hxxps://postoffice[.]adobe[.]com/po-server/link/redirect?target=eyJhbGciOiJIUzUxMiJ9[.]eyJ0ZW1wbGF0ZSI6ImNjX2NvbGxhYl9kY3NoYXJpbmdfdmlld19lbWFpbCIsImVtYWlsQWRkcmVzcyI6InJvZG5leS50b3dubnNlbmRAZ21haWwuY29tIiwicmVxdWVzdElkIjoiNjhiNjQ1ZDYtYzRhYi00ZWUyLTcyNzMtMTYyY2NkYWY4Yzk4IiwibGluayI6Imh0dHBzOi8vYWNyb2JhdC5hZG9iZS5jb20vaWQvdXJuOmFhaWQ6c2M6VkE2QzI6NzBlMjdjMzktYzE1Ni00MjkxLWE3ZTMtNTExMjQ5NjFiYWExIiwibGFiZWwiOiIxMCIsImxvY2FsZSI6ImVuX1VTIn0[.]gYux9D0q6EaVmO59ms-GeeRhe541OC6360AXu1FZOyZNpe9QG41EZb7-GGlSmxwtkh2QQpuUiJvJBYU-SzMEfw

Analysis

max time kernel
390s
max time network
388s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
18/03/2024, 18:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://postoffice.adobe.com/po-server/link/redirect?target=eyJhbGciOiJIUzUxMiJ9.eyJ0ZW1wbGF0ZSI6ImNjX2NvbGxhYl9kY3NoYXJpbmdfdmlld19lbWFpbCIsImVtYWlsQWRkcmVzcyI6InJvZG5leS50b3dubnNlbmRAZ21haWwuY29tIiwicmVxdWVzdElkIjoiNjhiNjQ1ZDYtYzRhYi00ZWUyLTcyNzMtMTYyY2NkYWY4Yzk4IiwibGluayI6Imh0dHBzOi8vYWNyb2JhdC5hZG9iZS5jb20vaWQvdXJuOmFhaWQ6c2M6VkE2QzI6NzBlMjdjMzktYzE1Ni00MjkxLWE3ZTMtNTExMjQ5NjFiYWExIiwibGFiZWwiOiIxMCIsImxvY2FsZSI6ImVuX1VTIn0.gYux9D0q6EaVmO59ms-GeeRhe541OC6360AXu1FZOyZNpe9QG41EZb7-GGlSmxwtkh2QQpuUiJvJBYU-SzMEfw

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133552585925089733"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-513485977-2495024337-1260977654-1000\{F9998376-3BCD-4F5F-BD69-91E0463807AC}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1320	chrome.exe
1320	chrome.exe
6052	chrome.exe
6052	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe
Token: SeShutdownPrivilege	1320	chrome.exe
Token: SeCreatePagefilePrivilege	1320	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe
1320	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1320 wrote to memory of 4924	1320	chrome.exe	90
PID 1320 wrote to memory of 4924	1320	chrome.exe	90
PID 1320 wrote to memory of 2380	1320	chrome.exe	92
PID 1320 wrote to memory of 2380	1320	chrome.exe	92
PID 1320 wrote to memory of 2380	1320	chrome.exe	92
PID 1320 wrote to memory of 2380	1320	chrome.exe	92
PID 1320 wrote to memory of 2380	1320	chrome.exe	92
PID 1320 wrote to memory of 2380	1320	chrome.exe	92
PID 1320 wrote to memory of 2380	1320	chrome.exe	92
PID 1320 wrote to memory of 2380	1320	chrome.exe	92
PID 1320 wrote to memory of 2380	1320	chrome.exe	92
PID 1320 wrote to memory of 2380	1320	chrome.exe	92
PID 1320 wrote to memory of 2380	1320	chrome.exe	92
PID 1320 wrote to memory of 2380	1320	chrome.exe	92
PID 1320 wrote to memory of 2380	1320	chrome.exe	92
PID 1320 wrote to memory of 2380	1320	chrome.exe	92
PID 1320 wrote to memory of 2380	1320	chrome.exe	92
PID 1320 wrote to memory of 2380	1320	chrome.exe	92
PID 1320 wrote to memory of 2380	1320	chrome.exe	92
PID 1320 wrote to memory of 2380	1320	chrome.exe	92
PID 1320 wrote to memory of 2380	1320	chrome.exe	92
PID 1320 wrote to memory of 2380	1320	chrome.exe	92
PID 1320 wrote to memory of 2380	1320	chrome.exe	92
PID 1320 wrote to memory of 2380	1320	chrome.exe	92
PID 1320 wrote to memory of 2380	1320	chrome.exe	92
PID 1320 wrote to memory of 2380	1320	chrome.exe	92
PID 1320 wrote to memory of 2380	1320	chrome.exe	92
PID 1320 wrote to memory of 2380	1320	chrome.exe	92
PID 1320 wrote to memory of 2380	1320	chrome.exe	92
PID 1320 wrote to memory of 2380	1320	chrome.exe	92
PID 1320 wrote to memory of 2380	1320	chrome.exe	92
PID 1320 wrote to memory of 2380	1320	chrome.exe	92
PID 1320 wrote to memory of 2380	1320	chrome.exe	92
PID 1320 wrote to memory of 2380	1320	chrome.exe	92
PID 1320 wrote to memory of 2380	1320	chrome.exe	92
PID 1320 wrote to memory of 2380	1320	chrome.exe	92
PID 1320 wrote to memory of 2380	1320	chrome.exe	92
PID 1320 wrote to memory of 2380	1320	chrome.exe	92
PID 1320 wrote to memory of 2380	1320	chrome.exe	92
PID 1320 wrote to memory of 2380	1320	chrome.exe	92
PID 1320 wrote to memory of 2364	1320	chrome.exe	93
PID 1320 wrote to memory of 2364	1320	chrome.exe	93
PID 1320 wrote to memory of 1828	1320	chrome.exe	94
PID 1320 wrote to memory of 1828	1320	chrome.exe	94
PID 1320 wrote to memory of 1828	1320	chrome.exe	94
PID 1320 wrote to memory of 1828	1320	chrome.exe	94
PID 1320 wrote to memory of 1828	1320	chrome.exe	94
PID 1320 wrote to memory of 1828	1320	chrome.exe	94
PID 1320 wrote to memory of 1828	1320	chrome.exe	94
PID 1320 wrote to memory of 1828	1320	chrome.exe	94
PID 1320 wrote to memory of 1828	1320	chrome.exe	94
PID 1320 wrote to memory of 1828	1320	chrome.exe	94
PID 1320 wrote to memory of 1828	1320	chrome.exe	94
PID 1320 wrote to memory of 1828	1320	chrome.exe	94
PID 1320 wrote to memory of 1828	1320	chrome.exe	94
PID 1320 wrote to memory of 1828	1320	chrome.exe	94
PID 1320 wrote to memory of 1828	1320	chrome.exe	94
PID 1320 wrote to memory of 1828	1320	chrome.exe	94
PID 1320 wrote to memory of 1828	1320	chrome.exe	94
PID 1320 wrote to memory of 1828	1320	chrome.exe	94
PID 1320 wrote to memory of 1828	1320	chrome.exe	94
PID 1320 wrote to memory of 1828	1320	chrome.exe	94
PID 1320 wrote to memory of 1828	1320	chrome.exe	94
PID 1320 wrote to memory of 1828	1320	chrome.exe	94

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://postoffice.adobe.com/po-server/link/redirect?target=eyJhbGciOiJIUzUxMiJ9.eyJ0ZW1wbGF0ZSI6ImNjX2NvbGxhYl9kY3NoYXJpbmdfdmlld19lbWFpbCIsImVtYWlsQWRkcmVzcyI6InJvZG5leS50b3dubnNlbmRAZ21haWwuY29tIiwicmVxdWVzdElkIjoiNjhiNjQ1ZDYtYzRhYi00ZWUyLTcyNzMtMTYyY2NkYWY4Yzk4IiwibGluayI6Imh0dHBzOi8vYWNyb2JhdC5hZG9iZS5jb20vaWQvdXJuOmFhaWQ6c2M6VkE2QzI6NzBlMjdjMzktYzE1Ni00MjkxLWE3ZTMtNTExMjQ5NjFiYWExIiwibGFiZWwiOiIxMCIsImxvY2FsZSI6ImVuX1VTIn0.gYux9D0q6EaVmO59ms-GeeRhe541OC6360AXu1FZOyZNpe9QG41EZb7-GGlSmxwtkh2QQpuUiJvJBYU-SzMEfw
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdf6149758,0x7ffdf6149768,0x7ffdf6149778
  2⤵
  PID:4924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 --field-trial-handle=1884,i,17421694230021170631,7943969706372199312,131072 /prefetch:2
  2⤵
  PID:2380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=1884,i,17421694230021170631,7943969706372199312,131072 /prefetch:8
  2⤵
  PID:2364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1884,i,17421694230021170631,7943969706372199312,131072 /prefetch:8
  2⤵
  PID:1828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2960 --field-trial-handle=1884,i,17421694230021170631,7943969706372199312,131072 /prefetch:1
  2⤵
  PID:1960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2968 --field-trial-handle=1884,i,17421694230021170631,7943969706372199312,131072 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=5724 --field-trial-handle=1884,i,17421694230021170631,7943969706372199312,131072 /prefetch:1
  2⤵
  PID:3988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5772 --field-trial-handle=1884,i,17421694230021170631,7943969706372199312,131072 /prefetch:1
  2⤵
  PID:4660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3276 --field-trial-handle=1884,i,17421694230021170631,7943969706372199312,131072 /prefetch:1
  2⤵
  PID:376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=6060 --field-trial-handle=1884,i,17421694230021170631,7943969706372199312,131072 /prefetch:1
  2⤵
  PID:3872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 --field-trial-handle=1884,i,17421694230021170631,7943969706372199312,131072 /prefetch:8
  2⤵
  PID:2532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4884 --field-trial-handle=1884,i,17421694230021170631,7943969706372199312,131072 /prefetch:8
  2⤵
  PID:5128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5400 --field-trial-handle=1884,i,17421694230021170631,7943969706372199312,131072 /prefetch:8
  2⤵
  PID:5760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4976 --field-trial-handle=1884,i,17421694230021170631,7943969706372199312,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:5768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5240 --field-trial-handle=1884,i,17421694230021170631,7943969706372199312,131072 /prefetch:1
  2⤵
  PID:5288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5736 --field-trial-handle=1884,i,17421694230021170631,7943969706372199312,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6052

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4160

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
7ea5d81648d18d5bd5d4a64b5f91a7c0

SHA1
7477e36d81c94d3f51ef428fddfa11c873ffc6a2

SHA256
3f7a43d68db74329aa0ad0f209c0136992e8fa62948a1df16c6f79491eca6519

SHA512
48e8d36250765a0cebf6aa4057bd487338230cce7888d270c6dd8f0423766fa67ef23e3038e890fa7b7327395d0e28a988d05d7e4a22dfd315eaefbb18a56391

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
8e302c7a857f6fc044cb199cc2785d3f

SHA1
0d13873a3634689b333e2e565744e51838e6ddbe

SHA256
bbc2bc48c0564512199eb46a2a5588ec3ba6a4403ce371f3e330a0add79bad99

SHA512
be28426fe3db555872659aee5c2ac71f8af1af7a5779180e651cd6ca7de89a52fee92a82241d17b0592f405741f328f1632463ab8465fe587f3ed7c1e7d2d565

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
96B

MD5
e6585d72d6e4bfca1d49a7eb8d433729

SHA1
2129a1ad7eebf89d22e2a961f65ca2817802d3f9

SHA256
e334d622d3d401e172620182fa00d4ae39a2b28d01d6acdbbba750dc14977c47

SHA512
3e22789dad2106545dbce0172a35127f24391fd1a8369c0d2b6c62673a20568e76dd01cd562fad697228a8b7497fcbed3237c839219a81ce9cfc64bc0c685ccb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_acrobat.adobe.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_acrobat.adobe.com_0.indexeddb.leveldb\LOG.old

Filesize
396B

MD5
8713640a8cf7231612ab4fd300e74144

SHA1
f232213bb13fa9a014146a95cbcd2072aa7e490a

SHA256
1dac8dada030b4f83263d42efc4d098d58d04144162190d69b76fc5a26bf05c7

SHA512
9422213535a9d1cd6f76bd8dde2f42f65253d252f60157e4f1339edda6e98e1497a4c60df8497ad99dc1fd84901a942441b0d3ef2bbfb11c019ff35e015014bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_acrobat.adobe.com_0.indexeddb.leveldb\LOG.old~RFe5a4d37.TMP

Filesize
351B

MD5
52ab0fa1d261a1342a09e815c25f25a5

SHA1
79f3eca78f3442a2e3c23f238490c91dd67126ca

SHA256
6a9f97100702f3547fe3e3d13d5d60deda9ff736cea64d575cd86285f9f75c00

SHA512
cd4a0e3030d2eba67eed5cd240fa4c4b7acdf44ac013f6e5f6f172e0e4f35044653c0739f272b01c4da318b45e1404585b47d0c98337c643afed4ce99b980d40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_acrobat.adobe.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
ad600430a54d3f8b8d9d8908123e075c

SHA1
f5c45e84ea30bb7a442d94f5832f3b17d691559d

SHA256
7b59c28d87401aa8e0db22861b8f3b9d0c91785f23ad4fd3e75b90c241b78742

SHA512
c0d04aa28c185478a3a521e9942588f7c8f33b66eac4fb742f539323023d66985ee9a646cafe9e7c30092df540187daa41c56977b68f730b23e07983daaf9db0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
18798ee07ae8db33e326c65a4ac386d0

SHA1
9ed5b86a2abe4ebd67ed6f2bbda8d08ba4c0aa0a

SHA256
a6e82364899392e4f97ef252032c0b5f799d2b73ec38d4686b7b09b2bf8d371a

SHA512
5b782661e76f08eef675ecc6a9bd599a54606c52106373ef14b0e3a4a5c206a5cacf1e5a14eece124eb7ed1c3a913b3da052f42b4e2cc8719ef1892e6373061a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
1de15a8cc50acdaa92d55d901a184214

SHA1
74d86e11750e8c3c993eeb25ae61cd585b42199b

SHA256
6f543dfea51a14de6f03c2cd2c4563b9796e8a2503f25dda14be9885122beb31

SHA512
3c29838dbeffbdc4debf907a0302986ffe49d0a8de727da3015c4518aaea1c0d8e1ab6a0525caf3683f1d1d028f7d7ea0d61c82859c6552574dabe9f3da24d13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
15fc25f84ba3cde3febf316bf19ba15a

SHA1
98d070bd842f059a5fd15b1fd9e3bd9a1273e841

SHA256
bad887f546c4e7201a689ce2c2ae6eda54e7a702c932cebd1c110d5fa2d8d189

SHA512
9380f5733725ba829e84c10f68d8a849dd920e3c18e3a1a82376548bfdb4b32e840357ec62e760358d386808f67c6979df15eb51139f31077412fdb4afa02e20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
81c45ab89c02ebc4f6ab2f14bbc7c890

SHA1
83a580c5074324297083da0c3754dd841f92005d

SHA256
6611102e09dd326102845c657a48dacdc9984f9dee9c067c7a348961ff96191d

SHA512
7534f3ece82a2bfeb8f63d141ca125e4b782785bc020cf2e8d8a1136acf15d6d73d84bb40c2ccf7b060b01ac5d2f8cb9e3599d491515310d43d5bca897e433dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
9567066837f6c1809e8fc3c7e4f17270

SHA1
6b8decbb007880af888b6274951c627e849e8ca1

SHA256
4c568eb5f56b90b143cc9aa4ddb2a269a5ba3553de39db1fdc53c46dd1cdeaba

SHA512
a9c05b25a530f1daf7c94a83306130f3f259e4c10e721202cee56c9ddbc98454bea2baba8b4ec20d486e1d8f718120ddb96fe602213a6ef1d3f49e5e928800f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
57f076f25ca145d7330a719549371faf

SHA1
9983f43a73919af25e1491d7a271cc6a314ec135

SHA256
e25a1816acd76b38a79923fac26a2cdb0cda87fc06fd2e718c21ecf28368d8d3

SHA512
06e0cad80a9ede77d3ea406ea2887dff8b88dde9bc6cf98db25c1f31f64166bcd672b4eec9b8a1d877f6983b90628322ddcfab99607f454a6c56d7e064c39133

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
b2befefba4f47a40da7f94e5f1591bc9

SHA1
a6ec41bb3e5047a86595e4259c8fae220adfbe64

SHA256
1434d917ad5e3f2085af69e792efb8cbf71bf4de778d2cda9ac45ae13d489491

SHA512
ba79549d37b1de3ca7682c7a300c92f9dc2636ca4e7c0e2fd1f4f77c8aecc62eba94bfe0e8787017d6c7e1f3cf100db77afda6fd95609cb635d9be5b8429ed44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
3babf69ceb84951ad0d3de52c7ad40e5

SHA1
3ca683cc4320732425f52521c337250f02c1b7ca

SHA256
071f3ce16427ca965e437e19d90250d74ac1b10ed1551492b495370ad36d3941

SHA512
60c3e243ff81d4a6cd79a0b9cd6ebcaf7bdc1401902b8c25209a5debd9f4d2dc6662aa84012d804a2f225540fc7ef87df8438447ef819e8f7e9527724832e1dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f8d953702dc79ba06ac751158bdf1986

SHA1
c74f76e0456e08a46ef05cdd4069d56b9ce7d182

SHA256
86cc5692a35290a4a858dfd6018aa087909189c27494f80a049a999f6c22e773

SHA512
e5dab520c18675ddd7b97c9979b6e58dcef9476ea83cb2f3d542ce57d9aabbf39f473335b8fc23aba7a3c3a6c538cfac455ce69d6304adebbc697d4bfd57e529

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\7b539bde8ca0807396a791d6ee4db1189d0e5380\9b7f9678-00c3-4fe6-9aa7-be863b5d371d\index-dir\the-real-index

Filesize
72B

MD5
5351147275bc48f6447d3fb3ba903b2d

SHA1
cb21a0e53caca4d4c097039f894fd0d1b2ef1f7d

SHA256
e431ced6e4459575ab1b3dc307836120c52dd7933ea76ca3b865c526cab49f13

SHA512
1ba8c4a94648efe337bdaf1cfb0c32abf5878e29aeb149efb3a936b911f607c351ada0c4555e2d69351c17364d7303b70eeb78d1ef372defa31582b873593ebe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\7b539bde8ca0807396a791d6ee4db1189d0e5380\9b7f9678-00c3-4fe6-9aa7-be863b5d371d\index-dir\the-real-index~RFe57dfc1.TMP

Filesize
48B

MD5
28cf5c5abd2dfceb36ea9ba721f16ca2

SHA1
b75dcfe42182d6f66a5d73ce53290153ac153c45

SHA256
8ed555f20f96bbc5468b0273f32c2e0140e25a58e2974fd76b3f762105da200a

SHA512
0d1d12f5bcc14801d176de56caec53b229b2b6abb3e2f66d831a986397a239966df10038b368553ad5dd2e677d7e9d6c40dff35a27f03e0811c136b03e7c125d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\7b539bde8ca0807396a791d6ee4db1189d0e5380\index.txt

Filesize
155B

MD5
14567f4e149873fe62ce01813c36e22f

SHA1
af2c0446b5698208d54a8c1aca0e334336f329ee

SHA256
c2da993cb675762064ef8cad134a9b2aaa3620ff733e2edc1c5b5f5b3dbfd58f

SHA512
f1355318b38eb7a8e010a198c4636e6f59972c059aec0c6ac9facef4d20290534fbbb7db64a0cc72f2dc3f3caadbe004749078671f9a4aadd1d7e6cd12deba32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\7b539bde8ca0807396a791d6ee4db1189d0e5380\index.txt~RFe57dff0.TMP

Filesize
161B

MD5
c33b5d3d765a7a7a907bdff2d0bfec31

SHA1
5eb284a6e8788f0ec428cc4fa0501358f88dd5eb

SHA256
911892138da72ce5bdae2a78c290c733a24561ef68278551a36131775298a837

SHA512
e0db0f6f1de7cc8d33c4a9cffc73fd643b36744e76854092dc8a3c3eeda950ef31a0d5457418311680339295b52d5cc6d889b235e589db8752e7f578a28625a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
e4990c026c07c3ec7e86c6bc218ad5af

SHA1
cbe83622dca4c671cefde06eb4e8c998139245f7

SHA256
36a64fc68aec179b1688b07f0ed340193bd9e31d83fbaf30371ae6f76aa2af20

SHA512
fead0b7696128b28ed23797762014c2080d80c5655e26fc10a911509dc62d1ddfb4446bb69896e583b4a98c686327c736c6a16a374ef4ae951ee116c640c5999

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57de2b.TMP

Filesize
48B

MD5
e136eb087c38a355469b06583abe2d90

SHA1
120592d7805ee5c66e3db2c63a067690258c5635

SHA256
1dee85d032746a3deac7abf0570b960d902a6bc0362c153994031866391c239c

SHA512
1357ec95760737df8cc2c8bf78d90f25a35fbd45917acac064941d6b8b1f6ccbc4f4d3dbaa616027511e5437c4059fd74505622b9ffe3016cc6f8355263cdfab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
caa95c69a056f4badb130fa2ce8237ce

SHA1
cc7ba403ed293beeafc317d7cb2cda6f702e4e2f

SHA256
32f27449f9328ca5d2c36384d32e684bd7f0b5223ee29eefdc068b7b5ed0d6fa

SHA512
d02bf304980e8979ebb802cf0e1e111bb600cf50023194b6ed5ad823edadb406cb2eacabe5af212991060d3667b5c10ce55e7c643bd7955fc6ea71974e2768b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
8a3e879944dfa4f5cbc491747a78b5e2

SHA1
3f5b2f17e64c064b48f7aa8407f5d6a50c907241

SHA256
4263df74d871998dc7c71ea7d9b415562cb454737af8e987661055be33f54a76

SHA512
793aa7f1a6d014e9a2416269e80e663abf6eeff5553b8ceb163499d2b145cfe454288d49350f016bc392a796f14d5b735d085c51d48c593e65b6e68411a44b4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit