96d20876f5be7bea17a0ded7869cadd73986e85ab8d30b0f7526dfbd0910c40d

Analysis

max time kernel
293s
max time network
271s
platform
windows11-21h2_x64
resource
win11-20240214-en
resource tags

arch:x64arch:x86image:win11-20240214-enlocale:en-usos:windows11-21h2-x64system
submitted
19-02-2024 17:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

resim_2024-02-19_203359987.png
Size

142KB
MD5

4e678235266211745f78e80023e5268d
SHA1

88ba4fc0692c9eaff658948d8ecfce4ec8bf1406
SHA256

96d20876f5be7bea17a0ded7869cadd73986e85ab8d30b0f7526dfbd0910c40d
SHA512

80dd37d7add148c7c111b66041eb1a62f9f1bd412e22d3ad31aa71b5ae8b0d291b1de77e5e0bb70a4726ed3e91da3feabc5485140d0af3fa5479d1732838be6b
SSDEEP

3072:s+xFwSd+7QJK7r1miaPDuNiUYP+Hta6ymopV4GGoQI1A+z9vO1kYnIVg:sCFwkOtA7sNYP+HtaRmojbQI1Dz9vqMK

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1473553098-1580226532-3330220195-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133528376836982537"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
4072	chrome.exe
4072	chrome.exe
5976	AcroRd32.exe
5976	AcroRd32.exe
5976	AcroRd32.exe
5976	AcroRd32.exe
5976	AcroRd32.exe
5976	AcroRd32.exe
5976	AcroRd32.exe
5976	AcroRd32.exe
5976	AcroRd32.exe
5976	AcroRd32.exe
5976	AcroRd32.exe
5976	AcroRd32.exe
5976	AcroRd32.exe
5976	AcroRd32.exe
5976	AcroRd32.exe
5976	AcroRd32.exe
5976	AcroRd32.exe
5976	AcroRd32.exe
5976	AcroRd32.exe
5976	AcroRd32.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 41 IoCs

pid	Process
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4072	chrome.exe
Token: SeCreatePagefilePrivilege	4072	chrome.exe
Token: SeShutdownPrivilege	4072	chrome.exe
Token: SeCreatePagefilePrivilege	4072	chrome.exe
Token: SeShutdownPrivilege	4072	chrome.exe
Token: SeCreatePagefilePrivilege	4072	chrome.exe
Token: SeShutdownPrivilege	4072	chrome.exe
Token: SeCreatePagefilePrivilege	4072	chrome.exe
Token: SeShutdownPrivilege	4072	chrome.exe
Token: SeCreatePagefilePrivilege	4072	chrome.exe
Token: SeShutdownPrivilege	4072	chrome.exe
Token: SeCreatePagefilePrivilege	4072	chrome.exe
Token: SeShutdownPrivilege	4072	chrome.exe
Token: SeCreatePagefilePrivilege	4072	chrome.exe
Token: SeShutdownPrivilege	4072	chrome.exe
Token: SeCreatePagefilePrivilege	4072	chrome.exe
Token: SeShutdownPrivilege	4072	chrome.exe
Token: SeCreatePagefilePrivilege	4072	chrome.exe
Token: SeShutdownPrivilege	4072	chrome.exe
Token: SeCreatePagefilePrivilege	4072	chrome.exe
Token: SeShutdownPrivilege	4072	chrome.exe
Token: SeCreatePagefilePrivilege	4072	chrome.exe
Token: SeShutdownPrivilege	4072	chrome.exe
Token: SeCreatePagefilePrivilege	4072	chrome.exe
Token: SeShutdownPrivilege	4072	chrome.exe
Token: SeCreatePagefilePrivilege	4072	chrome.exe
Token: SeShutdownPrivilege	4072	chrome.exe
Token: SeCreatePagefilePrivilege	4072	chrome.exe
Token: SeShutdownPrivilege	4072	chrome.exe
Token: SeCreatePagefilePrivilege	4072	chrome.exe
Token: SeShutdownPrivilege	4072	chrome.exe
Token: SeCreatePagefilePrivilege	4072	chrome.exe
Token: SeShutdownPrivilege	4072	chrome.exe
Token: SeCreatePagefilePrivilege	4072	chrome.exe
Token: SeShutdownPrivilege	4072	chrome.exe
Token: SeCreatePagefilePrivilege	4072	chrome.exe
Token: SeShutdownPrivilege	4072	chrome.exe
Token: SeCreatePagefilePrivilege	4072	chrome.exe
Token: SeShutdownPrivilege	4072	chrome.exe
Token: SeCreatePagefilePrivilege	4072	chrome.exe
Token: SeShutdownPrivilege	4072	chrome.exe
Token: SeCreatePagefilePrivilege	4072	chrome.exe
Token: SeShutdownPrivilege	4072	chrome.exe
Token: SeCreatePagefilePrivilege	4072	chrome.exe
Token: SeShutdownPrivilege	4072	chrome.exe
Token: SeCreatePagefilePrivilege	4072	chrome.exe
Token: SeShutdownPrivilege	4072	chrome.exe
Token: SeCreatePagefilePrivilege	4072	chrome.exe
Token: SeShutdownPrivilege	4072	chrome.exe
Token: SeCreatePagefilePrivilege	4072	chrome.exe
Token: SeShutdownPrivilege	4072	chrome.exe
Token: SeCreatePagefilePrivilege	4072	chrome.exe
Token: SeShutdownPrivilege	4072	chrome.exe
Token: SeCreatePagefilePrivilege	4072	chrome.exe
Token: SeShutdownPrivilege	4072	chrome.exe
Token: SeCreatePagefilePrivilege	4072	chrome.exe
Token: SeShutdownPrivilege	4072	chrome.exe
Token: SeCreatePagefilePrivilege	4072	chrome.exe
Token: SeShutdownPrivilege	4072	chrome.exe
Token: SeCreatePagefilePrivilege	4072	chrome.exe
Token: SeShutdownPrivilege	4072	chrome.exe
Token: SeCreatePagefilePrivilege	4072	chrome.exe
Token: SeShutdownPrivilege	4072	chrome.exe
Token: SeCreatePagefilePrivilege	4072	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe
4072	chrome.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
5976	AcroRd32.exe
5976	AcroRd32.exe
5976	AcroRd32.exe
5976	AcroRd32.exe
5976	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4072 wrote to memory of 3964	4072	chrome.exe	84
PID 4072 wrote to memory of 3964	4072	chrome.exe	84
PID 4072 wrote to memory of 2920	4072	chrome.exe	86
PID 4072 wrote to memory of 2920	4072	chrome.exe	86
PID 4072 wrote to memory of 2920	4072	chrome.exe	86
PID 4072 wrote to memory of 2920	4072	chrome.exe	86
PID 4072 wrote to memory of 2920	4072	chrome.exe	86
PID 4072 wrote to memory of 2920	4072	chrome.exe	86
PID 4072 wrote to memory of 2920	4072	chrome.exe	86
PID 4072 wrote to memory of 2920	4072	chrome.exe	86
PID 4072 wrote to memory of 2920	4072	chrome.exe	86
PID 4072 wrote to memory of 2920	4072	chrome.exe	86
PID 4072 wrote to memory of 2920	4072	chrome.exe	86
PID 4072 wrote to memory of 2920	4072	chrome.exe	86
PID 4072 wrote to memory of 2920	4072	chrome.exe	86
PID 4072 wrote to memory of 2920	4072	chrome.exe	86
PID 4072 wrote to memory of 2920	4072	chrome.exe	86
PID 4072 wrote to memory of 2920	4072	chrome.exe	86
PID 4072 wrote to memory of 2920	4072	chrome.exe	86
PID 4072 wrote to memory of 2920	4072	chrome.exe	86
PID 4072 wrote to memory of 2920	4072	chrome.exe	86
PID 4072 wrote to memory of 2920	4072	chrome.exe	86
PID 4072 wrote to memory of 2920	4072	chrome.exe	86
PID 4072 wrote to memory of 2920	4072	chrome.exe	86
PID 4072 wrote to memory of 2920	4072	chrome.exe	86
PID 4072 wrote to memory of 2920	4072	chrome.exe	86
PID 4072 wrote to memory of 2920	4072	chrome.exe	86
PID 4072 wrote to memory of 2920	4072	chrome.exe	86
PID 4072 wrote to memory of 2920	4072	chrome.exe	86
PID 4072 wrote to memory of 2920	4072	chrome.exe	86
PID 4072 wrote to memory of 2920	4072	chrome.exe	86
PID 4072 wrote to memory of 2920	4072	chrome.exe	86
PID 4072 wrote to memory of 2920	4072	chrome.exe	86
PID 4072 wrote to memory of 2920	4072	chrome.exe	86
PID 4072 wrote to memory of 2920	4072	chrome.exe	86
PID 4072 wrote to memory of 2920	4072	chrome.exe	86
PID 4072 wrote to memory of 2920	4072	chrome.exe	86
PID 4072 wrote to memory of 2920	4072	chrome.exe	86
PID 4072 wrote to memory of 2920	4072	chrome.exe	86
PID 4072 wrote to memory of 2920	4072	chrome.exe	86
PID 4072 wrote to memory of 752	4072	chrome.exe	87
PID 4072 wrote to memory of 752	4072	chrome.exe	87
PID 4072 wrote to memory of 2136	4072	chrome.exe	88
PID 4072 wrote to memory of 2136	4072	chrome.exe	88
PID 4072 wrote to memory of 2136	4072	chrome.exe	88
PID 4072 wrote to memory of 2136	4072	chrome.exe	88
PID 4072 wrote to memory of 2136	4072	chrome.exe	88
PID 4072 wrote to memory of 2136	4072	chrome.exe	88
PID 4072 wrote to memory of 2136	4072	chrome.exe	88
PID 4072 wrote to memory of 2136	4072	chrome.exe	88
PID 4072 wrote to memory of 2136	4072	chrome.exe	88
PID 4072 wrote to memory of 2136	4072	chrome.exe	88
PID 4072 wrote to memory of 2136	4072	chrome.exe	88
PID 4072 wrote to memory of 2136	4072	chrome.exe	88
PID 4072 wrote to memory of 2136	4072	chrome.exe	88
PID 4072 wrote to memory of 2136	4072	chrome.exe	88
PID 4072 wrote to memory of 2136	4072	chrome.exe	88
PID 4072 wrote to memory of 2136	4072	chrome.exe	88
PID 4072 wrote to memory of 2136	4072	chrome.exe	88
PID 4072 wrote to memory of 2136	4072	chrome.exe	88
PID 4072 wrote to memory of 2136	4072	chrome.exe	88
PID 4072 wrote to memory of 2136	4072	chrome.exe	88
PID 4072 wrote to memory of 2136	4072	chrome.exe	88
PID 4072 wrote to memory of 2136	4072	chrome.exe	88

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\resim_2024-02-19_203359987.png
1⤵
PID:4896

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe4cf59758,0x7ffe4cf59768,0x7ffe4cf59778
  2⤵
  PID:3964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 --field-trial-handle=1820,i,192928474756913610,11608981216083826731,131072 /prefetch:2
  2⤵
  PID:2920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1820,i,192928474756913610,11608981216083826731,131072 /prefetch:8
  2⤵
  PID:752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2196 --field-trial-handle=1820,i,192928474756913610,11608981216083826731,131072 /prefetch:8
  2⤵
  PID:2136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3204 --field-trial-handle=1820,i,192928474756913610,11608981216083826731,131072 /prefetch:1
  2⤵
  PID:2680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3180 --field-trial-handle=1820,i,192928474756913610,11608981216083826731,131072 /prefetch:1
  2⤵
  PID:3700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4532 --field-trial-handle=1820,i,192928474756913610,11608981216083826731,131072 /prefetch:1
  2⤵
  PID:2248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5000 --field-trial-handle=1820,i,192928474756913610,11608981216083826731,131072 /prefetch:8
  2⤵
  PID:4268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5096 --field-trial-handle=1820,i,192928474756913610,11608981216083826731,131072 /prefetch:8
  2⤵
  PID:4364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 --field-trial-handle=1820,i,192928474756913610,11608981216083826731,131072 /prefetch:8
  2⤵
  PID:4840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5192 --field-trial-handle=1820,i,192928474756913610,11608981216083826731,131072 /prefetch:1
  2⤵
  PID:744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5384 --field-trial-handle=1820,i,192928474756913610,11608981216083826731,131072 /prefetch:1
  2⤵
  PID:2300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5024 --field-trial-handle=1820,i,192928474756913610,11608981216083826731,131072 /prefetch:1
  2⤵
  PID:3956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4904 --field-trial-handle=1820,i,192928474756913610,11608981216083826731,131072 /prefetch:1
  2⤵
  PID:2536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5828 --field-trial-handle=1820,i,192928474756913610,11608981216083826731,131072 /prefetch:1
  2⤵
  PID:1628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5804 --field-trial-handle=1820,i,192928474756913610,11608981216083826731,131072 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6012 --field-trial-handle=1820,i,192928474756913610,11608981216083826731,131072 /prefetch:1
  2⤵
  PID:1420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6560 --field-trial-handle=1820,i,192928474756913610,11608981216083826731,131072 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6416 --field-trial-handle=1820,i,192928474756913610,11608981216083826731,131072 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6264 --field-trial-handle=1820,i,192928474756913610,11608981216083826731,131072 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6016 --field-trial-handle=1820,i,192928474756913610,11608981216083826731,131072 /prefetch:1
  2⤵
  PID:1208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6912 --field-trial-handle=1820,i,192928474756913610,11608981216083826731,131072 /prefetch:8
  2⤵
  PID:1736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6940 --field-trial-handle=1820,i,192928474756913610,11608981216083826731,131072 /prefetch:1
  2⤵
  PID:1960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=7064 --field-trial-handle=1820,i,192928474756913610,11608981216083826731,131072 /prefetch:1
  2⤵
  PID:5160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=7128 --field-trial-handle=1820,i,192928474756913610,11608981216083826731,131072 /prefetch:1
  2⤵
  PID:5188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=7504 --field-trial-handle=1820,i,192928474756913610,11608981216083826731,131072 /prefetch:1
  2⤵
  PID:5200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=7708 --field-trial-handle=1820,i,192928474756913610,11608981216083826731,131072 /prefetch:1
  2⤵
  PID:5312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=7632 --field-trial-handle=1820,i,192928474756913610,11608981216083826731,131072 /prefetch:1
  2⤵
  PID:5440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=7692 --field-trial-handle=1820,i,192928474756913610,11608981216083826731,131072 /prefetch:1
  2⤵
  PID:5512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=7388 --field-trial-handle=1820,i,192928474756913610,11608981216083826731,131072 /prefetch:1
  2⤵
  PID:5520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=8072 --field-trial-handle=1820,i,192928474756913610,11608981216083826731,131072 /prefetch:1
  2⤵
  PID:5676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=8428 --field-trial-handle=1820,i,192928474756913610,11608981216083826731,131072 /prefetch:1
  2⤵
  PID:5756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=4764 --field-trial-handle=1820,i,192928474756913610,11608981216083826731,131072 /prefetch:1
  2⤵
  PID:5320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=2616 --field-trial-handle=1820,i,192928474756913610,11608981216083826731,131072 /prefetch:1
  2⤵
  PID:6064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=7692 --field-trial-handle=1820,i,192928474756913610,11608981216083826731,131072 /prefetch:1
  2⤵
  PID:1632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=8616 --field-trial-handle=1820,i,192928474756913610,11608981216083826731,131072 /prefetch:1
  2⤵
  PID:6100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=7312 --field-trial-handle=1820,i,192928474756913610,11608981216083826731,131072 /prefetch:1
  2⤵
  PID:5532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=4856 --field-trial-handle=1820,i,192928474756913610,11608981216083826731,131072 /prefetch:1
  2⤵
  PID:5724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=7840 --field-trial-handle=1820,i,192928474756913610,11608981216083826731,131072 /prefetch:1
  2⤵
  PID:5316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=8636 --field-trial-handle=1820,i,192928474756913610,11608981216083826731,131072 /prefetch:1
  2⤵
  PID:5516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=7292 --field-trial-handle=1820,i,192928474756913610,11608981216083826731,131072 /prefetch:1
  2⤵
  PID:5660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=8420 --field-trial-handle=1820,i,192928474756913610,11608981216083826731,131072 /prefetch:1
  2⤵
  PID:5364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=8000 --field-trial-handle=1820,i,192928474756913610,11608981216083826731,131072 /prefetch:1
  2⤵
  PID:5680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=9008 --field-trial-handle=1820,i,192928474756913610,11608981216083826731,131072 /prefetch:1
  2⤵
  PID:5784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=7372 --field-trial-handle=1820,i,192928474756913610,11608981216083826731,131072 /prefetch:1
  2⤵
  PID:3568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=9000 --field-trial-handle=1820,i,192928474756913610,11608981216083826731,131072 /prefetch:1
  2⤵
  PID:232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=6632 --field-trial-handle=1820,i,192928474756913610,11608981216083826731,131072 /prefetch:1
  2⤵
  PID:5700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=7568 --field-trial-handle=1820,i,192928474756913610,11608981216083826731,131072 /prefetch:1
  2⤵
  PID:5620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=7524 --field-trial-handle=1820,i,192928474756913610,11608981216083826731,131072 /prefetch:1
  2⤵
  PID:2328

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2300

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Public\Desktop\VLC media player.lnk"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:5976
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  PID:4076
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=8DD959C52F1BDAD87B812554E45F1FA1 --mojo-platform-channel-handle=1804 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:5736
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=9102393AAF28485294363E7F76BD8705 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=9102393AAF28485294363E7F76BD8705 --renderer-client-id=2 --mojo-platform-channel-handle=1820 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:5296
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=0C5A53614FBC1D982987BA66035093C0 --mojo-platform-channel-handle=2340 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:5508
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=AA84FC98DA9B1B169F07A27CEA90B7CF --mojo-platform-channel-handle=2344 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3480
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=0D3C5A45FB4206A94A7AF0E64B039907 --mojo-platform-channel-handle=2368 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:5148

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
36KB

MD5
b30d3becc8731792523d599d949e63f5

SHA1
19350257e42d7aee17fb3bf139a9d3adb330fad4

SHA256
b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

SHA512
523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
56KB

MD5
752a1f26b18748311b691c7d8fc20633

SHA1
c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

SHA256
111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

SHA512
a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
f10e7275653cd684946bb8af3f7ce9e8

SHA1
bd1e784a25fe39edd36a79bc563e43dc50b37d7f

SHA256
bc52fa75666628b78a38b948dd334a94a5912c351732e241bc103a4f003c6b7e

SHA512
e07dd9a76840ef46c0ef46e18ce8f1b4eeaf37d1a13d1c5bad261ef494c6529fd7f1dd556a0f82509e1b3b72647e367819d92db4594d4256529f136b8e8744ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
61KB

MD5
a1eb05b2e53b4908558d8ff04593ba0d

SHA1
cf7fc2706462d69876d05b3a8485a5b5ff71bfdd

SHA256
d95fd728438d7db547d3f5aa714b2bc81add8cce4dd03b0ce479d2dcfc61bd52

SHA512
108ab871d7bb98b5feb0fcbf6705710b34976da63ffe1033c8b3fe9ef2723238d9686f3a1d49f64b6f11dacb69953effd81badcf4ff42d3506bf0e85fcbe9b1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
362220101321c2cafd3b107ebc132fb7

SHA1
6109d58a4a5339800c68760e1c58f41094acd7e8

SHA256
90eb013732d0876af7238c368ed16e09145dae7bb678a7f6bbcd154d6b55b0ed

SHA512
de9f57764b25a867c87acb7b32bb8ee36167b67c04a9e85e50aa8f16a537debaa903b9471b34a11bb4cc2a2c46838b70f1f8700262f78fc01f6155cf762928f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
65fa41f861d35a2dc626d7e6fcfdf2be

SHA1
e07fb069679ae072412eddc9b230836b0d853089

SHA256
a1fe9e16b619f00d2d8fec961cb0c1c2e023e69261886ec49e43fdef65444c5e

SHA512
901f1081b8f39aa5da5b2bd3a0dfbdb5102e29dbdec63b42632826e7df14d36581fe9c305231dddf0e4cb46da605c423397a0f6bd1a6c730a31fdb6360c88a20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
56e1c1325fcb0505d4438fbd8c7264dc

SHA1
a3dccecfbc2a654e76a4431f30e600a7ef991ef4

SHA256
5e9317cbe6d90d2e5fae01ae9a9f0ce325ad383a3d36568ea261ccc282e65c8e

SHA512
55ece30684cc1354822de1cd068509849a21139fdf72a051d673a46cce1158c72360e5ca3dfd0e49de79b0f9ee8904b9c35b6d0e0047ede41728bc3723a4a253

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\7a6aac7e-71ea-4e38-8939-06e8524c334d.tmp

Filesize
12KB

MD5
07cc319315417a73f71f32d6e7de308d

SHA1
23c045097abfe6505877830556fb4b4b8dc86f86

SHA256
151e9082576431a7155987a1c0087b1ad4a44361e74e228e4a49eee8460bb7d6

SHA512
581b934e3a592a3eddec586237e54725a7b2ce2e6a04472b239d4b5eaccd83ec93f76ffcbde3f01e46d765c60e5bccc211bbf2cd38b55314f54b936901ebbadc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
14KB

MD5
c385d38a65520035a2672dbeb3641a01

SHA1
b05204da03aa6cc89033b3bcc2ff07f88a95124b

SHA256
9a28d498fd0118e073c1aa90cb9a465e72b633f198c055844fed33d983d7617b

SHA512
2af0651d38df3cfd22e9eab6b62d3718228751b4fa7484933388dba3b659ee54a65d73e5fce9482c27672e42e13f949b9abd78eb7e8cb5a33175146630bc8343

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
418b9359f0e8eb4a3daa62819f3e9a92

SHA1
33bead6cc4bc10873b64ff78bff92cb77634d45c

SHA256
cbbb46e09d08d0153324a9e4da7f67d74f700d4c04c594d69825918fa00c6351

SHA512
bd95b1b9a9437c3b73c77c0b43ddba9c371833f992f07db3d0fb3827b0923121f7b5fcd281636208872ebdb30bddad403db199de230c09cdd56983310f43759f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
232a59bf96c41cea8e9afc92edd92323

SHA1
978f9557ae5baa6f693ac4677cffb335b0bc34d9

SHA256
8651b0c4016b46279d72d1216f6f65ff9aeaabd988b405c0178794b944629f7e

SHA512
46420d6a6ebd924ac2d67b2e088dd42efb501f0db4491df30715e4209026ff96bc619f8b4c6349b8ef85e8948eff96966b72e34a427d03e72c11488a5ecb6686

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
fabf3d9d528da4eb8e09542b19910c83

SHA1
5ce10985aaf5374239844247e7b542805066849d

SHA256
88deb03cf5e286526212c7bcc3fbc90f86b9594b4fb011c92ef84e24a69d7f19

SHA512
e58421d6644904258eb6b7f620301767ccaed8f3a65267692e1de6d9107623e5482328e304a0a426055350596beab8b4819e04a851e15e81030b93ef3b4ca213

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
d2d2ad996dd62eeb8b11b2104663c1d4

SHA1
1e30dfcd387da6657e5c58cd72325434aca694c3

SHA256
f37190ee9daf1f53d099981d970a23a58591312ce0c9320bdc61bd8e115ee500

SHA512
422e4e354a0f2531e90a6d90b049d45d2aad39c498f2fa10d637d24570b63d0ab8349ab653fba7d1abc6dba6f6430a264690a56d4e9074c83952fae14178418f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
922fec7e3c078138eebc7e5b870f056e

SHA1
5c2ef8d0f0c54d758714e5e85cca21629088269d

SHA256
8bc9f0bf1eabe3f832a83b5d7ecc8519837db3571243c85ee13b1beee93e2ce0

SHA512
33609c6e4f50d5054f4379efb2c85a5fa06f4588a96a0aafb01c77e6805240004b2101b0125054023314b9475cb41f0775447eb81951d465a9fd6062e5583978

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bbbcec54f05de67bf1b3d82dc2219a71

SHA1
e504a3a85ba3d6bdd51748d38545d1b32eee5ac9

SHA256
7a2d14e3d2b8a228b61a589b370d33048dcb3745d358c0f23bfec83795c2e90b

SHA512
a2f594ce0ddc1599d38c5150ee6e1e2dc8afc70e71693b795e0e25f0d8fe0e4da83f7633d1e91dd6e0e9aab923a730752a9a88ecb814540b5a344e252759b6e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
6ce41417a8b1d2e42dfa4c7b90345b9b

SHA1
bc96285f841561ef36cfb39da06d491bdd3d0fb0

SHA256
82e586a6b18fa5e69ae6d462225ef39bef93450ba1cf64b036af90acd034ecef

SHA512
69ce297686b70eca484a08d4a8fa28ac9f8a0824807d37cc07021da9d47d5de3fd8d0ba4d426cdd6b463a46df2ff6f8fc7a1da59dfb2104b66a9ac23dd93fc9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4ae4ffa0db2dfa2b5175ee77039f420c

SHA1
9bae4a11172f6946da87403045150d09f974ae37

SHA256
fa0767b322084c6f7b69804328b92c657ece6c060374f9fb2d57b1aa7e14aba0

SHA512
4492f46dccbd161d948eda45285cb40f2c9fd6afdbcdf4d3fdbb36d354eb003c0954e4c2c3666d5863a0258fad4ec19f9390c2d39761bed2669ad7613af7ae70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f40abdbae02cedf97fff46379af9e410

SHA1
cb9628855f4ea44202151b7787d9e478e2429ac3

SHA256
fe02d628fba9f84a4f1df0d6085b563d14965c7462c2c3ed799d707fbfe59406

SHA512
3c17fb3a13535ebd95505c8d91307aaef6b88c01e64fb78eeae412f86a5a7022edace2aae0462dc7bc7439b1eacda2eaf3b8b12ff73a59acccba3da303496e3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bf9e536698846a7b915708017a7b33ec

SHA1
b986449b8636e4134df738886f51175bb7f25bde

SHA256
82fb069a5ed03d1e44be394136e24a5ef9c948c090cba875667dca97f8b58650

SHA512
5d1446d7fcd490ce2731a5d09e00b2fa197d19754e709247cdde8a4f54e74f2fcfeb2d9cec5450e11984f432c0e0c5d4dbb3145668ae7f49082bf905bf19ac88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
859a1a8876dd85ce43f93ffc48036420

SHA1
63024ef23d700e9b0defdc1387d5012dabe946a6

SHA256
ff96aa954f9d9a4d871eb97e48ab6b1ae37b23a7d03e3efa3a6dd25c34bfc250

SHA512
8665e59e949859980e1ca59517090ad52104e4182bd19b49f6506e2afcaeaed7f9ab5990ac9c03e68da03f28fd8d5149ab17ff26d638872e469f9e64db8dbf37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
f93b284207b9a72996d688d721542fc6

SHA1
54a910fdb757255f3464962f0d602a86bf52b4fa

SHA256
68745504fb44dd833e67aaec2ca2a6c6e8796c23672d18200de8ee3dc5e6f4b0

SHA512
7077bba935f5d4a46c3dad397fd44c4e8acbe5671192ca3171ff26ec7571d397a69dc1abc85c667e6868ba136f351efa80350285ef153e6f783f2e6f3a35e798

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
c5820a1db6abbc000f82ac0a3828ba4e

SHA1
6bdd8d86b6bdcd51d4d1da29e42cb407e0da609b

SHA256
da3434c839872e6cef4725cae53a629aae6e43a13748551962cc2b469d825a29

SHA512
8ac86d4f0e5e6058869a4d6f32c08b51336e6335b646b3e3e6b98f31382d531fe0a747e73f4405f753c8a3d36a3593ee94b90920d77411d615782c5c12341460

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit