hxxp://mail[.]pfl[.]fyi

Analysis

max time kernel
138s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
17/04/2024, 05:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://mail.pfl.fyi

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133578043069610820"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1564	chrome.exe
1564	chrome.exe
3672	chrome.exe
3672	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe
Token: SeShutdownPrivilege	1564	chrome.exe
Token: SeCreatePagefilePrivilege	1564	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe
1564	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1564 wrote to memory of 3100	1564	chrome.exe	84
PID 1564 wrote to memory of 3100	1564	chrome.exe	84
PID 1564 wrote to memory of 636	1564	chrome.exe	85
PID 1564 wrote to memory of 636	1564	chrome.exe	85
PID 1564 wrote to memory of 636	1564	chrome.exe	85
PID 1564 wrote to memory of 636	1564	chrome.exe	85
PID 1564 wrote to memory of 636	1564	chrome.exe	85
PID 1564 wrote to memory of 636	1564	chrome.exe	85
PID 1564 wrote to memory of 636	1564	chrome.exe	85
PID 1564 wrote to memory of 636	1564	chrome.exe	85
PID 1564 wrote to memory of 636	1564	chrome.exe	85
PID 1564 wrote to memory of 636	1564	chrome.exe	85
PID 1564 wrote to memory of 636	1564	chrome.exe	85
PID 1564 wrote to memory of 636	1564	chrome.exe	85
PID 1564 wrote to memory of 636	1564	chrome.exe	85
PID 1564 wrote to memory of 636	1564	chrome.exe	85
PID 1564 wrote to memory of 636	1564	chrome.exe	85
PID 1564 wrote to memory of 636	1564	chrome.exe	85
PID 1564 wrote to memory of 636	1564	chrome.exe	85
PID 1564 wrote to memory of 636	1564	chrome.exe	85
PID 1564 wrote to memory of 636	1564	chrome.exe	85
PID 1564 wrote to memory of 636	1564	chrome.exe	85
PID 1564 wrote to memory of 636	1564	chrome.exe	85
PID 1564 wrote to memory of 636	1564	chrome.exe	85
PID 1564 wrote to memory of 636	1564	chrome.exe	85
PID 1564 wrote to memory of 636	1564	chrome.exe	85
PID 1564 wrote to memory of 636	1564	chrome.exe	85
PID 1564 wrote to memory of 636	1564	chrome.exe	85
PID 1564 wrote to memory of 636	1564	chrome.exe	85
PID 1564 wrote to memory of 636	1564	chrome.exe	85
PID 1564 wrote to memory of 636	1564	chrome.exe	85
PID 1564 wrote to memory of 636	1564	chrome.exe	85
PID 1564 wrote to memory of 636	1564	chrome.exe	85
PID 1564 wrote to memory of 1216	1564	chrome.exe	86
PID 1564 wrote to memory of 1216	1564	chrome.exe	86
PID 1564 wrote to memory of 116	1564	chrome.exe	87
PID 1564 wrote to memory of 116	1564	chrome.exe	87
PID 1564 wrote to memory of 116	1564	chrome.exe	87
PID 1564 wrote to memory of 116	1564	chrome.exe	87
PID 1564 wrote to memory of 116	1564	chrome.exe	87
PID 1564 wrote to memory of 116	1564	chrome.exe	87
PID 1564 wrote to memory of 116	1564	chrome.exe	87
PID 1564 wrote to memory of 116	1564	chrome.exe	87
PID 1564 wrote to memory of 116	1564	chrome.exe	87
PID 1564 wrote to memory of 116	1564	chrome.exe	87
PID 1564 wrote to memory of 116	1564	chrome.exe	87
PID 1564 wrote to memory of 116	1564	chrome.exe	87
PID 1564 wrote to memory of 116	1564	chrome.exe	87
PID 1564 wrote to memory of 116	1564	chrome.exe	87
PID 1564 wrote to memory of 116	1564	chrome.exe	87
PID 1564 wrote to memory of 116	1564	chrome.exe	87
PID 1564 wrote to memory of 116	1564	chrome.exe	87
PID 1564 wrote to memory of 116	1564	chrome.exe	87
PID 1564 wrote to memory of 116	1564	chrome.exe	87
PID 1564 wrote to memory of 116	1564	chrome.exe	87
PID 1564 wrote to memory of 116	1564	chrome.exe	87
PID 1564 wrote to memory of 116	1564	chrome.exe	87
PID 1564 wrote to memory of 116	1564	chrome.exe	87
PID 1564 wrote to memory of 116	1564	chrome.exe	87
PID 1564 wrote to memory of 116	1564	chrome.exe	87
PID 1564 wrote to memory of 116	1564	chrome.exe	87
PID 1564 wrote to memory of 116	1564	chrome.exe	87
PID 1564 wrote to memory of 116	1564	chrome.exe	87
PID 1564 wrote to memory of 116	1564	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://mail.pfl.fyi
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd4093ab58,0x7ffd4093ab68,0x7ffd4093ab78
  2⤵
  PID:3100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1660 --field-trial-handle=1636,i,6358578898536382455,1643917717753899736,131072 /prefetch:2
  2⤵
  PID:636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1636,i,6358578898536382455,1643917717753899736,131072 /prefetch:8
  2⤵
  PID:1216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2116 --field-trial-handle=1636,i,6358578898536382455,1643917717753899736,131072 /prefetch:8
  2⤵
  PID:116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2896 --field-trial-handle=1636,i,6358578898536382455,1643917717753899736,131072 /prefetch:1
  2⤵
  PID:3384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2760 --field-trial-handle=1636,i,6358578898536382455,1643917717753899736,131072 /prefetch:1
  2⤵
  PID:2296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4172 --field-trial-handle=1636,i,6358578898536382455,1643917717753899736,131072 /prefetch:1
  2⤵
  PID:1276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3156 --field-trial-handle=1636,i,6358578898536382455,1643917717753899736,131072 /prefetch:8
  2⤵
  PID:988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4484 --field-trial-handle=1636,i,6358578898536382455,1643917717753899736,131072 /prefetch:8
  2⤵
  PID:4004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4040 --field-trial-handle=1636,i,6358578898536382455,1643917717753899736,131072 /prefetch:1
  2⤵
  PID:4472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4032 --field-trial-handle=1636,i,6358578898536382455,1643917717753899736,131072 /prefetch:1
  2⤵
  PID:2308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4784 --field-trial-handle=1636,i,6358578898536382455,1643917717753899736,131072 /prefetch:8
  2⤵
  PID:1864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4928 --field-trial-handle=1636,i,6358578898536382455,1643917717753899736,131072 /prefetch:8
  2⤵
  PID:3612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5000 --field-trial-handle=1636,i,6358578898536382455,1643917717753899736,131072 /prefetch:1
  2⤵
  PID:3736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4924 --field-trial-handle=1636,i,6358578898536382455,1643917717753899736,131072 /prefetch:1
  2⤵
  PID:1804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4948 --field-trial-handle=1636,i,6358578898536382455,1643917717753899736,131072 /prefetch:1
  2⤵
  PID:1136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5204 --field-trial-handle=1636,i,6358578898536382455,1643917717753899736,131072 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4044 --field-trial-handle=1636,i,6358578898536382455,1643917717753899736,131072 /prefetch:1
  2⤵
  PID:4304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4328 --field-trial-handle=1636,i,6358578898536382455,1643917717753899736,131072 /prefetch:1
  2⤵
  PID:1888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4628 --field-trial-handle=1636,i,6358578898536382455,1643917717753899736,131072 /prefetch:8
  2⤵
  PID:4600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5332 --field-trial-handle=1636,i,6358578898536382455,1643917717753899736,131072 /prefetch:8
  2⤵
  PID:4084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4300 --field-trial-handle=1636,i,6358578898536382455,1643917717753899736,131072 /prefetch:1
  2⤵
  PID:2504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1544 --field-trial-handle=1636,i,6358578898536382455,1643917717753899736,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3672

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3352

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
082df5e3227635536acde9ecf43b8419

SHA1
4812db1f39a56f408dc3bb82ddc045177249b0ba

SHA256
dd82aff53d7d7ca4acab3128e315530237150c764caec0bb54be880531bf7ff0

SHA512
9b6647b7a4d64f9142087135fdb2b7e3e5cb0942529ea066e3bd5e330625f60d5f5cc853c1503fc3bdbcfdff6a4576e83ca9c4ec2d47b7c4c56ea59e676e7644

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
78e5cc6d906f6e587c3afcf64d6b3b6f

SHA1
c6622c153851f74c8a1661a682ce3a68d5989806

SHA256
d1f3f5c87d0a8782a2154e8e74f3240a2c853e4364cb17002de4aeec644129c6

SHA512
65c87ed58d567e2d3abd311d44052982b14d902cf77550a64788d4f8cce9cade5a77b8e52bf2ec366825b325e376078006b1f9db561f91c7b0f66b5734a741bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
d9cb5bad8b32f052cf5638a4b5eab8d7

SHA1
4d90170b557e0d4e5748b9b74dbe3aa73f05d393

SHA256
657554e17d19ea3445f58152bdd1f50e8c7e961cfa67edac25c387e72f5ec180

SHA512
b7dcf74d7fa805f71ca2ac8adb23e3e45ce56d988a09150cc9f0225f8068562dd520afdb9f14f6a63fd68fb545971bf601493e26c6bd7ecaa196a866b7e57843

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
0a48fb01a386d1156769bfc242b669f2

SHA1
f492e3d99d19f300747421ea20e4d88525fe7120

SHA256
e2d4af30a71176f00dc6daede4545de71fcbd6aa1459b9d38618c94921c875a1

SHA512
61077d7f8ceb646501667be1bb24474222b31f1d0083c19dec0de9583a60ae480dc0d079d778d3a82cbaf3050e75ea6e1feee8988b939f35e07685651181f99f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
4b3c6c5a9b0963d59538bd0238a3007e

SHA1
e78379e467ca4359ed20c392a19b8b327dbd17d4

SHA256
12c56e8ccb9eb7f40062f1f2898f03eb61366cfe5ebe3de3294e5e841d7567c3

SHA512
1826c7033a1cb311f6435b3fa3bfe6cee4b75c20d01285a489201933163bed95511aacea56514962cb8e9579a052f3b1e616633fa7a92db8c1ba45281d09f96b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
ba060ada9ea53f5866efa1cdf6674dd7

SHA1
bb0f98023478d597edab6a513fa88c8d5a950bd8

SHA256
523c02e96df8cf92d32ca690950102d9159e2338e0dbf18fa10cae355337d7ca

SHA512
179f26498b69bab81d0c587e2ebed7a8e2f3a24a06f42b2cee1e78bd71d9bfc9d324d48f25337ce91368ea98b7b7df40229aec2b4122fc215af3a43b4a305cf2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
ba7ee5fbe7fa12439f5114e0e0b8e3f0

SHA1
400967a7e2a2309c01d9d257aba3413da656d8af

SHA256
4563f46b22e06105b63553bdf97ffda7c6ec0346a64dc4c7af89ce2584d6a98d

SHA512
6fa4c4d7e6ce88834d084979da46a377c5123035303d6df2bbf0de87ead97190671a9ce7208c135840c92844599e6b6db72cf80c3ec41af184e80dee30365ddd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
0e00f89cdad9eecf41df11775e48a222

SHA1
adda332c793302884b3f5b25213754d9c5790c8a

SHA256
ac20a2dc993e196b855ae39f24c06da2c50a3b629eb27f6052842d2653e81f32

SHA512
82aad32dbdfac8d39b314b990530a511e011fe39ff795d8d52a12b56d3a6b6f342164a73e72b029d4efec569efa3bb427c80b3b0435e88078ee960abf099ede3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
e9b7f2d4cfe642c7756e6dfc3c6da63e

SHA1
79f0ab46c47db80f7520187f58849cd1ced7a2e6

SHA256
1b9ecd9fb8e7d437721dcd0b2b0794bc2660e3d9d13650ea599bac8ded823b18

SHA512
59deae381797b51d8cd89fb0e0d84d71a8c1ad6cd0d52a6ad7ae71bbed8a661ed9c2e093f944a50ce37048af51c72cbbb03789f990cf2ecb75c70c640f28ea94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\c2f40bd4-0eff-4e0b-93bc-a4aaa4e272af.tmp

Filesize
7KB

MD5
43047bfdc917da55768a1f976b56dace

SHA1
0411350230592ba0cf4a9474667e98aa5805562c

SHA256
acfc27396c877f5b994957e63b732b326c0766bfdad79b51f306ef116f38e87a

SHA512
7e7c645454f343add991f6deca604dd8942c9391920e796b65df5869c82d8c1354550d5fa9d4cb16e4cd22cd4179170364c92465380969b31e4842f99745dbd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
127KB

MD5
ca89cd4dd2f6a19ae2f9af796cc87731

SHA1
5b80ea09dab373a7ba5b536ef96f63105a9350cb

SHA256
719142cf2d3e61215a76a520cdec201ae473eab74f9d36f7714caef9ffa6e9da

SHA512
1b5f11371a1e4b8126a2170dff5b4656fc32a94d5b8d4b71eadbf2f810e0f02dccf4dce74eb0c6ae8bc52ba529cc494cb844e6dc74b3f50c3c030a95aed074b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
127KB

MD5
5861b11175e6534651e03ab40c3201c8

SHA1
b63978c53bbf26bae9e30673f69f926dd884f1d1

SHA256
141431eeff4328d921e1f0a9791a19cfa53d6a4209193fa95246bc13c4a0e007

SHA512
40baaf75c67a05fe131f3cfb865da420dede08e71f0b1f39f230f1ea9800155836191a9515fba3e29caf4331975f96070c94631140e4583d03cba05d6be3df3d

Download Submit