hxxps://postoffice[.]adobe[.]com/po-server/link/redirect?target=eyJhbGciOiJIUzUxMiJ9[.]eyJ0ZW1wbGF0ZSI6ImNjX2NvbGxhYl9kY3NoYXJpbmdfdmlld19lbWFpbCIsImVtYWlsQWRkcmVzcyI6InJvZG5leS50b3dubnNlbmRAZ21haWwuY29tIiwicmVxdWVzdElkIjoiNjhiNjQ1ZDYtYzRhYi00ZWUyLTcyNzMtMTYyY2NkYWY4Yzk4IiwibGluayI6Imh0dHBzOi8vYWNyb2JhdC5hZG9iZS5jb20vaWQvdXJuOmFhaWQ6c2M6VkE2QzI6NzBlMjdjMzktYzE1Ni00MjkxLWE3ZTMtNTExMjQ5NjFiYWExIiwibGFiZWwiOiIxMCIsImxvY2FsZSI6ImVuX1VTIn0[.]gYux9D0q6EaVmO59ms-GeeRhe541OC6360AXu1FZOyZNpe9QG41EZb7-GGlSmxwtkh2QQpuUiJvJBYU-SzMEfw

Analysis

max time kernel
330s
max time network
335s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
19-03-2024 01:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://postoffice.adobe.com/po-server/link/redirect?target=eyJhbGciOiJIUzUxMiJ9.eyJ0ZW1wbGF0ZSI6ImNjX2NvbGxhYl9kY3NoYXJpbmdfdmlld19lbWFpbCIsImVtYWlsQWRkcmVzcyI6InJvZG5leS50b3dubnNlbmRAZ21haWwuY29tIiwicmVxdWVzdElkIjoiNjhiNjQ1ZDYtYzRhYi00ZWUyLTcyNzMtMTYyY2NkYWY4Yzk4IiwibGluayI6Imh0dHBzOi8vYWNyb2JhdC5hZG9iZS5jb20vaWQvdXJuOmFhaWQ6c2M6VkE2QzI6NzBlMjdjMzktYzE1Ni00MjkxLWE3ZTMtNTExMjQ5NjFiYWExIiwibGFiZWwiOiIxMCIsImxvY2FsZSI6ImVuX1VTIn0.gYux9D0q6EaVmO59ms-GeeRhe541OC6360AXu1FZOyZNpe9QG41EZb7-GGlSmxwtkh2QQpuUiJvJBYU-SzMEfw

Score

10^/10

adobe phishing

Malware Config

Signatures

Detected adobe phishing page
phishing adobe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133552870555762888"	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-513485977-2495024337-1260977654-1000\{F2E64970-63BB-4072-8C9B-2AF70118F478}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

3416 chrome.exe
3416 chrome.exe
5740 chrome.exe
5740 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

chrome.exe

pid process

3416 chrome.exe
3416 chrome.exe
3416 chrome.exe
3416 chrome.exe
3416 chrome.exe
3416 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe
Token: SeShutdownPrivilege	3416	chrome.exe
Token: SeCreatePagefilePrivilege	3416	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe
3416	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3416 wrote to memory of 2588	3416	chrome.exe	chrome.exe
PID 3416 wrote to memory of 2588	3416	chrome.exe	chrome.exe
PID 3416 wrote to memory of 2104	3416	chrome.exe	chrome.exe
PID 3416 wrote to memory of 2104	3416	chrome.exe	chrome.exe
PID 3416 wrote to memory of 2104	3416	chrome.exe	chrome.exe
PID 3416 wrote to memory of 2104	3416	chrome.exe	chrome.exe
PID 3416 wrote to memory of 2104	3416	chrome.exe	chrome.exe
PID 3416 wrote to memory of 2104	3416	chrome.exe	chrome.exe
PID 3416 wrote to memory of 2104	3416	chrome.exe	chrome.exe
PID 3416 wrote to memory of 2104	3416	chrome.exe	chrome.exe
PID 3416 wrote to memory of 2104	3416	chrome.exe	chrome.exe
PID 3416 wrote to memory of 2104	3416	chrome.exe	chrome.exe
PID 3416 wrote to memory of 2104	3416	chrome.exe	chrome.exe
PID 3416 wrote to memory of 2104	3416	chrome.exe	chrome.exe
PID 3416 wrote to memory of 2104	3416	chrome.exe	chrome.exe
PID 3416 wrote to memory of 2104	3416	chrome.exe	chrome.exe
PID 3416 wrote to memory of 2104	3416	chrome.exe	chrome.exe
PID 3416 wrote to memory of 2104	3416	chrome.exe	chrome.exe
PID 3416 wrote to memory of 2104	3416	chrome.exe	chrome.exe
PID 3416 wrote to memory of 2104	3416	chrome.exe	chrome.exe
PID 3416 wrote to memory of 2104	3416	chrome.exe	chrome.exe
PID 3416 wrote to memory of 2104	3416	chrome.exe	chrome.exe
PID 3416 wrote to memory of 2104	3416	chrome.exe	chrome.exe
PID 3416 wrote to memory of 2104	3416	chrome.exe	chrome.exe
PID 3416 wrote to memory of 2104	3416	chrome.exe	chrome.exe
PID 3416 wrote to memory of 2104	3416	chrome.exe	chrome.exe
PID 3416 wrote to memory of 2104	3416	chrome.exe	chrome.exe
PID 3416 wrote to memory of 2104	3416	chrome.exe	chrome.exe
PID 3416 wrote to memory of 2104	3416	chrome.exe	chrome.exe
PID 3416 wrote to memory of 2104	3416	chrome.exe	chrome.exe
PID 3416 wrote to memory of 2104	3416	chrome.exe	chrome.exe
PID 3416 wrote to memory of 2104	3416	chrome.exe	chrome.exe
PID 3416 wrote to memory of 2104	3416	chrome.exe	chrome.exe
PID 3416 wrote to memory of 2104	3416	chrome.exe	chrome.exe
PID 3416 wrote to memory of 2104	3416	chrome.exe	chrome.exe
PID 3416 wrote to memory of 2104	3416	chrome.exe	chrome.exe
PID 3416 wrote to memory of 2104	3416	chrome.exe	chrome.exe
PID 3416 wrote to memory of 2104	3416	chrome.exe	chrome.exe
PID 3416 wrote to memory of 2104	3416	chrome.exe	chrome.exe
PID 3416 wrote to memory of 2104	3416	chrome.exe	chrome.exe
PID 3416 wrote to memory of 2520	3416	chrome.exe	chrome.exe
PID 3416 wrote to memory of 2520	3416	chrome.exe	chrome.exe
PID 3416 wrote to memory of 3712	3416	chrome.exe	chrome.exe
PID 3416 wrote to memory of 3712	3416	chrome.exe	chrome.exe
PID 3416 wrote to memory of 3712	3416	chrome.exe	chrome.exe
PID 3416 wrote to memory of 3712	3416	chrome.exe	chrome.exe
PID 3416 wrote to memory of 3712	3416	chrome.exe	chrome.exe
PID 3416 wrote to memory of 3712	3416	chrome.exe	chrome.exe
PID 3416 wrote to memory of 3712	3416	chrome.exe	chrome.exe
PID 3416 wrote to memory of 3712	3416	chrome.exe	chrome.exe
PID 3416 wrote to memory of 3712	3416	chrome.exe	chrome.exe
PID 3416 wrote to memory of 3712	3416	chrome.exe	chrome.exe
PID 3416 wrote to memory of 3712	3416	chrome.exe	chrome.exe
PID 3416 wrote to memory of 3712	3416	chrome.exe	chrome.exe
PID 3416 wrote to memory of 3712	3416	chrome.exe	chrome.exe
PID 3416 wrote to memory of 3712	3416	chrome.exe	chrome.exe
PID 3416 wrote to memory of 3712	3416	chrome.exe	chrome.exe
PID 3416 wrote to memory of 3712	3416	chrome.exe	chrome.exe
PID 3416 wrote to memory of 3712	3416	chrome.exe	chrome.exe
PID 3416 wrote to memory of 3712	3416	chrome.exe	chrome.exe
PID 3416 wrote to memory of 3712	3416	chrome.exe	chrome.exe
PID 3416 wrote to memory of 3712	3416	chrome.exe	chrome.exe
PID 3416 wrote to memory of 3712	3416	chrome.exe	chrome.exe
PID 3416 wrote to memory of 3712	3416	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://postoffice.adobe.com/po-server/link/redirect?target=eyJhbGciOiJIUzUxMiJ9.eyJ0ZW1wbGF0ZSI6ImNjX2NvbGxhYl9kY3NoYXJpbmdfdmlld19lbWFpbCIsImVtYWlsQWRkcmVzcyI6InJvZG5leS50b3dubnNlbmRAZ21haWwuY29tIiwicmVxdWVzdElkIjoiNjhiNjQ1ZDYtYzRhYi00ZWUyLTcyNzMtMTYyY2NkYWY4Yzk4IiwibGluayI6Imh0dHBzOi8vYWNyb2JhdC5hZG9iZS5jb20vaWQvdXJuOmFhaWQ6c2M6VkE2QzI6NzBlMjdjMzktYzE1Ni00MjkxLWE3ZTMtNTExMjQ5NjFiYWExIiwibGFiZWwiOiIxMCIsImxvY2FsZSI6ImVuX1VTIn0.gYux9D0q6EaVmO59ms-GeeRhe541OC6360AXu1FZOyZNpe9QG41EZb7-GGlSmxwtkh2QQpuUiJvJBYU-SzMEfw
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3416

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8593a9758,0x7ff8593a9768,0x7ff8593a9778
2⤵
PID:2588

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 --field-trial-handle=1880,i,14404058363138866829,5519410770845277180,131072 /prefetch:2
2⤵
PID:2104

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1880,i,14404058363138866829,5519410770845277180,131072 /prefetch:8
2⤵
PID:2520

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1880,i,14404058363138866829,5519410770845277180,131072 /prefetch:8
2⤵
PID:3712

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2752 --field-trial-handle=1880,i,14404058363138866829,5519410770845277180,131072 /prefetch:1
2⤵
PID:2792

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2760 --field-trial-handle=1880,i,14404058363138866829,5519410770845277180,131072 /prefetch:1
2⤵
PID:4328

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=5084 --field-trial-handle=1880,i,14404058363138866829,5519410770845277180,131072 /prefetch:1
2⤵
PID:864

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 --field-trial-handle=1880,i,14404058363138866829,5519410770845277180,131072 /prefetch:8
2⤵
PID:760

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2920 --field-trial-handle=1880,i,14404058363138866829,5519410770845277180,131072 /prefetch:8
2⤵
PID:220

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4824 --field-trial-handle=1880,i,14404058363138866829,5519410770845277180,131072 /prefetch:1
2⤵
PID:4072

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4936 --field-trial-handle=1880,i,14404058363138866829,5519410770845277180,131072 /prefetch:8
2⤵
PID:440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4892 --field-trial-handle=1880,i,14404058363138866829,5519410770845277180,131072 /prefetch:8
2⤵
- Modifies registry class
PID:4428

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4672 --field-trial-handle=1880,i,14404058363138866829,5519410770845277180,131072 /prefetch:1
2⤵
PID:5708

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3824 --field-trial-handle=1880,i,14404058363138866829,5519410770845277180,131072 /prefetch:1
2⤵
PID:6128

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4036 --field-trial-handle=1880,i,14404058363138866829,5519410770845277180,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5740

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4544

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\7e7e5152-3ebe-4c28-990a-9c7a915fa6dd.tmp
Filesize
128KB

MD5
ef703ee0a3c5ee74915a844e5d685645

SHA1
68b5714092bb66d224f3f1a52084b94c65ce4bfe

SHA256
d508b9413e47a665865b543f1c2b364aa478094a009d332ff290160c00874d32

SHA512
d25cdfc0c093cbbc8788c72b46c2a9fd55992c4ccd92b7a6058e7325080e928001115d8bb6f2e5b1d537df0c5025e17dec291c43cb8459f3d1db03723424df6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
864B

MD5
c8a74d16dc673f8023cdc7d707b60dea

SHA1
72ed517a25d88791133b4e9a7c7b850085cbc046

SHA256
753f70bd3332d20c0fd403f74d594ae96d90371e670f3488fe0f2102f433f53c

SHA512
7a98c29e0ac7805c196b25cbd73177c9e9a89b48dd5986bf2e8754773f9dc97ffac852fe9922fe3ea04289a69676590c32baa796edc15d0af9045fc8bee3c25c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
2f387fc7a5eda8cba9fb39e3df0d84cb

SHA1
0bb5ea1bf6459e984ade058c94e4b10c824e2633

SHA256
68ca88fa8bc20df4279d0bed0a035cf1f3aaa8d354e5cf0f6588764fc18f6b81

SHA512
9bc690ae9ffc1607c49e137407a65658ba431fbe94a520f119635cf20dc9675272e31360897f92fbab0eff9fbbe89791da438dae5c11a3358cacb6158c438aa5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
752652f079e90f4624c11521781cc2fd

SHA1
1983c4857403624a4bf96c84c94d475874f124d1

SHA256
4a8cdc2c90514e6e3823294890efd3a862f1881950a299dfab308747efe68bb9

SHA512
fdd6e51207b4685566e018991b27f8c5d8b546bcca0be1f36787f3aa09b94a82f17c898a04381a98c103bfb4c053515381417dc5119989a0d9716040b37e23dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
177a70b3e620411d0eded7ab309a666b

SHA1
a9e7d9efc52daa3f8719c7fa7bbb4c4bdd774e05

SHA256
b7076d3777ca6324a9faa37da4c34d7efa75581e663806df88a065de9f943414

SHA512
af80fd4e6c4e98b38ba0fe4037ec175e1f5a1b57ebdd9fba4bf31b0dd7520fce991562d47875323eee21bd6eedd6d8c1ad776947a7f926f43beee710e915dc87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
18c3482577d462dc422601ebb68efa4f

SHA1
a2794b5ae59c1497e392ca25ded1f4a33b9417a5

SHA256
3da50f3b732aca3939df44840e023930fbc2d3ec8995a126b036767f9018412b

SHA512
0a280ae8fc7633e5dd19ddd5d0fc8d4576568199c9207ed6861a6332d2c7cf5258587b74365413bfe6bb7d085ea2dd2be4e81284549248b98317c0946ae881cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
47d62bff1c6702f1a71d75359c7cb799

SHA1
d3f070bde2ee13de7dae2576e2deac4698b035f3

SHA256
bc3d58b3b930f6829c7d61b73e831b154ac5242ec32d74e87c773829992b6e2a

SHA512
f77a25638e6845c22e7702e333347abf2697abcf5b05c02e6843242115dfd9ade08ae8f87af88240c6fdf657760b02f325a85a4d07414c5c85b4f52e37959e32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
8b6e89d90c5c2f53f34e13e48a6746eb

SHA1
0216a6b6bea15621a1cb09702cf4ec3fa2079ebf

SHA256
2c444c768e78b56473e7194d7fe83408f62bb3d96cd9be4f7d9111394f3e9fb2

SHA512
d512a63a92d64bdc2831fa0e9f19424fd6db659b2edaffba21167c0ffd96dc3f3261b732137b3cb22d38bf17be2a041f5e12a4d822b36cb10080320a63133fc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
b435fe2f097814b515c4e097ac25207e

SHA1
b02725154c41c3a64c1607b835e136ab956c0d1c

SHA256
f3781246a770142d129c11d54cb28706dd6d33f4960f157e7a47f88b75c6c51f

SHA512
ee46f7da5f18f3f6d3801d521750b0dcd4977295836599464d7de3df3d0c346b2fd266438079d102930e8c05185a908b387adffdd02ccfe54d1b14c86f537089

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
5f917ad954e75cc8c85294122b344f55

SHA1
f8a74efbbe52bd6f11ffa8e3b3285dc59d71a718

SHA256
70762276e48d2c0b6c7471285c300d8f47ef1ac9097335006760368915d5f0bd

SHA512
bec3b0a4b49dcb4fabeab76efa05f6b948b39620572364084c2890bd94b2f6682f15bbd5e4ba350652c6f09f2b8e6ca1faeedc228628ab5febb4be19cfabfea7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
c974335a738888cc64b9ee3ee7acc524

SHA1
28afd5f46bd77b224bf743392997fa2bed0d6be9

SHA256
124212b4d268fa3e95b969b3da73887c89fb1842b8c09af620a823428616b2c4

SHA512
c165de6791e3decdba4298281cfda48cfcf2b273fb21895dfa27780656508d70f9719830738fcbf59d4178dc11fba0b586c0d589869826db30bf49c1acaae349

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
ded94394bc7a9f302bcc2fe750f31658

SHA1
190595927b8e3458a0f7fa529e664e492e57199d

SHA256
bfb591610bc710ffa9eebc614303ac0c5a1d40a5004bd55d7cf4e104be8694f2

SHA512
613d875496f7200bf0f716f2560d2124dd89b1315a1a525f2df93459468b40d33bb69a23ebc326cbb0f3128594753846eea8bf9205f4923a25abbe31ab492027

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
2729b7af26379f8bfcc659c1e541cefb

SHA1
5f1c1f84aed48ab3f178248cb12aa46a90d8b2c5

SHA256
cf815d07a19d7c38a43934e8a1b911b141148cc0e6c5655570cf5fd0dc503e28

SHA512
411eba7cffe407a2556d750de6bc89456f06cef5b23ecf6e3167a1065825c566c1d594f24859920d70d638dbe7bbe0989a3d06247396f948503f8f21a9d1843d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
105KB

MD5
7a02e382cd811bab02fec8d5d84ab5e5

SHA1
b41555150b64784d41102602bbe7579373abfc73

SHA256
97526403a87797401bf96ac6b5d84ecd8cf6100aa4e5ca3b86a29a97f52cdaa5

SHA512
3fa17e4f80d4f683c31da95ff5163abaf2303713ba3b2ae12418c2db85443ef7ae2ed3fd3ec9eadafea7d48fa68b0d341b8e22c1392b89bfdab119964a451837

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe580683.TMP
Filesize
97KB

MD5
e7c9f3d9523ad3315d2400c7030e31b2

SHA1
a32b7ac1f98b8587838de71564cdb18cf8dbb6ea

SHA256
52d687d5a4cb58812010dadde3c005f37511773a3dfe6fe7a0d31c56227cb07d

SHA512
c58edfce199c7cb5cc09ed3287de37860febdda5a88e00efcd7e272f38f5bad8b5ed28d4ad6deae7e9f9da780652eff04a32cddcde44188711f085b1330094f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\crashpad_3416_ICZDPPTZPLAWXSKY
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit