hxxps://helpx[.]adobe[.]com/creative-suite[.]html?promoid=599F8NVG&mv=other

Analysis

max time kernel
1804s
max time network
1778s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
01/04/2023, 16:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://helpx.adobe.com/creative-suite.html?promoid=599F8NVG&mv=other

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133248492073558814"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3488	chrome.exe
3488	chrome.exe
4296	chrome.exe
4296	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe
Token: SeShutdownPrivilege	3488	chrome.exe
Token: SeCreatePagefilePrivilege	3488	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe
3488	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3488 wrote to memory of 304	3488	chrome.exe	66
PID 3488 wrote to memory of 304	3488	chrome.exe	66
PID 3488 wrote to memory of 4008	3488	chrome.exe	69
PID 3488 wrote to memory of 4008	3488	chrome.exe	69
PID 3488 wrote to memory of 4008	3488	chrome.exe	69
PID 3488 wrote to memory of 4008	3488	chrome.exe	69
PID 3488 wrote to memory of 4008	3488	chrome.exe	69
PID 3488 wrote to memory of 4008	3488	chrome.exe	69
PID 3488 wrote to memory of 4008	3488	chrome.exe	69
PID 3488 wrote to memory of 4008	3488	chrome.exe	69
PID 3488 wrote to memory of 4008	3488	chrome.exe	69
PID 3488 wrote to memory of 4008	3488	chrome.exe	69
PID 3488 wrote to memory of 4008	3488	chrome.exe	69
PID 3488 wrote to memory of 4008	3488	chrome.exe	69
PID 3488 wrote to memory of 4008	3488	chrome.exe	69
PID 3488 wrote to memory of 4008	3488	chrome.exe	69
PID 3488 wrote to memory of 4008	3488	chrome.exe	69
PID 3488 wrote to memory of 4008	3488	chrome.exe	69
PID 3488 wrote to memory of 4008	3488	chrome.exe	69
PID 3488 wrote to memory of 4008	3488	chrome.exe	69
PID 3488 wrote to memory of 4008	3488	chrome.exe	69
PID 3488 wrote to memory of 4008	3488	chrome.exe	69
PID 3488 wrote to memory of 4008	3488	chrome.exe	69
PID 3488 wrote to memory of 4008	3488	chrome.exe	69
PID 3488 wrote to memory of 4008	3488	chrome.exe	69
PID 3488 wrote to memory of 4008	3488	chrome.exe	69
PID 3488 wrote to memory of 4008	3488	chrome.exe	69
PID 3488 wrote to memory of 4008	3488	chrome.exe	69
PID 3488 wrote to memory of 4008	3488	chrome.exe	69
PID 3488 wrote to memory of 4008	3488	chrome.exe	69
PID 3488 wrote to memory of 4008	3488	chrome.exe	69
PID 3488 wrote to memory of 4008	3488	chrome.exe	69
PID 3488 wrote to memory of 4008	3488	chrome.exe	69
PID 3488 wrote to memory of 4008	3488	chrome.exe	69
PID 3488 wrote to memory of 4008	3488	chrome.exe	69
PID 3488 wrote to memory of 4008	3488	chrome.exe	69
PID 3488 wrote to memory of 4008	3488	chrome.exe	69
PID 3488 wrote to memory of 4008	3488	chrome.exe	69
PID 3488 wrote to memory of 4008	3488	chrome.exe	69
PID 3488 wrote to memory of 4008	3488	chrome.exe	69
PID 3488 wrote to memory of 2092	3488	chrome.exe	68
PID 3488 wrote to memory of 2092	3488	chrome.exe	68
PID 3488 wrote to memory of 1004	3488	chrome.exe	70
PID 3488 wrote to memory of 1004	3488	chrome.exe	70
PID 3488 wrote to memory of 1004	3488	chrome.exe	70
PID 3488 wrote to memory of 1004	3488	chrome.exe	70
PID 3488 wrote to memory of 1004	3488	chrome.exe	70
PID 3488 wrote to memory of 1004	3488	chrome.exe	70
PID 3488 wrote to memory of 1004	3488	chrome.exe	70
PID 3488 wrote to memory of 1004	3488	chrome.exe	70
PID 3488 wrote to memory of 1004	3488	chrome.exe	70
PID 3488 wrote to memory of 1004	3488	chrome.exe	70
PID 3488 wrote to memory of 1004	3488	chrome.exe	70
PID 3488 wrote to memory of 1004	3488	chrome.exe	70
PID 3488 wrote to memory of 1004	3488	chrome.exe	70
PID 3488 wrote to memory of 1004	3488	chrome.exe	70
PID 3488 wrote to memory of 1004	3488	chrome.exe	70
PID 3488 wrote to memory of 1004	3488	chrome.exe	70
PID 3488 wrote to memory of 1004	3488	chrome.exe	70
PID 3488 wrote to memory of 1004	3488	chrome.exe	70
PID 3488 wrote to memory of 1004	3488	chrome.exe	70
PID 3488 wrote to memory of 1004	3488	chrome.exe	70
PID 3488 wrote to memory of 1004	3488	chrome.exe	70
PID 3488 wrote to memory of 1004	3488	chrome.exe	70

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://helpx.adobe.com/creative-suite.html?promoid=599F8NVG&mv=other
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0x90,0xd8,0x7ffb433b9758,0x7ffb433b9768,0x7ffb433b9778
  2⤵
  PID:304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1804 --field-trial-handle=1736,i,1705380493297128526,18356079278252332664,131072 /prefetch:8
  2⤵
  PID:2092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1592 --field-trial-handle=1736,i,1705380493297128526,18356079278252332664,131072 /prefetch:2
  2⤵
  PID:4008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2016 --field-trial-handle=1736,i,1705380493297128526,18356079278252332664,131072 /prefetch:8
  2⤵
  PID:1004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2964 --field-trial-handle=1736,i,1705380493297128526,18356079278252332664,131072 /prefetch:1
  2⤵
  PID:1284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2944 --field-trial-handle=1736,i,1705380493297128526,18356079278252332664,131072 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4392 --field-trial-handle=1736,i,1705380493297128526,18356079278252332664,131072 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4848 --field-trial-handle=1736,i,1705380493297128526,18356079278252332664,131072 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5108 --field-trial-handle=1736,i,1705380493297128526,18356079278252332664,131072 /prefetch:1
  2⤵
  PID:1500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5116 --field-trial-handle=1736,i,1705380493297128526,18356079278252332664,131072 /prefetch:1
  2⤵
  PID:1768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4752 --field-trial-handle=1736,i,1705380493297128526,18356079278252332664,131072 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5672 --field-trial-handle=1736,i,1705380493297128526,18356079278252332664,131072 /prefetch:1
  2⤵
  PID:3940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6124 --field-trial-handle=1736,i,1705380493297128526,18356079278252332664,131072 /prefetch:8
  2⤵
  PID:4364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6200 --field-trial-handle=1736,i,1705380493297128526,18356079278252332664,131072 /prefetch:8
  2⤵
  PID:4368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 --field-trial-handle=1736,i,1705380493297128526,18356079278252332664,131072 /prefetch:8
  2⤵
  PID:5036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4984 --field-trial-handle=1736,i,1705380493297128526,18356079278252332664,131072 /prefetch:1
  2⤵
  PID:1132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4616 --field-trial-handle=1736,i,1705380493297128526,18356079278252332664,131072 /prefetch:1
  2⤵
  PID:3680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3008 --field-trial-handle=1736,i,1705380493297128526,18356079278252332664,131072 /prefetch:1
  2⤵
  PID:3500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4256 --field-trial-handle=1736,i,1705380493297128526,18356079278252332664,131072 /prefetch:1
  2⤵
  PID:3936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4272 --field-trial-handle=1736,i,1705380493297128526,18356079278252332664,131072 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4960 --field-trial-handle=1736,i,1705380493297128526,18356079278252332664,131072 /prefetch:1
  2⤵
  PID:820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4408 --field-trial-handle=1736,i,1705380493297128526,18356079278252332664,131072 /prefetch:1
  2⤵
  PID:2752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4768 --field-trial-handle=1736,i,1705380493297128526,18356079278252332664,131072 /prefetch:1
  2⤵
  PID:864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5696 --field-trial-handle=1736,i,1705380493297128526,18356079278252332664,131072 /prefetch:1
  2⤵
  PID:2040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5124 --field-trial-handle=1736,i,1705380493297128526,18356079278252332664,131072 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4444 --field-trial-handle=1736,i,1705380493297128526,18356079278252332664,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4296

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2748

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
48KB

MD5
50255179c62dee001f85e74c3ec4570b

SHA1
b1a5105953f526bcedc14d35ced0592736fc5c1c

SHA256
0391de3602a50ee2db3db4650c370a738cd30717c27b840e586cfafd0bab4498

SHA512
4b3152290cd83f863391679f56feabffcec6f15f6688f4f643b777e118af6a9c5114933afe1fdc2c15c620b910f79aba32692a8dafe242c36fc4e3e554155035

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
33KB

MD5
884234776e23383c405f77dcfaad1aa9

SHA1
0b9391ac37136ad0966d23a3a3d858b0dbb6f056

SHA256
1ac24d8e599201fb7ca8086e04f4e18a0558737e81026571feaa3659f865b471

SHA512
c639fa4b02b99a69bde8280b73e2ef8a8d0a4100e20dcbd607278f1a296541ca73767d498d92b5ff42faad5c87d9bfd3f19db8b7c8f093dec7d4774118bb9659

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
171KB

MD5
bf8fe1bda48219b77a5d2af2d245fa12

SHA1
e3ebe476e96a44963f1fe7d0545ac36bd154d209

SHA256
85a9c85879e0a596fd698723d2fd59246c7b781cb9ffee7df86d577374c4dac5

SHA512
36d3feeb0a4941f7c5693fe7eed55d96a9a8c57f7c98dbdec6b2eda47ab455ff88cc4c769ec0715008d70be3dc10e34f431d9dd3b944f67848e73227f97d9fcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

Filesize
65KB

MD5
b1792254ef0f0fcc7d3ad6dcf6fd9038

SHA1
9a116c8100e798343e1ebaa8f207debc7d96a486

SHA256
b85b202600c4272f086ff6c3d9b911d13cd120412c6eccf7a2df387e7993eea5

SHA512
f0d45d46d1b88f91dfb1f0faab699bcdc6e5bf49ceb2223f9712546115e303a7393c4dfd8918d91e30f7ad8aa98d15c2a164bad99072203955cc302b5058285b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028

Filesize
66KB

MD5
ac39cabc2ec186a45ba0cc591f2e4c42

SHA1
01626d5f0d02e053ec34952518502b51591258c5

SHA256
b7909ce2f70f0167a0bc0d6606651417f6f5ac511e426553113a96240a23f46c

SHA512
4354aae197e90e31d7f381dc78bb9ff91d6e0a00b19a7f846e1808214273e10d851b44467ef9d1c9432cbda1b3ef232f5fc0f1ec095e9fa49fc397ec3777d873

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a

Filesize
44KB

MD5
0a3b39e2b94f6df810a60fb5294a3c49

SHA1
b49f939686251fa168ad5f7756435b980d2b679b

SHA256
89e885723c8d35fe14bf4e3a597c7daab941a73cde68bfde40aaab49b2912eb0

SHA512
7f7981fa2aec6cdc9d1ff217f64e932d2a59c2f23783985a439897424ac6e31556bf6392702468a42c924098ca0ea839f38288a675f1ce9bf5c0bf41e4dce274

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002b

Filesize
66KB

MD5
69084aac4273d47102bb3984e28a9748

SHA1
a95334ab13ca99de6b7250ceea13f620c18c636d

SHA256
7bd8b8f8dafb7be6dfbcb772d574939868d96e7a6d23e51b699b970715b55935

SHA512
bc5032bb57e974093f83014d03f8911aa70b9ac1982e001ae752847cd8f09d9bc8f3e47be318eea31dcdc71418b3875e58d0f6ba50494b6abf3b137fb639281e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002c

Filesize
50KB

MD5
1442dc52350cb964921859bb3c689efc

SHA1
90adca3d32fa0129107675cf9acab24451293021

SHA256
a02773630cefe7a6d448bb496e3cba034d5382847737e66f5789a308bbc84efb

SHA512
3c49c843bd0c1286ac7a34640acdace0d075610cdb23dc5e77b703a3d39aba3611ecdfe46669452bce77495a92576a154d66cc8e745bc467ee83de2744c96ed7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002d

Filesize
65KB

MD5
89061855707b2b2cd7882bbf7b67f6c1

SHA1
0411606eb07ab4bf998dbf0fe56dc9aa87999a02

SHA256
2f3668f091249da6d8f295345c348dbc1cd56d21d75e0c47f2a9a9de5c21281c

SHA512
734e792b4db7850cbf6b2d6b93fb23f69b41b3f0f3787e4a9ac9d52fc6b2f11c7ff133c9a69e990c808c310f67ebd83cb0b399961c6e8407f197982e28456c55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002e

Filesize
44KB

MD5
84bb840f0bcf298ce700b40f208e0887

SHA1
16c3856c4e76d59b462915f338f7bb2ddd4c0a8b

SHA256
86b9126e70a87525aa5bc2908a99642e889d06f23c79608ec05fdf7584517730

SHA512
fe335627a477bbf1404a54dd9d6f71fe2d4220c9d9cda9b66e35ddebb9bfbb99cd0e79903f00f52c0c40588f7b6145c873fa0d109e255c3a155b8c968c2ac497

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002f

Filesize
65KB

MD5
f497c869e4935247468d99b6737fbfc5

SHA1
14d1129ce85bfad95d230b2e2c03a5c10c081cd3

SHA256
7c5b607790488d31d993ca49ad1a8cd7ae88590030ea7b4cfa00945c6c3563fd

SHA512
f966f068cd0abafdbd36bd59f150653014fe40d7bab6c01365bff117f37637190b80535d00918db19fc15b897318d51e0cc2a568652f795c86451ea5a9bf6876

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000030

Filesize
44KB

MD5
da446a58470c2efb87686217c936ba5c

SHA1
0e820d7fdfbed51e59a5a47ca9292bf24ce291d6

SHA256
eff808531e9be9185279fb46fef21b0ede44af424232eb707b31f78ca439bb42

SHA512
34cbfe72cedabc7299c2a773de8bb44a65334124c17cb864873ed8f2570cb7abf8d239ce6bddc68f7946c3ac2fe4b6376a11b2bd0a3394b23e947964aceefcb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000031

Filesize
30KB

MD5
e2c1e6ad23f6a4160a4ed37e887b18a6

SHA1
de503d56206e5f228db85778c3d089c954ebd54e

SHA256
b7ff9d2117106a267a5027c2f80d1396b6c46b4602a876b876e1348931c9c1d7

SHA512
7443e06af0f4f83427e4b09bb756441755249896e6d1bb5b14a50906da183e5bcdea0de42a506231084cf854fda2b30d2c49c1b3645b275f03f5fdedc7732ee6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000032

Filesize
17KB

MD5
1676a3cb5c30c8e4262e191d0ac76294

SHA1
e8191676ffbca6c4bbfcd62e2b21b5728cf4875e

SHA256
861ad610b320a7ac303294cd6906e82f293404c470ad0c49a847c15381954818

SHA512
a39e268cd86ab851c0c04e68d8e574dfe1ff02ce0dbe8c87bae11f786a6e52796158b605748bc55ab022f58c651024b53980ebaa9c30def6b6da6c1d17ab171e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000036

Filesize
34KB

MD5
9aa51b9924f1e5acab8ad3ba1d735192

SHA1
a2f73220894273c406a8b55d20373c0552f0b45a

SHA256
db6f183e8638713eed72f8e43e8226cef206827fec879ea4ccf4e07962359094

SHA512
c05454475336f5653298402bb74542b08fc6e3d8552d4fec822619238540dec7953644c4c0a84d5ffecca28a90f2f8c26ac239a6a2956a5f6d876d42c983cf0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000039

Filesize
27KB

MD5
7716e124e19760049484d1bcde4a8af2

SHA1
51d50c9e9b7fc658c1316d1844418cee0baffa2a

SHA256
fa7968a9a888e1a6dc6ac6126b8edd6e73974c2b0629f669bfb74916f0e7d534

SHA512
1ed454872f7b74892c20843446f914a6b0b985d6bc7579130188a07aca8c5fbf0a8759fa63ae33649b06001191e2637f55c22661a5c55a259971b409662be00a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003a

Filesize
107KB

MD5
52fef6fed677abb44f31aa19b20a559e

SHA1
cb8f8bcd8f18d63a9be50f516debaf3fd1446cb5

SHA256
aa488ea8bad69a65fda3e22ccc7b5288244edeb1232f115e4c5de7deab45221a

SHA512
9bd6b8c48866473b73251ebbc87ff59d7e32cab5be4d0ea5ebfbcae22c6e79eabc58b9cfdc6ca4d7df546156d019708fd787b9be66d796fc664c4b97a735dd10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
808010e092fcd2a11cd81bb351ef11cd

SHA1
07fe00556262f4c05090cd6f55f96c728efe758e

SHA256
d79f6e13952552a3340e0ccfd1277d14089d11ac8c921817fdaeb2b0a9d35171

SHA512
3340cb8439aa1a6793db59c442bf660ef519fd7d00e1e82f977c633d6d2faa18da743026b388c33e097a2d35cf55be6c52d84c50f8faea1b358484ec041a41ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
0d926b7cbbda8f6f5dcceec266827cee

SHA1
57e1da78a68817fddc4f6379c20ee716bab099c3

SHA256
528638d720ee8d0239a412e8a97db79e79eab0a3222eaf4aad03fd8a0457b716

SHA512
4b541085fe41ca077c4329374c8218554fa405f5c9842524f9520c8b776fbd519466ab553adeb6e6a5e0499b47aa007ef6889c08525d40627b83f61749fa15a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
4e7ce46125ec61613def003fd9f783d7

SHA1
8b0815138e43f284ec84190a61bc57d40a3b190e

SHA256
ff5624014fd47029588483f1d1846a3718929487832c1e590b099e896ac8ee99

SHA512
c3df6f74d471ca85a7c3b5b227141eb5fd9246cc040d765b2f601fa677e2499236489617a665e4dd8a8cd171b68765c618c4c89e37794df7bff697c238a9cbf3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
c60488a880f6a83b417d5b7bf36bc162

SHA1
c85feadabd029c9629e4496cd120b6ebb421db7b

SHA256
5e755f38f600729b3d9f7e9346f41791cdbf3921eba897d5d30550660aa8583a

SHA512
837173573ca77ece0bc282c473dff5444cc8b5a6171620c4efd5c23012c4949fa238418c0b9d86bd2a41e61816b34fb3da889c6298510bd226e4b1a8a251b5b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
978c2e944351b90c5156ad85b6217d9a

SHA1
966bb1cb7bfedc482fc77a05b8a3f3ffc2846dde

SHA256
5d031681174f529edd78be5afbca42fdb2513ab5720a7274e34804da07a6d9d6

SHA512
9e464fea06b0573e3df908aff6438ca64a3a7dcf95d176c8fca15f415d4db053c488413b2f5677c459d6169e5d30d3cc0ad91be7fb87cb6980db8999cf5709f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
5699b711d6e87cdd3b2da9dbc7b37e57

SHA1
e01f1c710c87e02ee5e9a6ff9def91648a8e7463

SHA256
0e7272329f2ad4a1d05f2d7f4ad7a49c6226a43e553fc9905e59ccd7a1e0ca9a

SHA512
53b1a4ba207e9574d5592be3cc7070bfc3ecc8adda96773b16ef58589f839c00bc85522b9f80d2a6e608f903a4b5e947858b51e0dce155887036acd705ec5327

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
0969e4849815fe5f3ff595a3b3830112

SHA1
c6452880de6fe3fc0fdc0c255597ee9486add71f

SHA256
ded665d4b11648b2b474006fcc6e595a7c0ebe0bae7a0a9e5ca6ac30b5029d59

SHA512
1e331a9f9f3c00f5f0b4ffc9785e42d165c2c891ca0f63ab160e8e47708a8eb183f8ab4052cc4b24a36ae18eb8779f506112d2bc915a85562ab97689b598caf9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
4f8a28c3b6520bdc333885169ec03a02

SHA1
64b6bad771f4b47096e4f51e4effe2d1cf4f4441

SHA256
b54bbcc6d099cb2b81fcedbcb2ed09e0c3c4a29c8b5dfd4ebf3d9279691ab6d7

SHA512
d6bc6e55fe1cdd542e38b1e7ecba88b2dd80b256407a30ee8b3f23176ec686ae6a2a9cd746c70c74d0f14dfdaf9597cb81520130872a08f928a314173516274c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
398c1feb621133747921b6b8a6e56792

SHA1
d1860bc84178bfadab363684c33c43252a3cba04

SHA256
f5e66d033a902af636cf7c56039619dcbe26208d879fffbc4e38aab5e5839ba9

SHA512
bf982111af2e9a0101d2289641812d38d0933da928c915a0e9172349bbe483f850481d09cf6b9fa979dcb7eee856f4de056e1105211c7f1a4461d4778b5d4dd8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
25680a0d0f58c09e8a5eaa23cf122f3f

SHA1
1707422caccb44e8dfc8f48a4c52832e71a3f780

SHA256
7376caa3ea64470479ebb02caa027d74081283a99ad48e6297b5856069ca9678

SHA512
f3bf0849fe0c9c6fba3b067cad523fe05987f1f6153db11b60b00df7935dc43aeb36e7ae060305c9f69ff81266dc237ac1eec7c2d6e791f96d1a4250a285b94f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
c8c7b81571af36e8b81ecb32fa41b57d

SHA1
858c7c6ab768e5b8453a341458b3fec0f151e7c4

SHA256
1b07a216a307b936b7c69782ccf08363823a64eade3a92d6eb96d9f89c4e29f4

SHA512
ccbdb12ea5b16dd4bad2984d521c5a9644b827540505c6f75b8ff5c551c2ddd383c6a8ab5f9b48f59b0d0afbb1203fd47b8f37c53a33511cbacda329d8a82c74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
3f09a0cfcef36c3ba61fd4d2054b9f44

SHA1
2bc10a8a0fbd54d69ed32f2bc8201e9945f45452

SHA256
00fe778b306d1187b0ddcaef1dc76956d11264e7f8eab75172201524ff325876

SHA512
49c438f505636b80774579b7707b6429dc477696cd7d5897cb783f84af42d09fd6744ca23e5a791e7d02d780678effa04df050867b0b8237b72a72ed27d4da3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
844ecf82e745d8bb7816b66845fd16ff

SHA1
caec100bc59b93a00cf7c9f902e630b23a72e4dd

SHA256
e4ec127dd416a9e1c9a537d35fd8ed58fe0ace0213ec1ad332e10f4b6b954803

SHA512
927e78ee7dc94a8af47a893fdd5cd73380ee919fb539778a2c4b000c2167dff679635378c72b3807b42d4636075270b9c595dbc64178502b2977d32307395b39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
173KB

MD5
48048ee6960db05823ece0ac2a4fee7c

SHA1
56d7a6c6c12d9cd4d09ab7a21caa01a01641f506

SHA256
71161a7d226240cd6197130618cf97b2f173e92410fcd2adb2ed3b0ca6798f21

SHA512
d75dab77392ba77a62fe582897c49ca862a1fbb437a9a970a84deaf0b1cb0f0153bca751a6c18596375a12d16504421f15d15ced41ef340a990871ee48173589

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit