hxxps://acrobat[.]adobe[.]com/id/urn[:]aaid[:]sc[:]va6c2[:]b1c9ad77-e430-4dae-a42a-9b5ea620012d

Resubmissions

29-04-2024 15:11

240429-skx37sdf34 4

29-04-2024 15:07

240429-shjg2adh6t 10

Analysis

max time kernel
150s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
29-04-2024 15:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://acrobat.adobe.com/id/urn:aaid:sc:va6c2:b1c9ad77-e430-4dae-a42a-9b5ea620012d

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

Processes:

chrome.exe

description ioc process

File opened for modification C:\Windows\SystemTemp chrome.exe

description	ioc	process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exemsedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133588771455987526"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

Processes:

msedge.exemsedge.exemsedge.exeidentity_helper.exechrome.exemsedge.exe

pid	process
3184	msedge.exe
3184	msedge.exe
3164	msedge.exe
3164	msedge.exe
4256	msedge.exe
4256	msedge.exe
2180	identity_helper.exe
2180	identity_helper.exe
3768	chrome.exe
3768	chrome.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

Processes:

msedge.exechrome.exe

pid	process
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3164	msedge.exe
3768	chrome.exe
3768	chrome.exe
3164	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe
Token: SeShutdownPrivilege	3768	chrome.exe
Token: SeCreatePagefilePrivilege	3768	chrome.exe

Suspicious use of FindShellTrayWindow 51 IoCs

Processes:

msedge.exechrome.exe

pid	process
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exechrome.exe

pid	process
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe
3768	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3164 wrote to memory of 2316	3164	msedge.exe	msedge.exe
PID 3164 wrote to memory of 2316	3164	msedge.exe	msedge.exe
PID 3164 wrote to memory of 2104	3164	msedge.exe	msedge.exe
PID 3164 wrote to memory of 2104	3164	msedge.exe	msedge.exe
PID 3164 wrote to memory of 2104	3164	msedge.exe	msedge.exe
PID 3164 wrote to memory of 2104	3164	msedge.exe	msedge.exe
PID 3164 wrote to memory of 2104	3164	msedge.exe	msedge.exe
PID 3164 wrote to memory of 2104	3164	msedge.exe	msedge.exe
PID 3164 wrote to memory of 2104	3164	msedge.exe	msedge.exe
PID 3164 wrote to memory of 2104	3164	msedge.exe	msedge.exe
PID 3164 wrote to memory of 2104	3164	msedge.exe	msedge.exe
PID 3164 wrote to memory of 2104	3164	msedge.exe	msedge.exe
PID 3164 wrote to memory of 2104	3164	msedge.exe	msedge.exe
PID 3164 wrote to memory of 2104	3164	msedge.exe	msedge.exe
PID 3164 wrote to memory of 2104	3164	msedge.exe	msedge.exe
PID 3164 wrote to memory of 2104	3164	msedge.exe	msedge.exe
PID 3164 wrote to memory of 2104	3164	msedge.exe	msedge.exe
PID 3164 wrote to memory of 2104	3164	msedge.exe	msedge.exe
PID 3164 wrote to memory of 2104	3164	msedge.exe	msedge.exe
PID 3164 wrote to memory of 2104	3164	msedge.exe	msedge.exe
PID 3164 wrote to memory of 2104	3164	msedge.exe	msedge.exe
PID 3164 wrote to memory of 2104	3164	msedge.exe	msedge.exe
PID 3164 wrote to memory of 2104	3164	msedge.exe	msedge.exe
PID 3164 wrote to memory of 2104	3164	msedge.exe	msedge.exe
PID 3164 wrote to memory of 2104	3164	msedge.exe	msedge.exe
PID 3164 wrote to memory of 2104	3164	msedge.exe	msedge.exe
PID 3164 wrote to memory of 2104	3164	msedge.exe	msedge.exe
PID 3164 wrote to memory of 2104	3164	msedge.exe	msedge.exe
PID 3164 wrote to memory of 2104	3164	msedge.exe	msedge.exe
PID 3164 wrote to memory of 2104	3164	msedge.exe	msedge.exe
PID 3164 wrote to memory of 2104	3164	msedge.exe	msedge.exe
PID 3164 wrote to memory of 2104	3164	msedge.exe	msedge.exe
PID 3164 wrote to memory of 2104	3164	msedge.exe	msedge.exe
PID 3164 wrote to memory of 2104	3164	msedge.exe	msedge.exe
PID 3164 wrote to memory of 2104	3164	msedge.exe	msedge.exe
PID 3164 wrote to memory of 2104	3164	msedge.exe	msedge.exe
PID 3164 wrote to memory of 2104	3164	msedge.exe	msedge.exe
PID 3164 wrote to memory of 2104	3164	msedge.exe	msedge.exe
PID 3164 wrote to memory of 2104	3164	msedge.exe	msedge.exe
PID 3164 wrote to memory of 2104	3164	msedge.exe	msedge.exe
PID 3164 wrote to memory of 2104	3164	msedge.exe	msedge.exe
PID 3164 wrote to memory of 2104	3164	msedge.exe	msedge.exe
PID 3164 wrote to memory of 3184	3164	msedge.exe	msedge.exe
PID 3164 wrote to memory of 3184	3164	msedge.exe	msedge.exe
PID 3164 wrote to memory of 2720	3164	msedge.exe	msedge.exe
PID 3164 wrote to memory of 2720	3164	msedge.exe	msedge.exe
PID 3164 wrote to memory of 2720	3164	msedge.exe	msedge.exe
PID 3164 wrote to memory of 2720	3164	msedge.exe	msedge.exe
PID 3164 wrote to memory of 2720	3164	msedge.exe	msedge.exe
PID 3164 wrote to memory of 2720	3164	msedge.exe	msedge.exe
PID 3164 wrote to memory of 2720	3164	msedge.exe	msedge.exe
PID 3164 wrote to memory of 2720	3164	msedge.exe	msedge.exe
PID 3164 wrote to memory of 2720	3164	msedge.exe	msedge.exe
PID 3164 wrote to memory of 2720	3164	msedge.exe	msedge.exe
PID 3164 wrote to memory of 2720	3164	msedge.exe	msedge.exe
PID 3164 wrote to memory of 2720	3164	msedge.exe	msedge.exe
PID 3164 wrote to memory of 2720	3164	msedge.exe	msedge.exe
PID 3164 wrote to memory of 2720	3164	msedge.exe	msedge.exe
PID 3164 wrote to memory of 2720	3164	msedge.exe	msedge.exe
PID 3164 wrote to memory of 2720	3164	msedge.exe	msedge.exe
PID 3164 wrote to memory of 2720	3164	msedge.exe	msedge.exe
PID 3164 wrote to memory of 2720	3164	msedge.exe	msedge.exe
PID 3164 wrote to memory of 2720	3164	msedge.exe	msedge.exe
PID 3164 wrote to memory of 2720	3164	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://acrobat.adobe.com/id/urn:aaid:sc:va6c2:b1c9ad77-e430-4dae-a42a-9b5ea620012d
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3164

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xdc,0x110,0x7ff858263cb8,0x7ff858263cc8,0x7ff858263cd8
2⤵
PID:2316

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,18118175425900162869,7448582668391802445,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1856 /prefetch:2
2⤵
PID:2104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1888,18118175425900162869,7448582668391802445,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3184

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1888,18118175425900162869,7448582668391802445,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
2⤵
PID:2720

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,18118175425900162869,7448582668391802445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
2⤵
PID:4264

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,18118175425900162869,7448582668391802445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
2⤵
PID:4900

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,18118175425900162869,7448582668391802445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
2⤵
PID:4516

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1888,18118175425900162869,7448582668391802445,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1984 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4256

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,18118175425900162869,7448582668391802445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
2⤵
PID:3748

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1888,18118175425900162869,7448582668391802445,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2180

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,18118175425900162869,7448582668391802445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
2⤵
PID:3464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,18118175425900162869,7448582668391802445,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
2⤵
PID:3140

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,18118175425900162869,7448582668391802445,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
2⤵
PID:2684

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,18118175425900162869,7448582668391802445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
2⤵
PID:4648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1888,18118175425900162869,7448582668391802445,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5676 /prefetch:8
2⤵
PID:844

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,18118175425900162869,7448582668391802445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2600 /prefetch:1
2⤵
PID:3616

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,18118175425900162869,7448582668391802445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2984 /prefetch:1
2⤵
PID:5780

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,18118175425900162869,7448582668391802445,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5992 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,18118175425900162869,7448582668391802445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
2⤵
PID:5296

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:364

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4528

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3768

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff84587cc40,0x7ff84587cc4c,0x7ff84587cc58
2⤵
PID:1192

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1980,i,7149935016412397457,2184869254445627890,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1944 /prefetch:2
2⤵
PID:776

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1732,i,7149935016412397457,2184869254445627890,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2192 /prefetch:3
2⤵
PID:4708

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2236,i,7149935016412397457,2184869254445627890,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2248 /prefetch:8
2⤵
PID:2212

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3092,i,7149935016412397457,2184869254445627890,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3136 /prefetch:1
2⤵
PID:3568

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3144,i,7149935016412397457,2184869254445627890,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3208 /prefetch:1
2⤵
PID:4196

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4360,i,7149935016412397457,2184869254445627890,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4340 /prefetch:1
2⤵
PID:1388

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4504,i,7149935016412397457,2184869254445627890,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4480 /prefetch:1
2⤵
PID:3744

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4492,i,7149935016412397457,2184869254445627890,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4668 /prefetch:1
2⤵
PID:1416

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3568,i,7149935016412397457,2184869254445627890,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4468 /prefetch:1
2⤵
PID:5220

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3184,i,7149935016412397457,2184869254445627890,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3308 /prefetch:8
2⤵
PID:5240

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4684,i,7149935016412397457,2184869254445627890,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4764 /prefetch:1
2⤵
PID:5472

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3096,i,7149935016412397457,2184869254445627890,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4416 /prefetch:1
2⤵
PID:5952

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4852,i,7149935016412397457,2184869254445627890,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5016 /prefetch:1
2⤵
PID:5288

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:4316

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5304

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
Filesize
649B

MD5
1fe86fcdd04d207e9884b70042f40994

SHA1
e4de2a3ea4827b8499e240a7ca2ac67a304746dd

SHA256
e37a2dec667e951ef9e7be4c2d2ec8158b036bb46981525bf6352987596c2145

SHA512
40c21e35b1e4c9d3bc7eafc8f82e71e3d9b6b1a20519309874ab202e2213f216c9679cbdaa010245b547356c082b6d453064eb0e92f322e5aceff5f90b780ffa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
67afbf622ba796df5024c2796bc7027f

SHA1
be0e3453adc84cba3a4c9ac06bc5da28390cc174

SHA256
8813ee20ece885da758cb636a4a67d5465469d872d0a18f6308bc140a7195685

SHA512
08b0b7e3709dbfda288637a69b350d10b40f7663ffa5658b771580feefe6e47a68d86e0b223f562a1b17f3f99cea670169c26fb74cac54f080d9bf283402f6ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
878a15182e764fce7d4d92e1cae046d3

SHA1
d6497dd86d273a1f3f6b1219d55e9c2773b71df3

SHA256
a704f6cd6b408c74a865888d73be98fcd140f59fcae5070bf4a9523e38e06dca

SHA512
6aca043d0cafcee7bd0a877ea7171810bff812d4b4a24dbff047522b0d5ad668f9f98a629fe6e25181ece2cddbe59db9e32a8d7b88f40947b5b51291cbd07975

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
a116a82030a5ff2fea6fa6223d7c1954

SHA1
8c2ace080c76c9a7c97d1dbd3a2423bff9d0acc6

SHA256
056117e9956c2da2c5e04b5bc32d062453e72979880b96f30b242e85ff07390c

SHA512
01b7cd365b4d6661f5967332517105b1bc56f54d55c8ca1fd9779c26a6e9986600fc2add65b35f103206f7bef97545ce36a6b46219527413910ad1c800d15091

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
a947bcc336f01355787f91df7d4e6753

SHA1
55f9a1bd3be7969e7be238176d5e585412b7b224

SHA256
3fa52830587a51ca33d67150cb8ac09e471e7c5b52a91587bfa0949fa8256779

SHA512
bcfaa8c6e640baa137d227918c3006aee6a72fb15359168cd199c73280a238fbbed8cc7278cabfaba3ea25eb3550b142a4dc0238265581bfea2587ad2fa795c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
e6239eebeb0531d85a2d3e5554798573

SHA1
0c3532ff2cdfb3c51f3b9daebdc951ef2ca4e518

SHA256
6137b94257d0ee1e640333f6d0a1b523c976d2f1e1d458ba37b628a7fa666565

SHA512
ecdf9d0813ba56082bb1f210aca25b6f4e772edd811a0fbdcba38d48369095bb49b82ebc9a3fb9af2dc808c949bfac5de2a5151494b4b8c970cb8ab0fe2bd585

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
7f7d7251268004e18e882e53c7f8b7a5

SHA1
55a491cacb7f352e9b98668c9318d15cea17d9b8

SHA256
0c31f39a3dbacb4337fcbec57829b1920b65c419f1d64228361a6ac8350253e8

SHA512
7058239b5321f4a622e4ec79f846242d24cfbac77e8365cee62be473623d52d503cdce56626389e0b729c6651f9232df342563e3768b02e8841d218b3e7896d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
a5025352f055d4c154c1524f594c8435

SHA1
9fe8bb94699d7f3adba178bd7d329d09a750dfa4

SHA256
79c80dedbb956a7f969c6faa75c4c4558062c41c4721ee7f546fb93c1db53d00

SHA512
94dbe1a933d4212b5c191445593174a49ffd838b03f4c57cc55d0347c9b3a445150bf7d2971cb4e3c1c66e8a608545dd05b6fd815f6388a35309aee8134aa79e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
77KB

MD5
5f8ceecdef36a5851986440a0fa20216

SHA1
d0ce54cb457ce641c91e72649c16d7376e405490

SHA256
9ab7b5945f41557e89f5ecddf3ec135471d32aa8ff5e33e081b77ffc115a7139

SHA512
c591a23f40e379549f6a64b17b65952614152fb257c65abcd7d3506d227968994c9a722f7cd348c0331d4ff2ff6895b9ef5925662402be74ec70a2894423a9b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
77KB

MD5
c3ca3ac8e5798817b41bebf649dcb42c

SHA1
780ad4c696b3be4ab80a597c698218c55dad0c79

SHA256
65a8d3726b24d587d63917407d1ffdd4d842f2e16bae1160d7933fdfd031ebc1

SHA512
f5b82285b2b57cfe0aafc38a501a682ab6641dfda025b23940756b405f9956bd3e2f31ab8e47a4520e5341115b64a7c9f065aebe9ed29572d5474ac51277d0f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
7c16971be0e6f1e01725260be0e299cd

SHA1
e7dc1882a0fc68087a2d146b3a639ee7392ac5ed

SHA256
b1fa098c668cdf8092aa096c83328b93e4014df102614aaaf6ab8dc12844bdc0

SHA512
dc76816e756d27eedc2fe7035101f35d90d54ec7d7c724ad6a330b5dd2b1e6d108f3ae44cedb14a02110157be8ddac7d454efae1becebf0efc9931fdc06e953c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
bdf3e009c72d4fe1aa9a062e409d68f6

SHA1
7c7cc29a19adb5aa0a44782bb644575340914474

SHA256
8728752ef08d5b17d7eb77ed69cfdd1fc73b9d6e27200844b0953aeece7a7fdc

SHA512
75b85a025733914163d90846af462124db41a40f1ce97e1e0736a05e4f09fe9e78d72316753317dabea28d50906631f634431a39384a332d66fa87352ff497f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
35f03e9344582a037fd26e458e7903f2

SHA1
114536685430bc7172a48e8f6049181444160ada

SHA256
2de5fe5b11b7e3025b829b521ecd51dec99379f6ec520b443dd2840c47b49a91

SHA512
432b2e6802925521b45de84ba105d2374fd0ed87750ab2d4d9ff47f613a5e01ca9397393920c85e59318cf4b327716047de31aa2565297579f30be84abd378eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
5ddb5190a9edac649786eb0069098076

SHA1
92f72574f399e0425b88498b359a8db8ffb9c902

SHA256
6df00d969545de6cd780467628fe1468389fafe92533c3c88d7274a682c41a54

SHA512
ed618b246d1d718107fbcd317e43c86a0150deb001ff067492c853eba8326d656372beeae5817f22a08722394e06876064238fee470ac1e551b9647b9189421c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
8KB

MD5
1eb954f4445bc416ce3e88f8afc9f32e

SHA1
a2c20f43ffcb8f339a46ffbb7549e97965e681f8

SHA256
a0cad8f3ab7cdf1e642770dd21bb5aab5debcd9b1300dab68158cde0b7f6165d

SHA512
d56ed915d52fb3b27800a3edc27e86442cc1018bbff24633e631390481b39afadee454f34d3d0b670523aa0b6c4da1e2a05cf630c7abaa33a29b0f303db43591

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
8KB

MD5
42114e3af48ecaf4713d8ac636d2a097

SHA1
3975411fb573bdd4f0339b203de7a541fea528c0

SHA256
90cd852f93571970f90c722142a7406aca9e11b49eaded8d4be0e504d3aa0278

SHA512
d9f22b0f85b3e9f3c3a71ff97bbe570f6474db5d260b5abf135f2347be777bd9f47ba03810466b656dba93b5a75cd60ff4bc09c5b39f16efc8510ce2512e3ba0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
8KB

MD5
46cf0419b122b1f6e88f921cba7923a7

SHA1
eda97394a046eba5512a31975d66a57076343d23

SHA256
a17fcdcf09da114725efe16f5bfcd1f4da0e134e9e8f174ca5ffd887a8cbda03

SHA512
3c88af2b0527050bcf62631698438bbf78c8bed8b674f0e5f04e79fc8696374fe02ed531bb09178d8a1e8f537b83277770981d1f0332c1bd844126f954c83715

Download Submit
\??\pipe\LOCAL\crashpad_3164_PDABEZRTMTYPMKIH
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit