hxxps://acrobat[.]adobe[.]com/id/urn[:]aaid[:]sc[:]VA6C2[:]1f4c6193-ae5b-416e-841e-814888afe024

Resubmissions

05-03-2024 13:04

240305-qa8qvafe2x 10

05-03-2024 12:58

240305-p7mn7sfc8y 10

Analysis

max time kernel
211s
max time network
219s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
05-03-2024 12:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:1f4c6193-ae5b-416e-841e-814888afe024

Score

10^/10

adobe phishing

Malware Config

Signatures

Detected adobe phishing page
phishing adobe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133541171189866053"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2727153400-192325109-1870347593-1000\{AADE13AF-6649-4F03-9136-11C40920FFFD}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

2576 chrome.exe
2576 chrome.exe
4400 chrome.exe
4400 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

chrome.exe

pid process

2576 chrome.exe
2576 chrome.exe
2576 chrome.exe
2576 chrome.exe
2576 chrome.exe
2576 chrome.exe
2576 chrome.exe
2576 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2576	chrome.exe
Token: SeCreatePagefilePrivilege	2576	chrome.exe
Token: SeShutdownPrivilege	2576	chrome.exe
Token: SeCreatePagefilePrivilege	2576	chrome.exe
Token: SeShutdownPrivilege	2576	chrome.exe
Token: SeCreatePagefilePrivilege	2576	chrome.exe
Token: SeShutdownPrivilege	2576	chrome.exe
Token: SeCreatePagefilePrivilege	2576	chrome.exe
Token: SeShutdownPrivilege	2576	chrome.exe
Token: SeCreatePagefilePrivilege	2576	chrome.exe
Token: SeShutdownPrivilege	2576	chrome.exe
Token: SeCreatePagefilePrivilege	2576	chrome.exe
Token: SeShutdownPrivilege	2576	chrome.exe
Token: SeCreatePagefilePrivilege	2576	chrome.exe
Token: SeShutdownPrivilege	2576	chrome.exe
Token: SeCreatePagefilePrivilege	2576	chrome.exe
Token: SeShutdownPrivilege	2576	chrome.exe
Token: SeCreatePagefilePrivilege	2576	chrome.exe
Token: SeShutdownPrivilege	2576	chrome.exe
Token: SeCreatePagefilePrivilege	2576	chrome.exe
Token: SeShutdownPrivilege	2576	chrome.exe
Token: SeCreatePagefilePrivilege	2576	chrome.exe
Token: SeShutdownPrivilege	2576	chrome.exe
Token: SeCreatePagefilePrivilege	2576	chrome.exe
Token: SeShutdownPrivilege	2576	chrome.exe
Token: SeCreatePagefilePrivilege	2576	chrome.exe
Token: SeShutdownPrivilege	2576	chrome.exe
Token: SeCreatePagefilePrivilege	2576	chrome.exe
Token: SeShutdownPrivilege	2576	chrome.exe
Token: SeCreatePagefilePrivilege	2576	chrome.exe
Token: SeShutdownPrivilege	2576	chrome.exe
Token: SeCreatePagefilePrivilege	2576	chrome.exe
Token: SeShutdownPrivilege	2576	chrome.exe
Token: SeCreatePagefilePrivilege	2576	chrome.exe
Token: SeShutdownPrivilege	2576	chrome.exe
Token: SeCreatePagefilePrivilege	2576	chrome.exe
Token: SeShutdownPrivilege	2576	chrome.exe
Token: SeCreatePagefilePrivilege	2576	chrome.exe
Token: SeShutdownPrivilege	2576	chrome.exe
Token: SeCreatePagefilePrivilege	2576	chrome.exe
Token: SeShutdownPrivilege	2576	chrome.exe
Token: SeCreatePagefilePrivilege	2576	chrome.exe
Token: SeShutdownPrivilege	2576	chrome.exe
Token: SeCreatePagefilePrivilege	2576	chrome.exe
Token: SeShutdownPrivilege	2576	chrome.exe
Token: SeCreatePagefilePrivilege	2576	chrome.exe
Token: SeShutdownPrivilege	2576	chrome.exe
Token: SeCreatePagefilePrivilege	2576	chrome.exe
Token: SeShutdownPrivilege	2576	chrome.exe
Token: SeCreatePagefilePrivilege	2576	chrome.exe
Token: SeShutdownPrivilege	2576	chrome.exe
Token: SeCreatePagefilePrivilege	2576	chrome.exe
Token: SeShutdownPrivilege	2576	chrome.exe
Token: SeCreatePagefilePrivilege	2576	chrome.exe
Token: SeShutdownPrivilege	2576	chrome.exe
Token: SeCreatePagefilePrivilege	2576	chrome.exe
Token: SeShutdownPrivilege	2576	chrome.exe
Token: SeCreatePagefilePrivilege	2576	chrome.exe
Token: SeShutdownPrivilege	2576	chrome.exe
Token: SeCreatePagefilePrivilege	2576	chrome.exe
Token: SeShutdownPrivilege	2576	chrome.exe
Token: SeCreatePagefilePrivilege	2576	chrome.exe
Token: SeShutdownPrivilege	2576	chrome.exe
Token: SeCreatePagefilePrivilege	2576	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe
2576	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2576 wrote to memory of 4216	2576	chrome.exe	chrome.exe
PID 2576 wrote to memory of 4216	2576	chrome.exe	chrome.exe
PID 2576 wrote to memory of 3888	2576	chrome.exe	chrome.exe
PID 2576 wrote to memory of 3888	2576	chrome.exe	chrome.exe
PID 2576 wrote to memory of 3888	2576	chrome.exe	chrome.exe
PID 2576 wrote to memory of 3888	2576	chrome.exe	chrome.exe
PID 2576 wrote to memory of 3888	2576	chrome.exe	chrome.exe
PID 2576 wrote to memory of 3888	2576	chrome.exe	chrome.exe
PID 2576 wrote to memory of 3888	2576	chrome.exe	chrome.exe
PID 2576 wrote to memory of 3888	2576	chrome.exe	chrome.exe
PID 2576 wrote to memory of 3888	2576	chrome.exe	chrome.exe
PID 2576 wrote to memory of 3888	2576	chrome.exe	chrome.exe
PID 2576 wrote to memory of 3888	2576	chrome.exe	chrome.exe
PID 2576 wrote to memory of 3888	2576	chrome.exe	chrome.exe
PID 2576 wrote to memory of 3888	2576	chrome.exe	chrome.exe
PID 2576 wrote to memory of 3888	2576	chrome.exe	chrome.exe
PID 2576 wrote to memory of 3888	2576	chrome.exe	chrome.exe
PID 2576 wrote to memory of 3888	2576	chrome.exe	chrome.exe
PID 2576 wrote to memory of 3888	2576	chrome.exe	chrome.exe
PID 2576 wrote to memory of 3888	2576	chrome.exe	chrome.exe
PID 2576 wrote to memory of 3888	2576	chrome.exe	chrome.exe
PID 2576 wrote to memory of 3888	2576	chrome.exe	chrome.exe
PID 2576 wrote to memory of 3888	2576	chrome.exe	chrome.exe
PID 2576 wrote to memory of 3888	2576	chrome.exe	chrome.exe
PID 2576 wrote to memory of 3888	2576	chrome.exe	chrome.exe
PID 2576 wrote to memory of 3888	2576	chrome.exe	chrome.exe
PID 2576 wrote to memory of 3888	2576	chrome.exe	chrome.exe
PID 2576 wrote to memory of 3888	2576	chrome.exe	chrome.exe
PID 2576 wrote to memory of 3888	2576	chrome.exe	chrome.exe
PID 2576 wrote to memory of 3888	2576	chrome.exe	chrome.exe
PID 2576 wrote to memory of 3888	2576	chrome.exe	chrome.exe
PID 2576 wrote to memory of 3888	2576	chrome.exe	chrome.exe
PID 2576 wrote to memory of 3888	2576	chrome.exe	chrome.exe
PID 2576 wrote to memory of 3888	2576	chrome.exe	chrome.exe
PID 2576 wrote to memory of 3888	2576	chrome.exe	chrome.exe
PID 2576 wrote to memory of 3888	2576	chrome.exe	chrome.exe
PID 2576 wrote to memory of 3888	2576	chrome.exe	chrome.exe
PID 2576 wrote to memory of 3888	2576	chrome.exe	chrome.exe
PID 2576 wrote to memory of 3888	2576	chrome.exe	chrome.exe
PID 2576 wrote to memory of 3888	2576	chrome.exe	chrome.exe
PID 2576 wrote to memory of 4276	2576	chrome.exe	chrome.exe
PID 2576 wrote to memory of 4276	2576	chrome.exe	chrome.exe
PID 2576 wrote to memory of 4588	2576	chrome.exe	chrome.exe
PID 2576 wrote to memory of 4588	2576	chrome.exe	chrome.exe
PID 2576 wrote to memory of 4588	2576	chrome.exe	chrome.exe
PID 2576 wrote to memory of 4588	2576	chrome.exe	chrome.exe
PID 2576 wrote to memory of 4588	2576	chrome.exe	chrome.exe
PID 2576 wrote to memory of 4588	2576	chrome.exe	chrome.exe
PID 2576 wrote to memory of 4588	2576	chrome.exe	chrome.exe
PID 2576 wrote to memory of 4588	2576	chrome.exe	chrome.exe
PID 2576 wrote to memory of 4588	2576	chrome.exe	chrome.exe
PID 2576 wrote to memory of 4588	2576	chrome.exe	chrome.exe
PID 2576 wrote to memory of 4588	2576	chrome.exe	chrome.exe
PID 2576 wrote to memory of 4588	2576	chrome.exe	chrome.exe
PID 2576 wrote to memory of 4588	2576	chrome.exe	chrome.exe
PID 2576 wrote to memory of 4588	2576	chrome.exe	chrome.exe
PID 2576 wrote to memory of 4588	2576	chrome.exe	chrome.exe
PID 2576 wrote to memory of 4588	2576	chrome.exe	chrome.exe
PID 2576 wrote to memory of 4588	2576	chrome.exe	chrome.exe
PID 2576 wrote to memory of 4588	2576	chrome.exe	chrome.exe
PID 2576 wrote to memory of 4588	2576	chrome.exe	chrome.exe
PID 2576 wrote to memory of 4588	2576	chrome.exe	chrome.exe
PID 2576 wrote to memory of 4588	2576	chrome.exe	chrome.exe
PID 2576 wrote to memory of 4588	2576	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:1f4c6193-ae5b-416e-841e-814888afe024
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2576

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x108,0x10c,0x110,0xd8,0xdc,0x7ffaf0919758,0x7ffaf0919768,0x7ffaf0919778
2⤵
PID:4216

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1768 --field-trial-handle=1904,i,630659101069480716,4735758690167691897,131072 /prefetch:2
2⤵
PID:3888

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1904,i,630659101069480716,4735758690167691897,131072 /prefetch:8
2⤵
PID:4276

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1904,i,630659101069480716,4735758690167691897,131072 /prefetch:8
2⤵
PID:4588

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2892 --field-trial-handle=1904,i,630659101069480716,4735758690167691897,131072 /prefetch:1
2⤵
PID:572

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2900 --field-trial-handle=1904,i,630659101069480716,4735758690167691897,131072 /prefetch:1
2⤵
PID:3180

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4960 --field-trial-handle=1904,i,630659101069480716,4735758690167691897,131072 /prefetch:8
2⤵
PID:3304

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 --field-trial-handle=1904,i,630659101069480716,4735758690167691897,131072 /prefetch:8
2⤵
PID:3164

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4876 --field-trial-handle=1904,i,630659101069480716,4735758690167691897,131072 /prefetch:1
2⤵
PID:4436

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5048 --field-trial-handle=1904,i,630659101069480716,4735758690167691897,131072 /prefetch:1
2⤵
PID:1736

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5608 --field-trial-handle=1904,i,630659101069480716,4735758690167691897,131072 /prefetch:8
2⤵
PID:1388

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5660 --field-trial-handle=1904,i,630659101069480716,4735758690167691897,131072 /prefetch:1
2⤵
PID:324

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5876 --field-trial-handle=1904,i,630659101069480716,4735758690167691897,131072 /prefetch:8
2⤵
PID:3440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5888 --field-trial-handle=1904,i,630659101069480716,4735758690167691897,131072 /prefetch:8
2⤵
- Modifies registry class
PID:1372

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=6028 --field-trial-handle=1904,i,630659101069480716,4735758690167691897,131072 /prefetch:1
2⤵
PID:3180

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4852 --field-trial-handle=1904,i,630659101069480716,4735758690167691897,131072 /prefetch:1
2⤵
PID:4024

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2208 --field-trial-handle=1904,i,630659101069480716,4735758690167691897,131072 /prefetch:1
2⤵
PID:3200

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6132 --field-trial-handle=1904,i,630659101069480716,4735758690167691897,131072 /prefetch:8
2⤵
PID:1348

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3156 --field-trial-handle=1904,i,630659101069480716,4735758690167691897,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4400

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4532

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
19e5d600734931db3f23155200864b2b

SHA1
15a202786fbdb5bd1d4df58c9250f132867dbc9a

SHA256
704399bec9278f73b49a04ddae4c470f20c7bc6b3f48b878e7f9668cbabc8110

SHA512
fc25025d7720c6c18cc75a45290c5e9c0139a29a4fcd7700c308a8d3f090a186fcb110ef73dbf1cb65fb5bddf77108310d88bd68519998475716941f16069238

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
f84cae987cfee0749bac155d03a4ad6c

SHA1
73ed845e69ce62c4dad5073005b3db061de76317

SHA256
273ce1d6868e83e6e058a1d0cda12f19c2607cc6943fbb16fd4296788f136a33

SHA512
b5b8555e4e3c3487da28caf28dbade2a921dfd6893c3913e53ae573dc5b1f8c2d82dfba80dc6ec3971d23a8017e3910d2a8effea427aec61819420e0ea6e3963

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
6b40d6508819153185fdb366b5312392

SHA1
02bdbbacd362d0b55749a339b5b8850abe30363e

SHA256
3953649d18f59011baad194aa0fb34178a4b71364f1405e816c3d9e6f475b04c

SHA512
d4d01f49fe72f2d3c8d3d11434f72b08bb6e58dccd3d91082fd8f5f3ce7471d30a009d4638a54650c58ecaa80058f1ed72ac2286842760322125af67237e5f20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
e57f7ca8af2f8a318b3ca5e5627d96b6

SHA1
0e2ee85065119ee104326cbbe1968e11180d6aac

SHA256
1b6b12ee04e8270b5bc44cf9da6e9f3cc65148c2ab33c1a577b3e1273718b758

SHA512
f10f7b80b45bee47dbde004e3d4fb9cfe286c82bf8ab6b1c1c68c3f803cd76b7d6286addb0fa471a46bb318d7522c113c84e86bae79cd38b25cf7e34b2c9f1f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
c01b345af9a963c8a0dc2ae51226971a

SHA1
16a78c23be22e6da2c3bcefffc36a142ecf83360

SHA256
3d6b2726b522d5d6404f41666c7a8758c0e90d12ea85ab9cf52d3c5f5c6c4156

SHA512
ba6e42b8023fe7e91f7cc52069e267aa62e24e7b5217f1a38d7980eefec0845a85a8ce58eee89df42ed2b6aaad7433c3eac9682230095ffe36dcc6c7d133b150

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
d5956b6ad26758edf2c2a6b4dba59dcb

SHA1
53d148952d3e9d7b89e3a6ceb2d075b329d5441c

SHA256
a6ed216c8ff1b554bbc999e665719f0639ff80bb719d3c45eccdb75bcbfa7d77

SHA512
817b354fafc9bcd583208247ad1172868c7f776c6acb7e16997663e30233b30bcae3f84c9d5ba8c7d6d6d916d499ec25c2da15c8d10fdd9b85ba0e86d0fe2950

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
84b30c4fb2f1ef399454dbd8697367b3

SHA1
a2f8e9870da8386265095563131e400f54894ee2

SHA256
2e05fec096fc960139158f0cd7dbc31ca7b7571f541c005bf534e3b3d684b2d2

SHA512
8acb7ef7bd13932aaf7b0b73822d9d3ae2686e62410fd607b689860454b1a8e940ace224bd2f4f5ea34421cb60019d3f36e2d8e53591adaf8d2d47f329a89b6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
4484cf57cd558142f8cd68e7594241fe

SHA1
80996404060791618f61a27ff33da5c3238a2cc5

SHA256
384fc92bf3e0ddfda37f5cb60c38b0c98cc5eb82569978320625e9c21395fa2b

SHA512
1e65cf5dcc30468e2ab400b164457ab96c8e53d7503667cb4865364505b2ef2d625e8be7da4c094d6c8a8e0971222e492c3868b27e07e93a9eb55501dcfe86ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
f7e972bc2d295df7c4c60f212555ab55

SHA1
926b37af8362d873d4d696ea9bd3f5abb0bd9103

SHA256
51b65f80aa5a0478630fc0f6f3f3ded14e5ec8443838b610b782719c28fac573

SHA512
0c1c73498d10d13d12b61e1a8db1f44159a1ba3702598ef29b8040f2a16062f016d59c146cd4b9491f5db4f13638e80ad7db365183c270b1cadee4fc555974c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
e9313d87156509e43267ffc7708b2ba0

SHA1
fe13206d6d65f7c8d4901034b444b30d50dc755f

SHA256
bead778454f98edbc078250212a9d33502b9c55b28102bfd32836964a0207ba4

SHA512
44e0993bd284a04c5f01fe23209c9eeb2c0ed7848b6b2b4ef4ef77b635b9ecb5e29b4865a380e4abff1e1501cb9e270f4d8ad28e2665678a4044910d2071a11f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
bbcf56e865ff173f8b0482edb15e7742

SHA1
1b8a40ca34526614077c11cfb3e5e7d71ccd73c1

SHA256
a58e626fb3c369c89307965ed7e0ed77a9d6a00e48d2d7189c5566e5737b4c4e

SHA512
11e91adab39b917481b58593b98e67614d7816f1a03a3fda2c8d785328bb198557e9330bc7d4d78dc214444620052d2ac3860a85aa2e0066dc3448e182e8db0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
80e9c6937e5349e283361eb5137021a3

SHA1
6f5636c0e70d55badbf060347e4b7849f0982825

SHA256
348606d60f4e4c71f588dda2ad0f39b62c2c3bcf923314f5292d96170a0eb714

SHA512
61d5eb64b2d27f1b213b1d8f8ae0e30452d2c0ceb074a5326f1214d9e7dcfd1e3a002add1e66a1b4b038e372a52a6ffca5f231a02c9ab5545b084c4efb5bea8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
1414ec6faaa02e17467c3bea85dbd43a

SHA1
14b5c318f7c6e3b9acdc5faebd1a150caa72a28b

SHA256
1e51581ea8f67463b518b2b3b6baa9cf8be15f22bd7740868bffa495eb27decd

SHA512
8c5d178279f3af2ecf32a4e5489d36d216de1b40d4b71bb9a5378482a95bc5299553be9e18d83ce524ab60af4ce62f847fe9ea59cf7b553fde24ff6764a8e509

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
452b6cf2fbbb3416dbb84689dd554e7e

SHA1
59f36b81c60084b37380b239d50c2c116b1228ce

SHA256
1a9c835519f43929f5b2ad7dcaa5f5628d020598045f649b11d5a25e76cded6e

SHA512
5163da6f5211544958098a5925c373e26f15aaa6220139c172b44c9612a4aaea7e8d069673da832735eab1283594456dfb996a6afaf22e37a6f094f68aa1b13e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
9279701300922aff473aef0e82a9a949

SHA1
35a3aee5e6d166f0a621726a87185b0eb98c2e3f

SHA256
88da671f5a86c75ab08a0be822852c2788ac89f51628008a22342739cc583e8e

SHA512
9e2370af71e55f5b8cf35c69544004881df7991ef23d3e6478c7235d35448c2e7246f04d5fa851412094b31ff23918911039406a175e7ab8af7b3f51eca0a7c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
8dc0e6d861d1e44c658d0413d181a659

SHA1
e6d487e482708cf08785d7ecd73abbfee31b3964

SHA256
9a1c2ac658b1ec9d5928b6ce8b71f168f5839cbeb32a990e267d5fad717a6dc8

SHA512
524ce4779cf45bf831a36f1e915dd4b2e8fdf259a2924991e605932b835e65156681f1f90db3eca7ea0fe05c48793faaafb4f54e3660b76b8512c7d09a044c94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
fb7d4cf9297d20e63109f7bf30555f1c

SHA1
03206baa6ea8fc63c600e50aba6a69f781a17ac8

SHA256
14d17d0c1b2acee9ab9cf50b76e9b95b2a05cea60ea35bcb279920c3ef23f2cd

SHA512
51c002b341f7275574cd6537444fea87fe7aa8fb3bf9a26d043c03606fdd40b76e36b83670512798633f14a98edfb288cd6fb2dc36f6770d9fb9d63dd776aec5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
30b24abed94b10ae3279472d015f74c4

SHA1
16b5f3c07cfa58304f6fb559063efd436ae169b1

SHA256
294b0c6200ad7c34769061cc856993eff8a1b3f2b2b50d01158e6409345042b1

SHA512
f6d9d79eb4fbc3f90d385ec1d2d0a679fa528191af2b0a9d741fd2a1c5382787b524258a82c584fd140d3916dbb8917d716eba60e80ab027e34b5fd2c0d70a68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
b8c2e63f5dfb7ec823dbb38d9a5e08a4

SHA1
07a2de6d136b20ecd7dbd7a89071ed5ba155e92f

SHA256
9a701ee9dded5a4e0a9375cfc96b7394d4b16af7511f88a6a9cb4d8c9a140d9c

SHA512
d60998521ce569d078ba53c8799921589d39d38ffc1a82b57ded5f6fca0eae0a34f46ec6a857b89072a37b863db1076187150be5f5064c5353a657f1800d4c8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
37510d7414c1fbe42177397ee2eb1a1e

SHA1
518c23c807195f1d035d41af85e30b89b29655a3

SHA256
2079ff5fc2e87ffdd1672f002e5d7637e415fcf7b2a4f2a68ae572ca1368c381

SHA512
b51863f361b78d04ea50f8204e05f2cd9d9867fba6b51284dc44098a0f775e474dbae803f9c714a7adb229e0782b5da00c624ba473a82e48fab6937b48a65b8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
f51a76c5730ec2b6103c8fac9f49ccc6

SHA1
aac20fc367b44a88dd75cc28349d44fe808a2a93

SHA256
792423b4f085188cea62cebfe97becccd1e4f5894eb85f2d2bd321b970b6bb01

SHA512
0b8113ba4963a4d8ee7f9736c0d2835830146b04218e00185a6330a50fa6228d981121bc80d01597c81561d154b5c5f955d3886a64144742542f34b7dc41627a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
128KB

MD5
f38c5a8924f0f12829c5c984323b3b99

SHA1
27c22f5e263b4df04a477fe60723248afaf0ce81

SHA256
dbe64b0ff160bb41c50672ffe602a3cf50dfaf5af876b20dbc5353d1910180bd

SHA512
329c5dc3ec527a98e1624a927c1080171db06105219f20f3bf836dabe2fc609d21dfa55a6df711064c4a2e80202fb62714ee68c50bdec0528ee344d9e2c52edc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
98KB

MD5
5a126c54d4c97ac7bd9ff6060005746a

SHA1
eae2cded43940cc9d4784f6d79bd25cd43578224

SHA256
16a4a42e8741d25444b5687c605efb5f7585b468e8a7b19687e77e5b1ed27717

SHA512
183e8ecd4098a494f544ca2a64407062ab6a8c058a382d48c694117527991a9348c2bdda3836a8192f47e32fa114eee7a3b1f971ff80c62812ad79ebb740d048

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
99KB

MD5
38b14e7ec66f0b78424a974123ad4139

SHA1
1b0bef1c4b702bc817552ffdb973ad4a1e3fc783

SHA256
5dddf34149830e8a455db0776bf5de5aae6525f5b549080cdbdacd7c6784c7a5

SHA512
29b4eac318127bcf579d0e8485b4e454b28656cbdbe642beecc7bda1b517e6736ef9f85eaea5aa9771ea5d36a44abcf50f7347550f0f740ee784b6f37838b3b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe582a38.TMP
Filesize
96KB

MD5
2bc347c48594d8c6b9bd2678cc37eb2c

SHA1
4b6bcd19b5413813e9b8b385f705bfd2d0524d55

SHA256
5fdecb57e900cefa303d7793e24dee4e214a9c0e96a71ec88237ea125ca34a46

SHA512
368c07e3c584003b86c542ab67fdc5158787877969b08f09469d37d2290c0af1c14bbc352dd78a9420a9b57256f13e8e0bb88dbd36d39d5e55fb8bae8f13c3d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\crashpad_2576_GAHMUWFABFIILCZY
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit