hxxps://postoffice[.]adobe[.]com/po-server/link/redirect?target=eyJhbGciOiJIUzUxMiJ9[.]eyJ0ZW1wbGF0ZSI6ImNjX2NvbGxhYl9kY3NoYXJpbmdfdmlld19lbWFpbCIsImVtYWlsQWRkcmVzcyI6InJvZG5leS50b3dubnNlbmRAZ21haWwuY29tIiwicmVxdWVzdElkIjoiNjhiNjQ1ZDYtYzRhYi00ZWUyLTcyNzMtMTYyY2NkYWY4Yzk4IiwibGluayI6Imh0dHBzOi8vYWNyb2JhdC5hZG9iZS5jb20vaWQvdXJuOmFhaWQ6c2M6VkE2QzI6NzBlMjdjMzktYzE1Ni00MjkxLWE3ZTMtNTExMjQ5NjFiYWExIiwibGFiZWwiOiIxMCIsImxvY2FsZSI6ImVuX1VTIn0[.]gYux9D0q6EaVmO59ms-GeeRhe541OC6360AXu1FZOyZNpe9QG41EZb7-GGlSmxwtkh2QQpuUiJvJBYU-SzMEfw

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
19-03-2024 08:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://postoffice.adobe.com/po-server/link/redirect?target=eyJhbGciOiJIUzUxMiJ9.eyJ0ZW1wbGF0ZSI6ImNjX2NvbGxhYl9kY3NoYXJpbmdfdmlld19lbWFpbCIsImVtYWlsQWRkcmVzcyI6InJvZG5leS50b3dubnNlbmRAZ21haWwuY29tIiwicmVxdWVzdElkIjoiNjhiNjQ1ZDYtYzRhYi00ZWUyLTcyNzMtMTYyY2NkYWY4Yzk4IiwibGluayI6Imh0dHBzOi8vYWNyb2JhdC5hZG9iZS5jb20vaWQvdXJuOmFhaWQ6c2M6VkE2QzI6NzBlMjdjMzktYzE1Ni00MjkxLWE3ZTMtNTExMjQ5NjFiYWExIiwibGFiZWwiOiIxMCIsImxvY2FsZSI6ImVuX1VTIn0.gYux9D0q6EaVmO59ms-GeeRhe541OC6360AXu1FZOyZNpe9QG41EZb7-GGlSmxwtkh2QQpuUiJvJBYU-SzMEfw

Score

10^/10

adobe phishing

Malware Config

Signatures

Detected adobe phishing page
phishing adobe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133553100162122381"	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-566096764-1992588923-1249862864-1000\{09F7C732-A339-46A2-AA6C-814A1D37121F}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

4020 chrome.exe
4020 chrome.exe
396 chrome.exe
396 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

Processes:

chrome.exe

pid process

4020 chrome.exe
4020 chrome.exe
4020 chrome.exe
4020 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4020 wrote to memory of 3244	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 3244	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 2608	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 2608	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 2608	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 2608	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 2608	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 2608	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 2608	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 2608	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 2608	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 2608	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 2608	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 2608	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 2608	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 2608	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 2608	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 2608	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 2608	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 2608	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 2608	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 2608	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 2608	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 2608	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 2608	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 2608	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 2608	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 2608	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 2608	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 2608	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 2608	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 2608	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 2608	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 2608	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 2608	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 2608	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 2608	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 2608	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 2608	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 2608	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 3456	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 3456	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 2564	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 2564	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 2564	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 2564	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 2564	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 2564	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 2564	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 2564	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 2564	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 2564	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 2564	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 2564	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 2564	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 2564	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 2564	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 2564	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 2564	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 2564	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 2564	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 2564	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 2564	4020	chrome.exe	chrome.exe
PID 4020 wrote to memory of 2564	4020	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://postoffice.adobe.com/po-server/link/redirect?target=eyJhbGciOiJIUzUxMiJ9.eyJ0ZW1wbGF0ZSI6ImNjX2NvbGxhYl9kY3NoYXJpbmdfdmlld19lbWFpbCIsImVtYWlsQWRkcmVzcyI6InJvZG5leS50b3dubnNlbmRAZ21haWwuY29tIiwicmVxdWVzdElkIjoiNjhiNjQ1ZDYtYzRhYi00ZWUyLTcyNzMtMTYyY2NkYWY4Yzk4IiwibGluayI6Imh0dHBzOi8vYWNyb2JhdC5hZG9iZS5jb20vaWQvdXJuOmFhaWQ6c2M6VkE2QzI6NzBlMjdjMzktYzE1Ni00MjkxLWE3ZTMtNTExMjQ5NjFiYWExIiwibGFiZWwiOiIxMCIsImxvY2FsZSI6ImVuX1VTIn0.gYux9D0q6EaVmO59ms-GeeRhe541OC6360AXu1FZOyZNpe9QG41EZb7-GGlSmxwtkh2QQpuUiJvJBYU-SzMEfw
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4020

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xb4,0x108,0x7ff9dc2c9758,0x7ff9dc2c9768,0x7ff9dc2c9778
2⤵
PID:3244

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1744 --field-trial-handle=1916,i,6569201533618582522,3091306355054666415,131072 /prefetch:2
2⤵
PID:2608

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1916,i,6569201533618582522,3091306355054666415,131072 /prefetch:8
2⤵
PID:3456

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1916,i,6569201533618582522,3091306355054666415,131072 /prefetch:8
2⤵
PID:2564

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3044 --field-trial-handle=1916,i,6569201533618582522,3091306355054666415,131072 /prefetch:1
2⤵
PID:780

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3052 --field-trial-handle=1916,i,6569201533618582522,3091306355054666415,131072 /prefetch:1
2⤵
PID:996

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4804 --field-trial-handle=1916,i,6569201533618582522,3091306355054666415,131072 /prefetch:1
2⤵
PID:4320

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4684 --field-trial-handle=1916,i,6569201533618582522,3091306355054666415,131072 /prefetch:8
2⤵
PID:3572

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3380 --field-trial-handle=1916,i,6569201533618582522,3091306355054666415,131072 /prefetch:8
2⤵
PID:440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5264 --field-trial-handle=1916,i,6569201533618582522,3091306355054666415,131072 /prefetch:1
2⤵
PID:1768

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5420 --field-trial-handle=1916,i,6569201533618582522,3091306355054666415,131072 /prefetch:8
2⤵
PID:212

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 --field-trial-handle=1916,i,6569201533618582522,3091306355054666415,131072 /prefetch:8
2⤵
- Modifies registry class
PID:1524

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3936 --field-trial-handle=1916,i,6569201533618582522,3091306355054666415,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:396

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2228

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
768B

MD5
094aab7612d047c27f211a209341a0c6

SHA1
c123fc3eab66112299d9c0c9fde64f1ef67c52bf

SHA256
dcc5464122e5ae75a53778d3e8a96cebad34f59d46c5902ffade920a18183dec

SHA512
a549497e138e109c46d8207a482964e81f165656890a0920c313849e8b13625f0f4d93f560642d91d9e20c54ff75563413958dab06f4be9f393bf8208f77064a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
3d087ac449eb1c57867f063280cdd5b9

SHA1
2c648f4398898e6c1e71bfdbbc624beaf3891b3e

SHA256
2fb5b071a5857ed324078e0f6e9e55f3bea110cad01a17a5e950c5b7539624e2

SHA512
2e0db306d920d91dd05c323e3d90a72e365f686abf8d8e6b35930765557a2cdb280dc5d51ab7cd436bef7f5a89840800587f4f784c54732794a2536cb8d50d0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
a414452b51540aacea0f1a0f24e4874a

SHA1
8b28c14bc60602334f26f268133729915131afdb

SHA256
6822be728062194263b9e20d7a761b09f0ed354a2544f7f96a3a94d62475edc5

SHA512
21e93f5075ea68c3b391eef4e64f1c205e4578ce4dca36a5944b4066cef52068f57642e4ced87f715292518ae01a8dd1735ea464c779ba3f371aebeb4a530cd1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
70e607c54671d4bb118ddfc05ef8d231

SHA1
13197a7b9cca17c6faf92f847b7fab1c82ba9eef

SHA256
01db595bd7f458b4d89478755cd221ba23147bfbd3f9c9c3ad2dffa13132bc6a

SHA512
575c74193eea6ed831765dc30a1a3b2a4d47de6eb43e9660b49f28276fc8533b88c1fe80bdafbd37ea3158e8f571cc2e3ca31507f80aedc35065dbc32b5274e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
1f7274d9f3915009b25b225df431c3e4

SHA1
db468d137322d953ac0ac646c644fcd10477e4f5

SHA256
08c2a0c5e42fc8c2e2fd8ed28e753ba308b00d4a63581a9704690efc679d7f97

SHA512
e9a4b76f3de42e3d4b7bddd1f90809dd38efc24f1d3b488de7bb9eb616147a67f63e740fb4d735db89470156a208cd6cf58fa3f818baab3fd92257e4cce38b1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
7b3045c586536c1b7515e28271fee020

SHA1
f35eee8f9cc8d0ce766b385b805829e04ca2fd3b

SHA256
c8a5088f58ea99ecf8c1c15b765a91f4ffaa42b9b3a3bf8751881468cfa932d5

SHA512
f4167975cf2c7f0afa3d994dda1d8014ac9bc3dc41c71a5b0e40de352a509b5bbe3b2b382fb29e5ca761947820eb58c7a3c0712128430ba6962f9cf4b95ff9a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
128KB

MD5
9eca1e6c6a6b2c0442ab7a2d88d7a2ef

SHA1
21b3465ab3c0e71580b1d5b44a3e9a73a9ecd73c

SHA256
c0b4d467dd3b0239fc07372d6c4d637ff6eaf7d4a5704c9c51a1a683327932f5

SHA512
00f3b462aa993a941f99c34acc814a11b3ce695d3f8602503540984b31bdfe73228e5cbbe22dd3c5bf46b08eac77847174e9215ac18e9fbe033b789cb1ee893d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_4020_HTOOFEJECZUJYIEG
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit