hxxps://we[.]tl/t-xanGKkU5oF

Analysis

max time kernel
66s
max time network
75s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
11/04/2024, 13:45

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://we.tl/t-xanGKkU5oF

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-81807878-2351072935-4259904108-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133573167485975711"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-81807878-2351072935-4259904108-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1596	chrome.exe
1596	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: 33	3012	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3012	AUDIODG.EXE
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe
Token: SeShutdownPrivilege	1596	chrome.exe
Token: SeCreatePagefilePrivilege	1596	chrome.exe

Suspicious use of FindShellTrayWindow 43 IoCs

pid	Process
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1920	AcroRd32.exe
1596	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe
1596	chrome.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
1920	AcroRd32.exe
1920	AcroRd32.exe
1920	AcroRd32.exe
1920	AcroRd32.exe
1920	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1596 wrote to memory of 1724	1596	chrome.exe	72
PID 1596 wrote to memory of 1724	1596	chrome.exe	72
PID 1596 wrote to memory of 3096	1596	chrome.exe	74
PID 1596 wrote to memory of 3096	1596	chrome.exe	74
PID 1596 wrote to memory of 3096	1596	chrome.exe	74
PID 1596 wrote to memory of 3096	1596	chrome.exe	74
PID 1596 wrote to memory of 3096	1596	chrome.exe	74
PID 1596 wrote to memory of 3096	1596	chrome.exe	74
PID 1596 wrote to memory of 3096	1596	chrome.exe	74
PID 1596 wrote to memory of 3096	1596	chrome.exe	74
PID 1596 wrote to memory of 3096	1596	chrome.exe	74
PID 1596 wrote to memory of 3096	1596	chrome.exe	74
PID 1596 wrote to memory of 3096	1596	chrome.exe	74
PID 1596 wrote to memory of 3096	1596	chrome.exe	74
PID 1596 wrote to memory of 3096	1596	chrome.exe	74
PID 1596 wrote to memory of 3096	1596	chrome.exe	74
PID 1596 wrote to memory of 3096	1596	chrome.exe	74
PID 1596 wrote to memory of 3096	1596	chrome.exe	74
PID 1596 wrote to memory of 3096	1596	chrome.exe	74
PID 1596 wrote to memory of 3096	1596	chrome.exe	74
PID 1596 wrote to memory of 3096	1596	chrome.exe	74
PID 1596 wrote to memory of 3096	1596	chrome.exe	74
PID 1596 wrote to memory of 3096	1596	chrome.exe	74
PID 1596 wrote to memory of 3096	1596	chrome.exe	74
PID 1596 wrote to memory of 3096	1596	chrome.exe	74
PID 1596 wrote to memory of 3096	1596	chrome.exe	74
PID 1596 wrote to memory of 3096	1596	chrome.exe	74
PID 1596 wrote to memory of 3096	1596	chrome.exe	74
PID 1596 wrote to memory of 3096	1596	chrome.exe	74
PID 1596 wrote to memory of 3096	1596	chrome.exe	74
PID 1596 wrote to memory of 3096	1596	chrome.exe	74
PID 1596 wrote to memory of 3096	1596	chrome.exe	74
PID 1596 wrote to memory of 3096	1596	chrome.exe	74
PID 1596 wrote to memory of 3096	1596	chrome.exe	74
PID 1596 wrote to memory of 3096	1596	chrome.exe	74
PID 1596 wrote to memory of 3096	1596	chrome.exe	74
PID 1596 wrote to memory of 3096	1596	chrome.exe	74
PID 1596 wrote to memory of 3096	1596	chrome.exe	74
PID 1596 wrote to memory of 3096	1596	chrome.exe	74
PID 1596 wrote to memory of 3096	1596	chrome.exe	74
PID 1596 wrote to memory of 192	1596	chrome.exe	75
PID 1596 wrote to memory of 192	1596	chrome.exe	75
PID 1596 wrote to memory of 820	1596	chrome.exe	76
PID 1596 wrote to memory of 820	1596	chrome.exe	76
PID 1596 wrote to memory of 820	1596	chrome.exe	76
PID 1596 wrote to memory of 820	1596	chrome.exe	76
PID 1596 wrote to memory of 820	1596	chrome.exe	76
PID 1596 wrote to memory of 820	1596	chrome.exe	76
PID 1596 wrote to memory of 820	1596	chrome.exe	76
PID 1596 wrote to memory of 820	1596	chrome.exe	76
PID 1596 wrote to memory of 820	1596	chrome.exe	76
PID 1596 wrote to memory of 820	1596	chrome.exe	76
PID 1596 wrote to memory of 820	1596	chrome.exe	76
PID 1596 wrote to memory of 820	1596	chrome.exe	76
PID 1596 wrote to memory of 820	1596	chrome.exe	76
PID 1596 wrote to memory of 820	1596	chrome.exe	76
PID 1596 wrote to memory of 820	1596	chrome.exe	76
PID 1596 wrote to memory of 820	1596	chrome.exe	76
PID 1596 wrote to memory of 820	1596	chrome.exe	76
PID 1596 wrote to memory of 820	1596	chrome.exe	76
PID 1596 wrote to memory of 820	1596	chrome.exe	76
PID 1596 wrote to memory of 820	1596	chrome.exe	76
PID 1596 wrote to memory of 820	1596	chrome.exe	76
PID 1596 wrote to memory of 820	1596	chrome.exe	76

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://we.tl/t-xanGKkU5oF
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffed3ce9758,0x7ffed3ce9768,0x7ffed3ce9778
  2⤵
  PID:1724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1556 --field-trial-handle=1728,i,14479273933698499076,1504483420977762873,131072 /prefetch:2
  2⤵
  PID:3096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1996 --field-trial-handle=1728,i,14479273933698499076,1504483420977762873,131072 /prefetch:8
  2⤵
  PID:192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2076 --field-trial-handle=1728,i,14479273933698499076,1504483420977762873,131072 /prefetch:8
  2⤵
  PID:820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2872 --field-trial-handle=1728,i,14479273933698499076,1504483420977762873,131072 /prefetch:1
  2⤵
  PID:928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2880 --field-trial-handle=1728,i,14479273933698499076,1504483420977762873,131072 /prefetch:1
  2⤵
  PID:1360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4708 --field-trial-handle=1728,i,14479273933698499076,1504483420977762873,131072 /prefetch:1
  2⤵
  PID:2356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3112 --field-trial-handle=1728,i,14479273933698499076,1504483420977762873,131072 /prefetch:8
  2⤵
  PID:2788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 --field-trial-handle=1728,i,14479273933698499076,1504483420977762873,131072 /prefetch:8
  2⤵
  PID:4592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3084 --field-trial-handle=1728,i,14479273933698499076,1504483420977762873,131072 /prefetch:8
  2⤵
  PID:4276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5040 --field-trial-handle=1728,i,14479273933698499076,1504483420977762873,131072 /prefetch:8
  2⤵
  PID:5080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5864 --field-trial-handle=1728,i,14479273933698499076,1504483420977762873,131072 /prefetch:8
  2⤵
  PID:5040

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4920

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x320
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3012

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1736

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_ziegler-branderhorst_zb_267_huisvantenpost_vo_20240411-standard_2024-04-11_1052.zip\ZB_267_HuisTenPost_VO_20240411.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:1920
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  PID:3616
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=5DA13E7859BCD91E0D1695C6B57F0AC6 --mojo-platform-channel-handle=1636 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:196
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=DC9DF10A97D27379A00CB1AEC7CD8472 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=DC9DF10A97D27379A00CB1AEC7CD8472 --renderer-client-id=2 --mojo-platform-channel-handle=1628 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:3700
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=DE334137DE7ABF12B979E69B5E9DF082 --mojo-platform-channel-handle=2240 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:992

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_ziegler-branderhorst_zb_267_huisvantenpost_vo_20240411-standard_2024-04-11_1052.zip\ZB_267_HuisvanTenPost_VO_20240411 - Standard\ZB_267_HuisvanTenPost_VO_20240411.txt
1⤵
PID:1384

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\82f118a9-6c15-4d61-8941-eb1c271840f8.tmp

Filesize
5KB

MD5
06dc5104aa37db724e5ac518936cbc27

SHA1
2dc5434d3113da2ceca448cadbb1703aaa74290c

SHA256
d59766d61d1fb6d1982297ca6696355a32ac800cccd8e2e1484bb762fd85eb41

SHA512
4e30058d2a0a9564a6e3676e5740177a8b3669e72691125cda16196f3bdc4c4a4fbd8ac26748e57f2d58f17c5daa3f4765132a86e8ea3d6a55f9c629de40cc96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
840B

MD5
ea83597a88ec1900c4753d98240dde2f

SHA1
7af8ae83cfc9aeaefafc0f988facf5675c2d886e

SHA256
72008f169a7144073c5eead736fd7baf629d6b0fe6e7868fbb98112df1f5e617

SHA512
d49791ec5d2d23f0eb912c3c3a53f36121db4b845ba5fa217ea7810993e90b28bcb23d79cd463bfdaee244e2fbd4473f2d92ccc1bdbf3dceacbf599318dfc258

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
0aa7b2f5e5d4a20da2d3e1b12f37b84c

SHA1
d3ce1c27a7b32fc4be26786c5613340bcf7a4714

SHA256
71caa521205a5d40eb3b6f8eab70a308cb1b9570617dc9a76d26a655b3074d74

SHA512
c121917e7db63ec8cb71f1275ca0678d111004b44ce9485d5cf21c2a92c606cd5f0a06e9ae4b7b78ff6eb8e342ab95c2eca9d70650941fb5c178d929444bf11e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
d89471b487c81a21044fbc85a4fd8a3b

SHA1
6c922a636568f9f0e5987b67fc70f27658e66667

SHA256
8a49b540e4184682d9c5b932fdf74346241a0f79c17c7c2739fff98f06c110e4

SHA512
db4405e8609dbf569dc05e05b77e9a9803a35e61ef5273853cc797272cbe281164616d18529270135614670b42dd3dfc2b55b412ad681cf66be24cfd3148973f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
89404665402eae0d34b78d7d3fa9561e

SHA1
6870f104eab295774250b6fc8ea10a6095e4f376

SHA256
5e92ef4094d067841bab0522aa64a4a995c84ceb5539002b959592ec4c676c35

SHA512
d29bc93b54ef4096365fff4b774f68dd94e9867cb8bfc265293b73f7a81aee70bc9a8fadfd44eee34ac1458a07bd6d5c02440f492a685109eb15fbe301dd8e26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
385ce0b33dc7f0587b1f76a90446d5fa

SHA1
2cbe8e4e9748564365f56800fd8e41997e480bbf

SHA256
79603f3dd993e8bf3562d6f6e04025427f62ac1beaa6eeb49040cdc09208b4fe

SHA512
39a7fef03b75a94000098e8aeb390bd7481d572e8f16418c69f5cce53533cca7e95a5d66b09fb61465cf4ad6801bcf1ca30f4fd5a248452bff4943845f12a8d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
3ced0025ae941f2b0d7da0462b3a138b

SHA1
3092fa12723c63dc119ea618f3d352388851cfed

SHA256
2ad94ac4681e293a3743e4623bca1453d1a820cc455cb4b09b73c1f556e901da

SHA512
3059c1a1a3b00d46b01951ed8656850c1fd5cef29d69cfe0329008ca17d63bb5f3d45364aef80870e702a40124c2e9a42362c6ee24c0ba64ba612e9c7776a897

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0d2e81a37e7f4ae490d8caa693fa1b7f

SHA1
b506df6fdf40b3997a47e439210291b15f89b588

SHA256
80da9b2d3929aa0d08df71bd2f71827afdbaeb74fe9d96c6c8f98243a9b02d37

SHA512
9f2d6214d7cec264f8d49caa0c674573e73a47302cb8a290e1a3571f310038f924019bb7e790af906e949940b449d22fa546d4d71d67ef7531a09b7813f6be6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
878e8e03cddea4f3f6abe4068e5ba837

SHA1
5641436b235d57af750e51999ff43bdc2a5261e8

SHA256
c2bf85cbe6a56be4088b3d6b3a1734725905520502a5bd1113e1708c32085262

SHA512
262a81dec210046c2c0591e8e0700264ff95200233b5ca8bbeab49b8f5b4391a8868d8a6e75f82fe4f14992334d0a6a33d7d071f4f4d2240516228f5f8bce228

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\ziegler-branderhorst_zb_267_huisvantenpost_vo_20240411-standard_2024-04-11_1052.zip

Filesize
50.2MB

MD5
8c0bf9b7d652cccb6b0b9b80071fc3ba

SHA1
69c1c8aa5b449579ae3c29407841bf72e15efc74

SHA256
a734473dcdfb368ac8ff9c0ccb684e6829cf0b5136f653ec334537c1c2c001d2

SHA512
7b94aec34ca4fa6a7ddb7a17c6e7ee69506799d0c267b634c819460ff51f42b277e658726853350440fb6d1f35d998b4877d67c7efe323df87cffb7591435ac0

Download Submit