hxxps://acrobat[.]adobe[.]com/id/urn[:]aaid[:]sc[:]VA6C2[:]9c205a94-965b-4621-b34d-2441c3f87a62

Resubmissions

07/05/2024, 11:30

240507-nmjw5sea2s 1

07/05/2024, 11:27

240507-nkybradh3z 1

07/05/2024, 11:22

240507-ngyhcagd86 1

Analysis

max time kernel
149s
max time network
147s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
07/05/2024, 11:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:9c205a94-965b-4621-b34d-2441c3f87a62

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133595548979381166"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2324	chrome.exe
2324	chrome.exe
392	chrome.exe
392	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe
Token: SeShutdownPrivilege	2324	chrome.exe
Token: SeCreatePagefilePrivilege	2324	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe
2324	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2324 wrote to memory of 2184	2324	chrome.exe	73
PID 2324 wrote to memory of 2184	2324	chrome.exe	73
PID 2324 wrote to memory of 1128	2324	chrome.exe	75
PID 2324 wrote to memory of 1128	2324	chrome.exe	75
PID 2324 wrote to memory of 1128	2324	chrome.exe	75
PID 2324 wrote to memory of 1128	2324	chrome.exe	75
PID 2324 wrote to memory of 1128	2324	chrome.exe	75
PID 2324 wrote to memory of 1128	2324	chrome.exe	75
PID 2324 wrote to memory of 1128	2324	chrome.exe	75
PID 2324 wrote to memory of 1128	2324	chrome.exe	75
PID 2324 wrote to memory of 1128	2324	chrome.exe	75
PID 2324 wrote to memory of 1128	2324	chrome.exe	75
PID 2324 wrote to memory of 1128	2324	chrome.exe	75
PID 2324 wrote to memory of 1128	2324	chrome.exe	75
PID 2324 wrote to memory of 1128	2324	chrome.exe	75
PID 2324 wrote to memory of 1128	2324	chrome.exe	75
PID 2324 wrote to memory of 1128	2324	chrome.exe	75
PID 2324 wrote to memory of 1128	2324	chrome.exe	75
PID 2324 wrote to memory of 1128	2324	chrome.exe	75
PID 2324 wrote to memory of 1128	2324	chrome.exe	75
PID 2324 wrote to memory of 1128	2324	chrome.exe	75
PID 2324 wrote to memory of 1128	2324	chrome.exe	75
PID 2324 wrote to memory of 1128	2324	chrome.exe	75
PID 2324 wrote to memory of 1128	2324	chrome.exe	75
PID 2324 wrote to memory of 1128	2324	chrome.exe	75
PID 2324 wrote to memory of 1128	2324	chrome.exe	75
PID 2324 wrote to memory of 1128	2324	chrome.exe	75
PID 2324 wrote to memory of 1128	2324	chrome.exe	75
PID 2324 wrote to memory of 1128	2324	chrome.exe	75
PID 2324 wrote to memory of 1128	2324	chrome.exe	75
PID 2324 wrote to memory of 1128	2324	chrome.exe	75
PID 2324 wrote to memory of 1128	2324	chrome.exe	75
PID 2324 wrote to memory of 1128	2324	chrome.exe	75
PID 2324 wrote to memory of 1128	2324	chrome.exe	75
PID 2324 wrote to memory of 1128	2324	chrome.exe	75
PID 2324 wrote to memory of 1128	2324	chrome.exe	75
PID 2324 wrote to memory of 1128	2324	chrome.exe	75
PID 2324 wrote to memory of 1128	2324	chrome.exe	75
PID 2324 wrote to memory of 1128	2324	chrome.exe	75
PID 2324 wrote to memory of 1128	2324	chrome.exe	75
PID 2324 wrote to memory of 4408	2324	chrome.exe	76
PID 2324 wrote to memory of 4408	2324	chrome.exe	76
PID 2324 wrote to memory of 2692	2324	chrome.exe	77
PID 2324 wrote to memory of 2692	2324	chrome.exe	77
PID 2324 wrote to memory of 2692	2324	chrome.exe	77
PID 2324 wrote to memory of 2692	2324	chrome.exe	77
PID 2324 wrote to memory of 2692	2324	chrome.exe	77
PID 2324 wrote to memory of 2692	2324	chrome.exe	77
PID 2324 wrote to memory of 2692	2324	chrome.exe	77
PID 2324 wrote to memory of 2692	2324	chrome.exe	77
PID 2324 wrote to memory of 2692	2324	chrome.exe	77
PID 2324 wrote to memory of 2692	2324	chrome.exe	77
PID 2324 wrote to memory of 2692	2324	chrome.exe	77
PID 2324 wrote to memory of 2692	2324	chrome.exe	77
PID 2324 wrote to memory of 2692	2324	chrome.exe	77
PID 2324 wrote to memory of 2692	2324	chrome.exe	77
PID 2324 wrote to memory of 2692	2324	chrome.exe	77
PID 2324 wrote to memory of 2692	2324	chrome.exe	77
PID 2324 wrote to memory of 2692	2324	chrome.exe	77
PID 2324 wrote to memory of 2692	2324	chrome.exe	77
PID 2324 wrote to memory of 2692	2324	chrome.exe	77
PID 2324 wrote to memory of 2692	2324	chrome.exe	77
PID 2324 wrote to memory of 2692	2324	chrome.exe	77
PID 2324 wrote to memory of 2692	2324	chrome.exe	77

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:9c205a94-965b-4621-b34d-2441c3f87a62
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fff89bc9758,0x7fff89bc9768,0x7fff89bc9778
  2⤵
  PID:2184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1808,i,17543670823759433834,12149153226673371643,131072 /prefetch:2
  2⤵
  PID:1128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1800 --field-trial-handle=1808,i,17543670823759433834,12149153226673371643,131072 /prefetch:8
  2⤵
  PID:4408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2100 --field-trial-handle=1808,i,17543670823759433834,12149153226673371643,131072 /prefetch:8
  2⤵
  PID:2692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2948 --field-trial-handle=1808,i,17543670823759433834,12149153226673371643,131072 /prefetch:1
  2⤵
  PID:920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2968 --field-trial-handle=1808,i,17543670823759433834,12149153226673371643,131072 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=5652 --field-trial-handle=1808,i,17543670823759433834,12149153226673371643,131072 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5700 --field-trial-handle=1808,i,17543670823759433834,12149153226673371643,131072 /prefetch:8
  2⤵
  PID:2616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5712 --field-trial-handle=1808,i,17543670823759433834,12149153226673371643,131072 /prefetch:8
  2⤵
  PID:2500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5036 --field-trial-handle=1808,i,17543670823759433834,12149153226673371643,131072 /prefetch:8
  2⤵
  PID:2632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5096 --field-trial-handle=1808,i,17543670823759433834,12149153226673371643,131072 /prefetch:8
  2⤵
  PID:2640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4704 --field-trial-handle=1808,i,17543670823759433834,12149153226673371643,131072 /prefetch:1
  2⤵
  PID:2880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=6132 --field-trial-handle=1808,i,17543670823759433834,12149153226673371643,131072 /prefetch:1
  2⤵
  PID:4248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5580 --field-trial-handle=1808,i,17543670823759433834,12149153226673371643,131072 /prefetch:1
  2⤵
  PID:1308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5652 --field-trial-handle=1808,i,17543670823759433834,12149153226673371643,131072 /prefetch:1
  2⤵
  PID:2472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4772 --field-trial-handle=1808,i,17543670823759433834,12149153226673371643,131072 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=924 --field-trial-handle=1808,i,17543670823759433834,12149153226673371643,131072 /prefetch:1
  2⤵
  PID:4804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=1660 --field-trial-handle=1808,i,17543670823759433834,12149153226673371643,131072 /prefetch:1
  2⤵
  PID:1308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6140 --field-trial-handle=1808,i,17543670823759433834,12149153226673371643,131072 /prefetch:8
  2⤵
  PID:4528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6100 --field-trial-handle=1808,i,17543670823759433834,12149153226673371643,131072 /prefetch:8
  2⤵
  PID:2096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5688 --field-trial-handle=1808,i,17543670823759433834,12149153226673371643,131072 /prefetch:1
  2⤵
  PID:2792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5544 --field-trial-handle=1808,i,17543670823759433834,12149153226673371643,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:392

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4636

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\73d86a26-2da9-4473-a8d3-4e6b974f832f.tmp

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
27KB

MD5
95bac5f3a78348803eb7241b6fd2009b

SHA1
51c16b9ccee555221f20c2b7105924b867a24c4e

SHA256
6b70bb2d208e64070d8779cf0c50055a635848c64fcb8423192eab97dd6f8af3

SHA512
16cd622ea5d091881ea8b4273322717ffccbcb7ab51d7c77a15e42656f642c44126e81af30f8709e0edb2b64cbfb409b023af9dd073b333dc008206ddaac39ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
fe46b4965d49b96248a91e5d0d365f62

SHA1
74cbe816dafbe110f330414c0b508c4f045df018

SHA256
a32f8c45840f42368dd0967fc957a71b1273b8197f2f28f94d8fbc4474338753

SHA512
f8c6ff906eb903d10844647fdb413ec2bf6add408ef96a876600852ff5dc816aa740690f03cff3bfb12186c8d753261b9d1b78cad6b8fcdabc888290f8ca4ed9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
16745531117aed2db1bdc2a6ee07b763

SHA1
619e84dccdfe416cb38d834fbfdb0c6b8db59293

SHA256
b80f1803f745e21ae05364c8558bbdc794869fd7ec879d2fe1ce4a5a5b9d2318

SHA512
34b03e72485f8cabc6548433b10b7e5bfa8590d9b882b9119705917fa2c083cd270dc5a14ea46dd268af3acb1b4535e0e31cf135a284036a092984fe725954c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
9ac0e42fc038bfe574a91dc02e3f5722

SHA1
798406b6516445c2ac229d99c3840061b62b5874

SHA256
c3416916d9c73defd3a0a1b540e556fdd4825b4eba6aed01d9d9722833f12007

SHA512
baa20504b6ad22d5cbec48d8aef630dafa846be44d8edb4723b9dbcf0b1a4e85999336ebc80e05bed5fd1999994811ab548a668e3eb0d01a681b110ed763b0a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
96B

MD5
f7aec8af562615e9e309be5f8e61441f

SHA1
d42e81d5fc25b8a0ea66f0784dea20e30e60ae59

SHA256
1a71c46884eddc1fcae5f08bb664c7ce3d9f387c44fd611d8340807fb9377bda

SHA512
7e8f1987aedbca4adba48bad9b0b3ada74cef35a6a2a29533e15e7e88e7473474d2fecc7f91484610e82b4d000a18b369cd00fe5854b4141e96702d118b3582c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_acrobat.adobe.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_acrobat.adobe.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
f80772e2b22d8c59b04703dd4e6a1394

SHA1
724345c984fe612920be8e963af9cf103e1b9b70

SHA256
5f0db2d54fc27fa260f20dcde6d88c6c5a028eb13eea8e804176ea5b97971f26

SHA512
9c13099ff1a5367308004f05ca5aaab9acb7bdf85e5d9c3e79f7d2232aa77e65f97794a0f59b696ee0fa65421b2252fa577ba97f633aa070e2762ca4255cf75c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
36f41ce255fa0486d191a9b9489cefa4

SHA1
bc84b46990440a66f8ca317c448708fcea105c7a

SHA256
461a0dbc589186e4631cf5b53754eb9fd39427caaa103ef3bd9a754a642c9121

SHA512
58b0ef9cd85881cd70e3784f3da55c52012863ca6dc784b017d968b9c76f4c3289c9b334d990c5d4b8c8fcfe666cf1eff3127bfd41d6b63acebaa873cef4a9be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
e626430ecbc694d0e213027c736388c4

SHA1
a47a9b9b592cd2c44d4902de8a8521376d26e0d3

SHA256
d0b5c60552f346c266ee5621bc161f5f6221ad1a35b16c6ffe2e724a354c625f

SHA512
1e4b5b66dc9c68ae8dfdcd81a8ba899e2cf5c011b22822c46b82c3480b3232fd5402de50bd0151167ee152b8548a72ec524681589145d5af4ea4bdb16722e419

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
83c11474404ff5395d73f8948213553a

SHA1
bd88c08297f8aeb4e42833e9162af5524ae99e24

SHA256
1b44498fa316fc9d38873d8a17b5a43d105961fb6afc25e3f111413ecd749e80

SHA512
116511fa4d84ac204eb13d642883d03eb19806d013d8960117758813bc569174df4ea742287358dde9af28e27a7fb3194710f3b0c6f6f094267410adbc1a2393

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
2e2b3611b3316f6eb93bcd719aa08d34

SHA1
73ab8d03670051d81c4a7d91333a0ba95fb0d4fd

SHA256
8886b51683bd18ca23296a1d68917943b8ea1a4a6cf198d393d13cbf8f948646

SHA512
db60ad3a6d9f1c5d40d25e7edac990ec997a08846a35659b1feab13e3ee1fcd45d10d914fcabc5c4a3e5f4601ea693e8458beb3169d7c4af0f80f6393cf6d6dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
1a5df807a870e4a540f59e8a1cf25bdc

SHA1
1c40e8e2513fee8dd6624065f6f63641be059692

SHA256
8170382a8bed9779ce8af8f1b746ea6fdbc743fe6c6a4e9a57dacc7fbea5afcc

SHA512
850a37919330adcc0df09d74d116760fc81c9403c915dbb1114b46a14682419fee0d8296961dc494d94eaac3aa758e72d6271d239fbe73a953a78960de73f193

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
7e39ff4ba0a0ff9045d4e1834fed30d2

SHA1
88128353d37bb2cf074a274bc79e5ad185d3fc59

SHA256
d623cbe600dce77d8cf2afe95f693306815879c52daef02ae6676dbaef71fa85

SHA512
86061a94bc2956ba66ea2ef2a206c26c2db75d643014095e7aceba5500391b4e96f315505bb6eec734112cef25c2ee7520f67eeacc0e511da17e322815e300b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\e33d9bdd-2f63-4a69-a83c-0143c8a175e4.tmp

Filesize
3KB

MD5
cf47ef006ba365b69939f3a9390c1e0b

SHA1
2de896547b6d410c5c50c1ce12d3100a59becb38

SHA256
bee2d3b11a4c71804aa9877457ed631633a6c301e502bd2e679e201eff9f226b

SHA512
d7f73e61ab225cb100931fda124a5c8f20a0263c4b0ca10c79e92048a8b9bd77b1698fa5fd99809cdfc7a07500347b915198363593b2c97e26f0cd434f937e24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e2c9760f8cb2b16d904fda1b50077f27

SHA1
a47f9cc2892bee87a37abf1a4abedd0eb13f2df7

SHA256
24b5de5bc674272834f033aa7850a1d2c5c68cf47e3426575358344a5da5167a

SHA512
63cd36d1e6ff9f4e5544bbd4c78215732ed5223af8a771849f97d63ae5887351ca1312251a009687c58d0d0c7f7c44f75929ab3c265b10b0852af0ef19de4b12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7e11520ee244d999354b1ab6a6528e46

SHA1
daf28534dc1300044f5b0981d8966d99a39fdf4b

SHA256
66ac7d61d5ee3af30011d2d29b37eeb5e8299e4e601a6eb2b625309405ac2bb4

SHA512
523b54e11160918c8ab202f2cc942204bbf990aa0ef96c7051969c566710c832b4c848b945f809e122abe6225ee064d9f7c050012ec13aee178ecc0cc50a8191

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
8aa2528e679161672a33bcadb47f26a6

SHA1
0fbd606aac953c33884108500ed1a310aca49616

SHA256
3d81a7f79d5a3c51d23fab0983d3c869bd9b51c219b35e37681d400e9df107f4

SHA512
d9f9b6540d1000f1d6a423e0e9136747ca5169632bbde1b193970b6f974b90734601e72d48374d7017083eab236ee7f16c30ba98e09001459695d4e93036b1e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
ba8c88a5e68c621aa17e55671985e4b6

SHA1
f7bcf5e2aee13a2c86ebdbec198aa1de4e85a6d1

SHA256
4a1b05eb9c691278209a76d517ae9dbe1d9acc60fb9672e4cb08b9794235594a

SHA512
e3bc7da4f1dcb6bb08cc91747046846d42942ef3145fc22388e6ae6e222c79c1ff7d3fed0251d7b840489fd4bb16c181c2207e01a6c31aade3fd4eafc49f6744

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4ac59591059ec66e1883ce61b97cc0fb

SHA1
f67a9298d906bc9dc0e653d1b9b3790715b6174a

SHA256
33cc0e6b256307062969214b5ab30dd779a9d6887b0c60a3dc78184036426caf

SHA512
37713db7d21da02f931896d8b23dff23c8564cfda54ee363a16e39449677634652c13ff9360f497cd9b0433c5d081e8edac1f03668192850ce80bbd8ed2c9d40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\7b539bde8ca0807396a791d6ee4db1189d0e5380\fc16201f-de2e-4d81-b63f-5d200db3700c\index-dir\the-real-index

Filesize
72B

MD5
4656a9362dc6f77689e841f38c4724e8

SHA1
9afa5637b252e38a2e1b9fb8a9d4fcb7daf93d3a

SHA256
6616037b6574e77b3aa7a0d57e3153d8e7f4d20ce4fa3c0bc605c994cfea1a17

SHA512
0649e67bd6109df0b3061ec704a3055f02fb10215b904a0d759b5063d7a52faaaa8c0380928c7e9d3c3b0663d03c374ec95024700c7fc11406cafe5bb2eda9c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\7b539bde8ca0807396a791d6ee4db1189d0e5380\fc16201f-de2e-4d81-b63f-5d200db3700c\index-dir\the-real-index~RFe57cd52.TMP

Filesize
48B

MD5
825332e7504dfebc3ce04d0a11a61316

SHA1
c15be041f297a7e91abd38489b05819363e6bb9e

SHA256
f040f8481915643579e78189667a59b589a67eb053f8c0315be6cd9dccc970cb

SHA512
72d455a7b49b5fc7915be72937e43a72eb3dcda43b7389a94277b4147f8f0e8fa7b9f5864ca82be17d8591fb391fd41a01f3d371b09df764947f1da1a7496302

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\7b539bde8ca0807396a791d6ee4db1189d0e5380\index.txt

Filesize
155B

MD5
36d02c88d6c4dd32ac29e1685f1482dd

SHA1
8a454c05ce8d2ee8c33d6220dab45ef9f5ab6a1f

SHA256
a54bb97f82a6f8adcb3cdd6367cc9492806df4db65306f9265ab0319c9768c95

SHA512
db7d937510aaa6149a7515bf0fe6f8c300d48c93eabe1255e22ea694b789524c59d40c0857d15971373e91f15228991cd2b0963458f3fab504af528f217e284d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\7b539bde8ca0807396a791d6ee4db1189d0e5380\index.txt~RFe57cd91.TMP

Filesize
161B

MD5
964551309ce1405082288bb606a89250

SHA1
f5f7f843e22df65974035360f8fd0f03cd0d9733

SHA256
ed74e9b33562e1cc191141985612c4ec27112b060db6701be2c8dc12198641b1

SHA512
a334ed282404fd7fe2c6a1226887217d35573f4a3c5a9760a331885ce14a45850dfd30fd196f236eeabb49999ea2cdf443dd37292fbd1b05a21c86df3e778157

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
b3eefe4a17cf36161075679c386eba12

SHA1
a94329ec5d129d72ba83d1885766ff98b3370197

SHA256
64abb40e41e51c6293b22a1b54f0f188e66c096a51dc3446c69229bdf34731c2

SHA512
d80a6f20cadc6d366eee1b72c98f8541ed0713c1b963f4a2a1a09f31574a200e44c7834b229ef4719d39f6b07f810a660781524ac4517c1b04a975e9bb5176b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57cd14.TMP

Filesize
48B

MD5
45b9082b4df2ff859140656d7b5b4c41

SHA1
535bd1b9b42601f3c0962489585e5ca3c5827d45

SHA256
08b824edebc52d2db854c1fcd2425f8a824b5ebd17dd0642c82ba5f195782df3

SHA512
3317140454abe055ff83c6c862b5f2f81cd61cdf03c9df1720e12a7b9da9ca0193632b8c126b42becce63f49749d4199e3c98cd23113ae055b4ac0059b7069d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\fcfafe35-e4e2-4024-a2de-939a99bca6e7.tmp

Filesize
7KB

MD5
495fc88d035930c377eba790f30144b8

SHA1
f771d7f5280648fbed41c87dc219a5fcbdf27a7f

SHA256
5db967aeb1afa7043e75cae92463da088cde9e08535d7b30619f0ce6be9bedb2

SHA512
0ca38b54345a1c9e3680e67c0c6d0e1021410e8f48cd2776c6909043690340159883722b10fcadeb8c52dff2843617b23a8ec6a95e9ae42a27eabde87a1c104b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
1d8b0daef4ec5ced61e42a5451ec4815

SHA1
94930c756ab4839f3587181cd36fa02908050ffe

SHA256
0aa578cbf48dd15b4da4e7476c866c42c1d3f1305db210c1db5a524fc09c60de

SHA512
0a5a16fb0f278700fa563b84ba6f607c31bac8ee6dd05577238b6fd46cb4d2951bae3555bccdc1d2dc8ec8b0a39e01f92d16b637decbfe9a5713e06acbe74435

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
c83c85546526aa435046d0017c722dcb

SHA1
f64579bd784e41d40cf9599a10b42aa279b790b1

SHA256
dcb5277d0dd2ba13c20ca42731d30ce3113c2157aae59e5c15751e08cfe7378a

SHA512
3d17e4b649721df36f21dea4fb97e3fe5764dc5d04dd9da909bade40b84bc6ea88d8d0a1f4f8eada7ecff391730eab45c575a20a78914bb94234d00fe8547d4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
16f07ed62c9d56b1cfe5e22a606176a6

SHA1
82f8c70c12d9a5471167fa51485517283906a2cc

SHA256
4b15943bae25b2ab1eead64762062a5d4e1b5ffaf877670570edc548d1662c2d

SHA512
4a432605287209b952a7c2df61e89fe41a885fbb7cfa38b42126af1677e287e61b2699d3929f01bb7cf2f560058833ad97b60b2885de4b5c08dcebed3da3fa3e

Download Submit