hxxps://acrobat[.]adobe[.]com/id/urn[:]aaid[:]sc[:]EU[:]c0f4b3d2-63a9-4d6b-8003-7847caec5548

Resubmissions

22/04/2024, 15:16

240422-snk8tach31 1

22/04/2024, 15:13

240422-sl1kqacf43 1

Analysis

max time kernel
154s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
22/04/2024, 15:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://acrobat.adobe.com/id/urn:aaid:sc:EU:c0f4b3d2-63a9-4d6b-8003-7847caec5548

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133582726021756662"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-259785868-298165991-4178590326-1000\{01733531-EE44-462D-9B25-8176F0BD221E}	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
3596	chrome.exe
3596	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4656 wrote to memory of 3092	4656	chrome.exe	88
PID 4656 wrote to memory of 3092	4656	chrome.exe	88
PID 4656 wrote to memory of 4372	4656	chrome.exe	92
PID 4656 wrote to memory of 4372	4656	chrome.exe	92
PID 4656 wrote to memory of 4372	4656	chrome.exe	92
PID 4656 wrote to memory of 4372	4656	chrome.exe	92
PID 4656 wrote to memory of 4372	4656	chrome.exe	92
PID 4656 wrote to memory of 4372	4656	chrome.exe	92
PID 4656 wrote to memory of 4372	4656	chrome.exe	92
PID 4656 wrote to memory of 4372	4656	chrome.exe	92
PID 4656 wrote to memory of 4372	4656	chrome.exe	92
PID 4656 wrote to memory of 4372	4656	chrome.exe	92
PID 4656 wrote to memory of 4372	4656	chrome.exe	92
PID 4656 wrote to memory of 4372	4656	chrome.exe	92
PID 4656 wrote to memory of 4372	4656	chrome.exe	92
PID 4656 wrote to memory of 4372	4656	chrome.exe	92
PID 4656 wrote to memory of 4372	4656	chrome.exe	92
PID 4656 wrote to memory of 4372	4656	chrome.exe	92
PID 4656 wrote to memory of 4372	4656	chrome.exe	92
PID 4656 wrote to memory of 4372	4656	chrome.exe	92
PID 4656 wrote to memory of 4372	4656	chrome.exe	92
PID 4656 wrote to memory of 4372	4656	chrome.exe	92
PID 4656 wrote to memory of 4372	4656	chrome.exe	92
PID 4656 wrote to memory of 4372	4656	chrome.exe	92
PID 4656 wrote to memory of 4372	4656	chrome.exe	92
PID 4656 wrote to memory of 4372	4656	chrome.exe	92
PID 4656 wrote to memory of 4372	4656	chrome.exe	92
PID 4656 wrote to memory of 4372	4656	chrome.exe	92
PID 4656 wrote to memory of 4372	4656	chrome.exe	92
PID 4656 wrote to memory of 4372	4656	chrome.exe	92
PID 4656 wrote to memory of 4372	4656	chrome.exe	92
PID 4656 wrote to memory of 4372	4656	chrome.exe	92
PID 4656 wrote to memory of 4372	4656	chrome.exe	92
PID 4656 wrote to memory of 4460	4656	chrome.exe	93
PID 4656 wrote to memory of 4460	4656	chrome.exe	93
PID 4656 wrote to memory of 448	4656	chrome.exe	94
PID 4656 wrote to memory of 448	4656	chrome.exe	94
PID 4656 wrote to memory of 448	4656	chrome.exe	94
PID 4656 wrote to memory of 448	4656	chrome.exe	94
PID 4656 wrote to memory of 448	4656	chrome.exe	94
PID 4656 wrote to memory of 448	4656	chrome.exe	94
PID 4656 wrote to memory of 448	4656	chrome.exe	94
PID 4656 wrote to memory of 448	4656	chrome.exe	94
PID 4656 wrote to memory of 448	4656	chrome.exe	94
PID 4656 wrote to memory of 448	4656	chrome.exe	94
PID 4656 wrote to memory of 448	4656	chrome.exe	94
PID 4656 wrote to memory of 448	4656	chrome.exe	94
PID 4656 wrote to memory of 448	4656	chrome.exe	94
PID 4656 wrote to memory of 448	4656	chrome.exe	94
PID 4656 wrote to memory of 448	4656	chrome.exe	94
PID 4656 wrote to memory of 448	4656	chrome.exe	94
PID 4656 wrote to memory of 448	4656	chrome.exe	94
PID 4656 wrote to memory of 448	4656	chrome.exe	94
PID 4656 wrote to memory of 448	4656	chrome.exe	94
PID 4656 wrote to memory of 448	4656	chrome.exe	94
PID 4656 wrote to memory of 448	4656	chrome.exe	94
PID 4656 wrote to memory of 448	4656	chrome.exe	94
PID 4656 wrote to memory of 448	4656	chrome.exe	94
PID 4656 wrote to memory of 448	4656	chrome.exe	94
PID 4656 wrote to memory of 448	4656	chrome.exe	94
PID 4656 wrote to memory of 448	4656	chrome.exe	94
PID 4656 wrote to memory of 448	4656	chrome.exe	94
PID 4656 wrote to memory of 448	4656	chrome.exe	94
PID 4656 wrote to memory of 448	4656	chrome.exe	94

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://acrobat.adobe.com/id/urn:aaid:sc:EU:c0f4b3d2-63a9-4d6b-8003-7847caec5548
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa5e45ab58,0x7ffa5e45ab68,0x7ffa5e45ab78
  2⤵
  PID:3092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 --field-trial-handle=1920,i,8175240520564884610,13790824204881894550,131072 /prefetch:2
  2⤵
  PID:4372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1920,i,8175240520564884610,13790824204881894550,131072 /prefetch:8
  2⤵
  PID:4460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2136 --field-trial-handle=1920,i,8175240520564884610,13790824204881894550,131072 /prefetch:8
  2⤵
  PID:448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2940 --field-trial-handle=1920,i,8175240520564884610,13790824204881894550,131072 /prefetch:1
  2⤵
  PID:2900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2948 --field-trial-handle=1920,i,8175240520564884610,13790824204881894550,131072 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4828 --field-trial-handle=1920,i,8175240520564884610,13790824204881894550,131072 /prefetch:1
  2⤵
  PID:3208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4056 --field-trial-handle=1920,i,8175240520564884610,13790824204881894550,131072 /prefetch:8
  2⤵
  PID:3588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5012 --field-trial-handle=1920,i,8175240520564884610,13790824204881894550,131072 /prefetch:8
  2⤵
  PID:2884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4720 --field-trial-handle=1920,i,8175240520564884610,13790824204881894550,131072 /prefetch:8
  2⤵
  PID:348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 --field-trial-handle=1920,i,8175240520564884610,13790824204881894550,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:3672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4972 --field-trial-handle=1920,i,8175240520564884610,13790824204881894550,131072 /prefetch:8
  2⤵
  PID:5456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4580 --field-trial-handle=1920,i,8175240520564884610,13790824204881894550,131072 /prefetch:8
  2⤵
  PID:5464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4592 --field-trial-handle=1920,i,8175240520564884610,13790824204881894550,131072 /prefetch:8
  2⤵
  PID:5560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=740 --field-trial-handle=1920,i,8175240520564884610,13790824204881894550,131072 /prefetch:1
  2⤵
  PID:6140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1676 --field-trial-handle=1920,i,8175240520564884610,13790824204881894550,131072 /prefetch:1
  2⤵
  PID:2684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4948 --field-trial-handle=1920,i,8175240520564884610,13790824204881894550,131072 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5176 --field-trial-handle=1920,i,8175240520564884610,13790824204881894550,131072 /prefetch:1
  2⤵
  PID:5268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4324 --field-trial-handle=1920,i,8175240520564884610,13790824204881894550,131072 /prefetch:1
  2⤵
  PID:5628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4620 --field-trial-handle=1920,i,8175240520564884610,13790824204881894550,131072 /prefetch:1
  2⤵
  PID:440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5432 --field-trial-handle=1920,i,8175240520564884610,13790824204881894550,131072 /prefetch:1
  2⤵
  PID:6056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5704 --field-trial-handle=1920,i,8175240520564884610,13790824204881894550,131072 /prefetch:8
  2⤵
  PID:3688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5816 --field-trial-handle=1920,i,8175240520564884610,13790824204881894550,131072 /prefetch:8
  2⤵
  PID:4556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5724 --field-trial-handle=1920,i,8175240520564884610,13790824204881894550,131072 /prefetch:8
  2⤵
  PID:5164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5992 --field-trial-handle=1920,i,8175240520564884610,13790824204881894550,131072 /prefetch:8
  2⤵
  PID:5184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6036 --field-trial-handle=1920,i,8175240520564884610,13790824204881894550,131072 /prefetch:1
  2⤵
  PID:2144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=4824 --field-trial-handle=1920,i,8175240520564884610,13790824204881894550,131072 /prefetch:1
  2⤵
  PID:5228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5824 --field-trial-handle=1920,i,8175240520564884610,13790824204881894550,131072 /prefetch:8
  2⤵
  PID:5668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=740 --field-trial-handle=1920,i,8175240520564884610,13790824204881894550,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3596

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:988

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
25KB

MD5
947842cb257a5d5b424b8497d09874a0

SHA1
4fa4469108ba2f7e4687f9ddbaafd154e1da3b7c

SHA256
1a1d6697cf1fdc94d8dd9890bf516e07ef8861bf6e44ecb83695c9fc6e02cd14

SHA512
a36a4fd71eee08fef28b4fdd42d2a2abc1b702123bdd33af931d2d6a2a222a0edcbcc6542489fd820751a77a53ffb2520f0b66523a05ed835e89b266a61db637

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000069

Filesize
198KB

MD5
319e0c36436ee0bf24476acbcc83565c

SHA1
fb2658d5791fe5b37424119557ab8cee30acdc54

SHA256
f6562ea52e056b979d6f52932ae57b7afb04486b10b0ebde22c5b51f502c69d1

SHA512
ad902b9a010cf99bdedba405cad0387890a9ff90a9c91f6a3220cdceec1b08ecb97a326aef01b28d8d0aacb5f2a16f02f673e196bdb69fc68b3f636139059902

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
379e32d28d87a440b5896c670f51059e

SHA1
723abe54cb094740013261a3d5cf7fe61f5b7451

SHA256
bca729683ac0c55c5648ad1108c3ae37e93e389d27348ddbd88be36ca348056f

SHA512
7856ff0266b21cb9d6208d99e81ed4e36d6f2652aac60202f43d007bb508947d5b113c6facd6f1593386a9bf7e9cf8246711e62115111d2f0319ad80524799fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
06d55b8496821163b87e287f6ca3486e

SHA1
64bcf627674cc0b1f56c623c6c1ac689de1423ea

SHA256
5022db9a0f950371ac2cce3af09f104d428d650983a3dfcade3cc228f1239a0d

SHA512
2d5d9b57bd582c733aa34fb316a341dd172acb4015145b152fad7eb08e2d7b410a82cba8950577508a317137648b4792c32d1bf1416ac69a6cb32239750094a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
beb5a646cb3a716e0ec355b81c93cec5

SHA1
545f88ccdc103ab52179ef72ef150b3b316d4a5d

SHA256
1bc0f9af3922b6381494069dee571ddc2712869bbe17365ba6f7687c7641c5dc

SHA512
132821ec04c46a01de7c219163e444c462e78ba09c99d25065ef381ce71e70cd57ae6c6b1d5a7f5f72029fe66953a78e904660372c8622e89ced70a3cfa7e268

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_acrobat.adobe.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
2584cebe1ee18b3f29a8bd1971713ad2

SHA1
73e29445fe938e06fd83916448f4443953eba0bb

SHA256
2c82f3bc1c5f6cec1ccdf88885b268472b7712771d9c1ae539ef99df3431c3cc

SHA512
625b31e7c3273577239ccfa817274eea20a406d920573952fba26918a58e0e893d55f75b7f6479d687da9554b15d93d4f8eb32209f062cc7415a1f776936e125

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
904aa43ee17ed3493223b4e63163c8b7

SHA1
e5097cda41d1eec6f0933c4a5eb061dd99526114

SHA256
5721abbf255282032c2520d8ddfcebadd38e2b58f5245c9870ec83f0c8798e1c

SHA512
82c296c816aa1488f3e4ba2364e391f152712c7819955310b115627b7461f7636ad83e4578006275c12bf01cbd097d8b4070b5ab7338a722774f55a592e143fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
d322f5389370f7bf3bcdefd8a10415d9

SHA1
ca7abed37e54c1878f75ecfe9435022e53e2a6b0

SHA256
10e5c2585a37b6b7a258a00c0040b669168b6ee825eeb7c12a6a0ecdcd16c6b9

SHA512
5f882d35e05f6d088964ae7fcaf49b366072d28f7a684de9a0db01e6b193df55376724eb5db8b1c59f8b8da4be7403e1c791f3edc28d552cc265ecd9af6f7445

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
082791cea295985108c268af8e3f4c80

SHA1
55cd065b6d8e96601060b6481e359ce51596f2a2

SHA256
4f247530924f03c4d8ac945674ad6c9af9b8b1c2d6a84be9c5cf7c522288a1ec

SHA512
d2d059a0f4f2e79e943ed1970502865851fc901249195f82eabb33e2bcb0d6ef70580610b88e8660cce840b3bce34e090625c64d1b046a4024bf3db2e7a01970

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
f1221abb1a01c5c9ca521a370542ed50

SHA1
9c1130e9a15a5e60625e864bd2ddd4621177edfd

SHA256
31ec7dff7fcad4fbd16a17ae5d42b01389c6292809e0b2efae372dada8b2bbe2

SHA512
40532bbdc7784cfa1205b36395179b66bcc9acd6e0f97a1e678c401a0bb6ce18dc598c500b9835df3eab1acf0eee8d7bfbac27bec7e57903b465c71f1d635334

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
80a5f37128690d2418d0c5e3b884553a

SHA1
44ef5d09ae6198d4822e5b91258b2b7699b761eb

SHA256
7030f299018936838bd05fd48abaa876ecc106d5f9666f20b4d91cfd563c9287

SHA512
fc1fdba3b125dc101941be5726c669acd56794861386e0da087e041c079f5454ceaa0538c8421600f96370bbd241d0b633d28169c8dba784362458d3d7ede45f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
e3cb51cf7ce9f58b12fe087451da9d39

SHA1
2bf0010b758e0984df2a522dfc48eb6300350527

SHA256
35efc4601bb1cc594a745775d79462f1a6e46f3075817943a049665a19304cab

SHA512
87b0971d2bfd6a8af66029bcb8f39952d73301c6cc1af26a480648bef957989ca14b8b490dfd0ac6a009b47a7bbc270c0a4f3bc1c8007110cf27310162dd63d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
762a02f91ac037ce62e5578a2b6ff29a

SHA1
6905b7a4fbd1fcb9bc77495ce3bb4063e7fe98b8

SHA256
fa0ff7f06d2506d6c088cd6a88e478c0b9c0f572ffa8c547553a965e73e1d05c

SHA512
c6b238e3ed76cb2cf19a26b96a8555138aae8cbc35d4c4a8267ae8ca6903e4c09053702c728018dfbc13063ecc4daa60f185eb2d689c6f011de71e37cfaf8ef3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
2ae1dedd42550b0867b7dcd250559699

SHA1
d62e1cc9080856d2e63419f096c0d18b351ece5f

SHA256
edb7470035636927673690cae7ed78d490cc3888a5276c52efaad6df54aa7bfd

SHA512
b9bab7e56300dd7cb11d2fe02c505caadbc1002dd657fadf78c25a17119ad2e81aff33fbd02a4a8794cf0b0661684c36e043cce5d5174d4cd5da475a9f0ed5cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
bdcb7a4a676b61debdc1f2892409ef0d

SHA1
33dd55f72779f1d8f0f961126679354c744cd6d2

SHA256
2a3f0bf12366b5b391e1ac31cc6fcc0fb85b0920e659f21fa7402d23d628e2f1

SHA512
9b030ba7eaf4295bcb872f186aa81897acf393de7fe2a4a23240a158e5ee4145caac01e43fb7298060bd08635b3bb553fe8c72214cfc868b2382c37637f93b58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
46b7fecc2144aed7e3a1b5a7c315f26b

SHA1
8ac31427dcd9340ccb11618a07972e74764344fa

SHA256
a609ae295e77f6c333bca3001deb14e576c076df8901fb69115191e730975995

SHA512
ae5915f6c0da9b09c2fd995808d5a944d31b33589fc0aa5c7b6baaaca913608c668da19bfd139321760a7448a286eabb54148eda70afcc2a031f698b5f8394e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\7b539bde8ca0807396a791d6ee4db1189d0e5380\f3283c8b-abda-49f5-a863-8bb571970c64\index-dir\the-real-index

Filesize
72B

MD5
8636c0f67c792d6af8a5d568f00aac5d

SHA1
d2ad8bef231ee6b548ea0c150d2e8847a6fecb07

SHA256
abf32f7313f93b8e45b154eae9b93ed8c4c439e965a88a521f6e5926b0d7b337

SHA512
fcbadbc38e709cb75960134c51cb7501dbd6ad7fd6ebf8812d12cc9e4ae0313381c593564b8e46d92c30117ba8ef23d6d3d8bb60c940192473973cbe228aef5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\7b539bde8ca0807396a791d6ee4db1189d0e5380\f3283c8b-abda-49f5-a863-8bb571970c64\index-dir\the-real-index~RFe5883b2.TMP

Filesize
48B

MD5
83b1d64dfc11978d49cc4f6dc34ede39

SHA1
65a2ae82bbd06821b8dd15571a3398339cf6c878

SHA256
59649fb925e15c034fa2d5833709bd38656124a32e0a53e3ed126e6dff61557a

SHA512
356e3f8041d87f6cc6711c66d108db664f67bdfc5efc0920b6574ee0f27e3f3d21997746bfebb117a8a775405f7aa8e366c43ef875068a17fda7b761e51592c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\7b539bde8ca0807396a791d6ee4db1189d0e5380\index.txt

Filesize
155B

MD5
9344331a8836182798fb63495eccc419

SHA1
6ba31d5b0cce4b1895dd85b4d38e2a18b7a644e1

SHA256
1796cfd4e3a5a21bc9cc4bc1e6ed1bf73aff9bc4edcb8c7cba5afccaf6bb9a5b

SHA512
9166b11a0d9175a5b1110e626e36604c4e2d2c3014e8e7d11f2f18e3be1252d7ae1963e2bae619bc7e78551c7a7f1b35c5441a0866962bed132c949a7f54f0ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\7b539bde8ca0807396a791d6ee4db1189d0e5380\index.txt~RFe5883e1.TMP

Filesize
161B

MD5
c48bd6b960d322291f23cfa383cb5b31

SHA1
b3a637e733a45bdde583e7de4a63c024caa0e3be

SHA256
0254bc689ec44d23998a74021d9411a50d000937f231fbf1ca366993c99a1f93

SHA512
23f73a0f527bb56226460a9bdd803965b5d2d1fcb1df130c58bb0f3ef642d0eeda57f51c222fa0d9f2dc15ebebd36bffb8a762611bea1d8973dc310410a67bdd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
9dcc13b6293eed2a57fdb11014289cbc

SHA1
236d52ae88232e53f945ce87eaefe481112e8da2

SHA256
43af9f859d3f55850e41aa899f0fea9813832182fb86ca2d1212bcb80cc1d929

SHA512
15f75de314da2a16f1e277b6e67f8dfdee04b50a430081a2fa0b69deebab8489982b00bb1c0598986e220ba8ddcabd8ac7f5ae8c960847dae82be790f0996c3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
1df99ad89a185924e21c771674cd7d1f

SHA1
22b1a986a2da36d622697ccdb24c4e00dffd6773

SHA256
b371e4e312540be2ef10ff8234cfa7034a9afa95e74f603e718e733f993000d5

SHA512
4a50153e987fd35818e9c43192a8b6bf7742bffe26d12a8a8b6bb67b121ce26a12456384df778e5971051d027b91698d80353f618b76542197d5e8b68d00f976

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe588364.TMP

Filesize
48B

MD5
ad495ef428f88d726fad157dabf33788

SHA1
4d26cdcd7bb17f607036dbfbff120ad1ccd706fe

SHA256
889b31efc7f00e9c01820af285bd5c2357da4452eafc8dfa78007a99525946e9

SHA512
16ddeb022485061f4dbc2e55d6cdca60a7368e4575e0d20b884792ded07af7623d33de3dabc4175c72641e1984579a1008eb7d7e21e4ec006029bb08b2c1b706

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
0386ef99f485782ce81dc067eb4069f7

SHA1
c1460870d5366040a1b62bd6870d161e29fe0377

SHA256
c7ee77a1be3aae77a2dc7644820da067eec2f782d33ed2c67a602ac6afb3d7b3

SHA512
3a1ee83629eb07d4152fbbaea041c9029be8f3b3a58265fa19fc3f4ff9642ab0c1e8568fb54f64ef17561cb2e0706d42e3ff4acdf1d52a4654e2ee22288452be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
d04a67708a2a77744884027a3372a102

SHA1
b9db4675d297d1dcce53eebce6acb0bc2272add2

SHA256
7fc566db152dd5df36b01e4601d655452f9e041e7c233174767bbcd14cb9020a

SHA512
bca51d7c4d0e276b5aa06926b8af321e0f4c647289afd013c6f0df6b4b3d725ab1b65ecfc0f092126c90525522832803cbb3f247f4a948a275b8a7ae4059705b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
37228dfc17853266ec9ab5678960c78f

SHA1
3f82acf18aac69e8c21eb2b6ddb64b58c1dc91a0

SHA256
67c29931e542e4f0899ce4e4daee64b4ad92352db40923d60628cebf1ef26d5d

SHA512
d160fb23dccae2db409154eab1c0f981ef42c37e6a8fe37dcf1e15e4b327d8681fc7c4e2ebe4fc55ec1a0f9ee7c27511499e756faef90f684b2dfe0084b5ae80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
53d1459b7e622c0136680ca7513a1b9d

SHA1
b7d52659a77b9ff40fff7b44f32f8f793ba5bd4b

SHA256
6cadc48cbc683038a989f632bc2a2f6b0d05f220ea480a9f2ae2daeaf7f6205a

SHA512
f49163913093647fadc8429231c8eaa64786440c1baaed5756447e64b41fd1df069a2cc57abe566342d6add92c47571536722f6573620bc7cb8d5203df17ab0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
98KB

MD5
8c69e27521cb5f1bdd1f5db388d58ac8

SHA1
de942b6115c688eacd0171afb220c36d892aab4f

SHA256
adfe6e94a5fde28f7a5abd7c846526cb3d93c2af3c0986cdf0d3c50af57c6df6

SHA512
0aff509039cf7d04bfe58b5238ebb81694aa9705f851b623cf840df3595d35b9df25de8119e42b6756dab0ee70c9cab4164d5d9c347afca69e24691b62faa3c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58c38a.TMP

Filesize
94KB

MD5
a9290dc00bef76e4f0834b59d5ce4b9e

SHA1
26033052d2851d44538e167fd0ff05297727f8bd

SHA256
f6df78038168628294dc77dbceb427d099d61b3f890a6e95fc7871ac33357e02

SHA512
3b76d41a635d636b18cea4b881c361e564f11ba0d5fc0d3b1cb68682a6fccb85039107e473420791be2c221a5776c69944a9a85f368b302e726617608ed5db3a

Download Submit