd7a6ede00

SHA256
9acbbee268903ec39f7ecf40b9115f3eb80fda870455927d67c2488de3285184

SHA512
b0e6777265f2d7e3a026391260b1f2ca50e5135420a3e941c6231e2c74854f25b6f9b8dddafd5d42342478c14f283bf2338387112bcabfd8f1f1d825d3b42c99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
1f2a30e7ddf06e4d4c07cfe687060bb8

SHA1
a74aec59377fdb1c1794ad0301a2b4bef340cf99

SHA256
fcb394be395453b259ec0022fd2e27f105328be59c865a16d982d2e4a972478a

SHA512
08bf2d7244cd14f4e79e3b624e192ae2b1f657e97f3dacd4b6273b43a55d5f945d4c36a736b92631997b83526c89a607911dc00fbc6fd5fc256e31f0606f41e3

Download Submit