hxxps://postoffice[.]adobe[.]com/po-server/link/redirect?target=eyJhbGciOiJIUzUxMiJ9[.]eyJ0ZW1wbGF0ZSI6ImNjX2NvbGxhYl9kY3NoYXJpbmdfdmlld19lbWFpbCIsImVtYWlsQWRkcmVzcyI6InBheWNvcjEwMUBnbWFpbC5jb20iLCJyZXF1ZXN0SWQiOiI0NjYxNDJiYS1iNzc0LTQwOGUtNzA0YS1lMjA1MWU2ZDhiMjciLCJsaW5rIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9pZC91cm46YWFpZDpzYzpWQTZDMjphNmZmMjZjNy0yYTc3LTQwOWItYTMyZS0zYmFjY2U1NGRlYjciLCJsYWJlbCI6IjExIiwibG9jYWxlIjoiZW5fVVMifQ[.]u-oAk8b9kgFJtjJcrWdywq3pSyxtM6hTnw_yOFkQRmSBgeGRS8HWAFfo_cDBq2GU-oV7l5R8b3MTF8ldjuzCUg

Analysis

max time kernel
299s
max time network
285s
platform
windows10-2004_x64
resource
win10v2004-20231025-en
resource tags

arch:x64arch:x86image:win10v2004-20231025-enlocale:en-usos:windows10-2004-x64system
submitted
22/11/2023, 05:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://postoffice.adobe.com/po-server/link/redirect?target=eyJhbGciOiJIUzUxMiJ9.eyJ0ZW1wbGF0ZSI6ImNjX2NvbGxhYl9kY3NoYXJpbmdfdmlld19lbWFpbCIsImVtYWlsQWRkcmVzcyI6InBheWNvcjEwMUBnbWFpbC5jb20iLCJyZXF1ZXN0SWQiOiI0NjYxNDJiYS1iNzc0LTQwOGUtNzA0YS1lMjA1MWU2ZDhiMjciLCJsaW5rIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9pZC91cm46YWFpZDpzYzpWQTZDMjphNmZmMjZjNy0yYTc3LTQwOWItYTMyZS0zYmFjY2U1NGRlYjciLCJsYWJlbCI6IjExIiwibG9jYWxlIjoiZW5fVVMifQ.u-oAk8b9kgFJtjJcrWdywq3pSyxtM6hTnw_yOFkQRmSBgeGRS8HWAFfo_cDBq2GU-oV7l5R8b3MTF8ldjuzCUg

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133451050497899230"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4444	chrome.exe
4444	chrome.exe
5564	chrome.exe
5564	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe
Token: SeShutdownPrivilege	4444	chrome.exe
Token: SeCreatePagefilePrivilege	4444	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe
4444	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4444 wrote to memory of 1388	4444	chrome.exe	22
PID 4444 wrote to memory of 1388	4444	chrome.exe	22
PID 4444 wrote to memory of 1996	4444	chrome.exe	90
PID 4444 wrote to memory of 1996	4444	chrome.exe	90
PID 4444 wrote to memory of 1996	4444	chrome.exe	90
PID 4444 wrote to memory of 1996	4444	chrome.exe	90
PID 4444 wrote to memory of 1996	4444	chrome.exe	90
PID 4444 wrote to memory of 1996	4444	chrome.exe	90
PID 4444 wrote to memory of 1996	4444	chrome.exe	90
PID 4444 wrote to memory of 1996	4444	chrome.exe	90
PID 4444 wrote to memory of 1996	4444	chrome.exe	90
PID 4444 wrote to memory of 1996	4444	chrome.exe	90
PID 4444 wrote to memory of 1996	4444	chrome.exe	90
PID 4444 wrote to memory of 1996	4444	chrome.exe	90
PID 4444 wrote to memory of 1996	4444	chrome.exe	90
PID 4444 wrote to memory of 1996	4444	chrome.exe	90
PID 4444 wrote to memory of 1996	4444	chrome.exe	90
PID 4444 wrote to memory of 1996	4444	chrome.exe	90
PID 4444 wrote to memory of 1996	4444	chrome.exe	90
PID 4444 wrote to memory of 1996	4444	chrome.exe	90
PID 4444 wrote to memory of 1996	4444	chrome.exe	90
PID 4444 wrote to memory of 1996	4444	chrome.exe	90
PID 4444 wrote to memory of 1996	4444	chrome.exe	90
PID 4444 wrote to memory of 1996	4444	chrome.exe	90
PID 4444 wrote to memory of 1996	4444	chrome.exe	90
PID 4444 wrote to memory of 1996	4444	chrome.exe	90
PID 4444 wrote to memory of 1996	4444	chrome.exe	90
PID 4444 wrote to memory of 1996	4444	chrome.exe	90
PID 4444 wrote to memory of 1996	4444	chrome.exe	90
PID 4444 wrote to memory of 1996	4444	chrome.exe	90
PID 4444 wrote to memory of 1996	4444	chrome.exe	90
PID 4444 wrote to memory of 1996	4444	chrome.exe	90
PID 4444 wrote to memory of 1996	4444	chrome.exe	90
PID 4444 wrote to memory of 1996	4444	chrome.exe	90
PID 4444 wrote to memory of 1996	4444	chrome.exe	90
PID 4444 wrote to memory of 1996	4444	chrome.exe	90
PID 4444 wrote to memory of 1996	4444	chrome.exe	90
PID 4444 wrote to memory of 1996	4444	chrome.exe	90
PID 4444 wrote to memory of 1996	4444	chrome.exe	90
PID 4444 wrote to memory of 1996	4444	chrome.exe	90
PID 4444 wrote to memory of 536	4444	chrome.exe	88
PID 4444 wrote to memory of 536	4444	chrome.exe	88
PID 4444 wrote to memory of 1728	4444	chrome.exe	89
PID 4444 wrote to memory of 1728	4444	chrome.exe	89
PID 4444 wrote to memory of 1728	4444	chrome.exe	89
PID 4444 wrote to memory of 1728	4444	chrome.exe	89
PID 4444 wrote to memory of 1728	4444	chrome.exe	89
PID 4444 wrote to memory of 1728	4444	chrome.exe	89
PID 4444 wrote to memory of 1728	4444	chrome.exe	89
PID 4444 wrote to memory of 1728	4444	chrome.exe	89
PID 4444 wrote to memory of 1728	4444	chrome.exe	89
PID 4444 wrote to memory of 1728	4444	chrome.exe	89
PID 4444 wrote to memory of 1728	4444	chrome.exe	89
PID 4444 wrote to memory of 1728	4444	chrome.exe	89
PID 4444 wrote to memory of 1728	4444	chrome.exe	89
PID 4444 wrote to memory of 1728	4444	chrome.exe	89
PID 4444 wrote to memory of 1728	4444	chrome.exe	89
PID 4444 wrote to memory of 1728	4444	chrome.exe	89
PID 4444 wrote to memory of 1728	4444	chrome.exe	89
PID 4444 wrote to memory of 1728	4444	chrome.exe	89
PID 4444 wrote to memory of 1728	4444	chrome.exe	89
PID 4444 wrote to memory of 1728	4444	chrome.exe	89
PID 4444 wrote to memory of 1728	4444	chrome.exe	89
PID 4444 wrote to memory of 1728	4444	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://postoffice.adobe.com/po-server/link/redirect?target=eyJhbGciOiJIUzUxMiJ9.eyJ0ZW1wbGF0ZSI6ImNjX2NvbGxhYl9kY3NoYXJpbmdfdmlld19lbWFpbCIsImVtYWlsQWRkcmVzcyI6InBheWNvcjEwMUBnbWFpbC5jb20iLCJyZXF1ZXN0SWQiOiI0NjYxNDJiYS1iNzc0LTQwOGUtNzA0YS1lMjA1MWU2ZDhiMjciLCJsaW5rIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9pZC91cm46YWFpZDpzYzpWQTZDMjphNmZmMjZjNy0yYTc3LTQwOWItYTMyZS0zYmFjY2U1NGRlYjciLCJsYWJlbCI6IjExIiwibG9jYWxlIjoiZW5fVVMifQ.u-oAk8b9kgFJtjJcrWdywq3pSyxtM6hTnw_yOFkQRmSBgeGRS8HWAFfo_cDBq2GU-oV7l5R8b3MTF8ldjuzCUg
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xdc,0x100,0x104,0x9c,0x108,0x7ffc733b9758,0x7ffc733b9768,0x7ffc733b9778
  2⤵
  PID:1388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1968 --field-trial-handle=1912,i,16307398083564052506,8155464163625926901,131072 /prefetch:8
  2⤵
  PID:536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2224 --field-trial-handle=1912,i,16307398083564052506,8155464163625926901,131072 /prefetch:8
  2⤵
  PID:1728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1700 --field-trial-handle=1912,i,16307398083564052506,8155464163625926901,131072 /prefetch:2
  2⤵
  PID:1996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3060 --field-trial-handle=1912,i,16307398083564052506,8155464163625926901,131072 /prefetch:1
  2⤵
  PID:3864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3028 --field-trial-handle=1912,i,16307398083564052506,8155464163625926901,131072 /prefetch:1
  2⤵
  PID:3976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=5244 --field-trial-handle=1912,i,16307398083564052506,8155464163625926901,131072 /prefetch:1
  2⤵
  PID:2976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 --field-trial-handle=1912,i,16307398083564052506,8155464163625926901,131072 /prefetch:8
  2⤵
  PID:2548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5664 --field-trial-handle=1912,i,16307398083564052506,8155464163625926901,131072 /prefetch:8
  2⤵
  PID:3960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5944 --field-trial-handle=1912,i,16307398083564052506,8155464163625926901,131072 /prefetch:1
  2⤵
  PID:1944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4740 --field-trial-handle=1912,i,16307398083564052506,8155464163625926901,131072 /prefetch:1
  2⤵
  PID:212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5228 --field-trial-handle=1912,i,16307398083564052506,8155464163625926901,131072 /prefetch:1
  2⤵
  PID:5328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=6140 --field-trial-handle=1912,i,16307398083564052506,8155464163625926901,131072 /prefetch:1
  2⤵
  PID:5504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4008 --field-trial-handle=1912,i,16307398083564052506,8155464163625926901,131072 /prefetch:1
  2⤵
  PID:6036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4604 --field-trial-handle=1912,i,16307398083564052506,8155464163625926901,131072 /prefetch:1
  2⤵
  PID:4036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=904 --field-trial-handle=1912,i,16307398083564052506,8155464163625926901,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5564

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2164

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
33b6461271b0e852ce932b6b44fae0d6

SHA1
936c43e4b158f1ddf6f61f40cdbc14391b475cde

SHA256
46c711166a9378dc00a2a14450cdc7ae152c47d16fe9b9abd21cb8633ffdb3cc

SHA512
766496674843af1a63b656c352faa79d449a2986f351bcf9a2448c860f0b8293bf4ca52a47dfe5057f42e0d1696eb17bce0f61fa466a3f5daec968dfd66a9d4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_acrobat.adobe.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_acrobat.adobe.com_0.indexeddb.leveldb\LOG.old

Filesize
396B

MD5
971db654725658c7b39b96aebfab4204

SHA1
736c4d78517749b183f761baf760707e848ba3af

SHA256
d2095e6ba6d70be854d896c1ca964dbdbeb27d6cbecceb43ee9e239f0641bf4f

SHA512
a79e8b6ab9f84c0ddee639697b0af8fe1aa768bf4d2eae054fdefb8dea3ee631693f7c137c7636efde1274e05b4c4af7477a43fa703031702b8ffddfcbcd84e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_acrobat.adobe.com_0.indexeddb.leveldb\LOG.old~RFe5a511f.TMP

Filesize
355B

MD5
ddd50c3b2d2d44a245c4b8337dd266f2

SHA1
a209b8643c4a56d4f8f0db20d5c37e3c5da664f7

SHA256
204186137d863766fcd230bc9830ba7b049d68e72f8c80142dab9c4a0975ecb1

SHA512
0301f5ee8252710a90257ad79834af46496cfa2cb7a91da46bbb3f7e865b70ac72350d1bc45478fad8d8db4f288220181b2c21c1872b4f269b33ec1049e7ac3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_acrobat.adobe.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
346f6c039ae92cbb046f92a6cf8c1d24

SHA1
ba20f9181c58e52d24aef19b0f1603a719c89371

SHA256
27ae74b4f2b6ce092b385ebc3b6bdc399d4f0379478ffbedaa2097adef21ee4a

SHA512
f7dcb44f1c4a561305179db223f497e5e067a6c0ab99126cda64b4c5475e087a6f2c74b12a77222ae1853e196048392ef4a5127189013c5f0cc9614b24b23492

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
bc1d9b8aef1761a1383949720265ab47

SHA1
5ad5377d2ab7392b8cd1be894755323bc512ea9f

SHA256
43a54a9041fc230aec6d7d09054dc7bad9b314e4dd2c4c44427175d57fc837d8

SHA512
ef5a97ac5d46e6db8190eb4700c624b395bfb79a48697faecd53c27b6d3120602bc37683afbcccd738ebee1421c592ecfcd7622323c71d2ce0cab0c88cbf9045

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
535d1cfc57cc62fc640451ad8d1a78dc

SHA1
6deed7cbde4230dd8dda092a3222b5dda86694cc

SHA256
c5a154874a2a1134e1e07799ef0d38a2205e7e9116d4cb999a9c612b3159db8a

SHA512
dda725914356a8eeeba1ce3217bbfb985b5c84f9fa3aff0c4fb5352e0c47fcbc99e2b53dd70b1e1cda9720240cd56cff4af07f905644080db4ae6a4cc7671375

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
039fc31b156c13d14c27e1afc15a57a7

SHA1
1a4cdfb33804700d878954c5aec09d2409772060

SHA256
2f0342ef002d28383d8b841cf8e6199df31f83311e7a7a7fe5ba57202ad0b88a

SHA512
2c44429f243816b24bde66ffb8c3f7f50abc647f0be9f83c57643710e20e8458e1900f89ffa8eed11f0587c2d8d806d3c1b2ff16e0cdf14f44751e43962c4907

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
a84d40e56cd43c1ba1edcf0ecd65c490

SHA1
c7035ff8f47803dc7f64a419e5f36686689af4ef

SHA256
53c0bc30df4d115590b59c03f359e14ad7520cce76a17c8a03608adbccc59eb5

SHA512
40d478f36c5f2ecd0ae0628fc7c4b89c2ed18027e4596b5651097a1fb224720933225b4b4ecfbb2b7fb5a9da82b02a945b0e53186f732eccfec2c5b869c61080

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
74d9149af43ed9017627b50f83b74ea0

SHA1
388ed9074a609e827befef9eb1a807fb8f9eda41

SHA256
a26998ecc021a222e062f2d02177182c25e458d6d9794539eeab9b3f3c821ef0

SHA512
2cfbb97a8138845fff1cd8dd3509de534e5ad40388ad4c17c15df6c91a94724871e18352498885e6b0ad5da6bbd00dd86d4664cbef90cf918a3016bd1ef90a8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
a974fcb8edef9ce01c1310499df2cbea

SHA1
b148c62a2ab05c136eda5b1c84eeafb047558040

SHA256
58ecc70cdb89ab9d0df8596b74c8093cb1ff13e6f14c8b67654867294de8473a

SHA512
d6af9a35cac941357ad530c0043cbbe9033e0ae815f8dc4abf740a1b1f12e293654d98c36ebec67f50ad47e20484abbc1bd7e48dbb36b987ad830fa5462e60df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\7b539bde8ca0807396a791d6ee4db1189d0e5380\b4b0e795-0c3c-4d32-8c6a-8953da390e88\index-dir\the-real-index

Filesize
72B

MD5
371fcee00364280a37c671ca8e181006

SHA1
e858c7241d384e8c57059c9406880f29a9194a9b

SHA256
4451a09da55d6c5f396ee3cf0ffc32d187bdb807db804bc386f1f3b57238c6fd

SHA512
cd533a47be5d2d4cf033f73696a82e1f8fa144a0ccefdc0b10a5fd873c8e84b0ec540c597f0192cdd678323602411c295d87e47c64ca943a237f2185f5346edc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\7b539bde8ca0807396a791d6ee4db1189d0e5380\b4b0e795-0c3c-4d32-8c6a-8953da390e88\index-dir\the-real-index~RFe57d10b.TMP

Filesize
48B

MD5
fa487d642e7c3a3de6b0e2d0304c0393

SHA1
77b1884c1a003001b2e348e67ca1a938ac23e87b

SHA256
ab67c7d333ca4876ff376547c98b7dd22445b20750164eab1c0f1620619f5673

SHA512
c9667a8c2bf536abf60e7f44ae7f3e7275147af0e8d35c1689ded1735177c7d709e4c765160c5e609815474af3aa20f2f2a785bd0aa530116c55f0c6dcd8902f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\7b539bde8ca0807396a791d6ee4db1189d0e5380\index.txt

Filesize
155B

MD5
995eea1902602652c3524102a5ac8cdf

SHA1
98ed780d0f0f2770b245c48da50ed3effba0521a

SHA256
5938ec8349fc11bddceaf83b2ccc677d983209929dc781c0d6b53498b85639b7

SHA512
d9fa6e31bffa2aec8dcf7c9ae61153f804382b7072a50adb157445cff106c17f83a9b031fc58792993d61a015d1163e6551174e19f42e515746175fb66668d8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\7b539bde8ca0807396a791d6ee4db1189d0e5380\index.txt~RFe57d13a.TMP

Filesize
161B

MD5
e4833d9000c2553c9872dd662b37103d

SHA1
047727e8772e21da527c4e3e4f48a0cfe1386c11

SHA256
3f2079bd7e4b2d418872e96cb54333ea17da26ad4db7ce6ea1db96ff3ba4b3bd

SHA512
6e772a7ef2a0648c836f49566f92cc613789d2829625da3535f8ff82d76c53f053c65a7291785b4b941d6a328e706205103e560e3f895a8ae2ce813904b9e0ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
80c9d5511a3c30b5ab9ab5f4b51b6666

SHA1
423812a6f34257b22dd1faf549fa5919fa6f80b0

SHA256
303abd9fbf94375dc5964afbcf78f956858c0e9d28a7e8c65196c0adbdd28c6f

SHA512
4107aea52e59ef7d9ed08dc914d821d6be9ca32cdfb7bc9c82e2087580d0198c9e232dbfe6d9d377dae98df53efdb94780815e14d7124f5a4123438fe5b0e261

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57d0dd.TMP

Filesize
48B

MD5
ddbb2e0c2bff55d003d9a843d3c87021

SHA1
f9166ab2238ec622fc8a20a90be7c2875c79c29e

SHA256
507ec5980d0c55d012ba325841836a94f16b08c6d2242dbab1ab0c43d139da57

SHA512
836845fd158fcd6a9e021aeb9f55ebc444289a76f300ecf67f5a8e44091c0e00c37bdcb2a88118236cfd2360efc46667c66c536362373ef34dc5d9c95567713e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
66ca9f43209eb1959267253faa9512d0

SHA1
cb39170628ee12ea59f9b92603ab37cca9a79489

SHA256
b5de18ded297e0ad24d83b092b417cd718085494d4ac4909cb03be8fb8572fad

SHA512
4b6a223c87ba686e1d6e2f2c0ebed5dda956120fdd341f7ca712a9bb95423f26df83012a56dad685469024afa83fb6115627196f430677542bfab25b2ec21d03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\b7024264-7c99-4488-8e22-6ff3918d641b.tmp

Filesize
109KB

MD5
c56c17e0dc4c8ca216f9fdcb7b642f95

SHA1
0218162970e31c1724b5c7d2f1a088136067c537

SHA256
512a8b33f9f663a890449f9da50ab30b9a2792d6b2766a62f60ef7525503bf40

SHA512
0724c383b3f32f111f8eaf4bfd8f7a45a4293de59817bf2229f93fcc70f3a6be8dd38dcd08b4447c6d37005af8975e05550c48d44f1ea8b34f5c729140d776e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit