hxxps://cjflrpmzcjrbdyejaldje[.]blob[.]core[.]windows[.]net/cjflrpmzcjrbdyejaldje/1[.]html?qo7UfckMaB47Gx3O2gUcqQgqQO5AKJ2DwKvFvEMNzT2DDVcS57x9dWAZFl1CQ3XFudvpltlzoGxldIFJvWOWBl3uFpJYsf559DyY#cl/594_md/1200/114/683/3/586236

Analysis

max time kernel
149s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
07/05/2024, 20:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cjflrpmzcjrbdyejaldje.blob.core.windows.net/cjflrpmzcjrbdyejaldje/1.html?qo7UfckMaB47Gx3O2gUcqQgqQO5AKJ2DwKvFvEMNzT2DDVcS57x9dWAZFl1CQ3XFudvpltlzoGxldIFJvWOWBl3uFpJYsf559DyY#cl/594_md/1200/114/683/3/586236

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133595890371265606"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1162180587-977231257-2194346871-1000\{1DA5BCD6-18C3-4713-BAF4-818FE6821805}	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4868	chrome.exe
4868	chrome.exe
6064	chrome.exe
6064	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4868 wrote to memory of 4724	4868	chrome.exe	82
PID 4868 wrote to memory of 4724	4868	chrome.exe	82
PID 4868 wrote to memory of 2340	4868	chrome.exe	84
PID 4868 wrote to memory of 2340	4868	chrome.exe	84
PID 4868 wrote to memory of 2340	4868	chrome.exe	84
PID 4868 wrote to memory of 2340	4868	chrome.exe	84
PID 4868 wrote to memory of 2340	4868	chrome.exe	84
PID 4868 wrote to memory of 2340	4868	chrome.exe	84
PID 4868 wrote to memory of 2340	4868	chrome.exe	84
PID 4868 wrote to memory of 2340	4868	chrome.exe	84
PID 4868 wrote to memory of 2340	4868	chrome.exe	84
PID 4868 wrote to memory of 2340	4868	chrome.exe	84
PID 4868 wrote to memory of 2340	4868	chrome.exe	84
PID 4868 wrote to memory of 2340	4868	chrome.exe	84
PID 4868 wrote to memory of 2340	4868	chrome.exe	84
PID 4868 wrote to memory of 2340	4868	chrome.exe	84
PID 4868 wrote to memory of 2340	4868	chrome.exe	84
PID 4868 wrote to memory of 2340	4868	chrome.exe	84
PID 4868 wrote to memory of 2340	4868	chrome.exe	84
PID 4868 wrote to memory of 2340	4868	chrome.exe	84
PID 4868 wrote to memory of 2340	4868	chrome.exe	84
PID 4868 wrote to memory of 2340	4868	chrome.exe	84
PID 4868 wrote to memory of 2340	4868	chrome.exe	84
PID 4868 wrote to memory of 2340	4868	chrome.exe	84
PID 4868 wrote to memory of 2340	4868	chrome.exe	84
PID 4868 wrote to memory of 2340	4868	chrome.exe	84
PID 4868 wrote to memory of 2340	4868	chrome.exe	84
PID 4868 wrote to memory of 2340	4868	chrome.exe	84
PID 4868 wrote to memory of 2340	4868	chrome.exe	84
PID 4868 wrote to memory of 2340	4868	chrome.exe	84
PID 4868 wrote to memory of 2340	4868	chrome.exe	84
PID 4868 wrote to memory of 2340	4868	chrome.exe	84
PID 4868 wrote to memory of 2340	4868	chrome.exe	84
PID 4868 wrote to memory of 2372	4868	chrome.exe	85
PID 4868 wrote to memory of 2372	4868	chrome.exe	85
PID 4868 wrote to memory of 2504	4868	chrome.exe	86
PID 4868 wrote to memory of 2504	4868	chrome.exe	86
PID 4868 wrote to memory of 2504	4868	chrome.exe	86
PID 4868 wrote to memory of 2504	4868	chrome.exe	86
PID 4868 wrote to memory of 2504	4868	chrome.exe	86
PID 4868 wrote to memory of 2504	4868	chrome.exe	86
PID 4868 wrote to memory of 2504	4868	chrome.exe	86
PID 4868 wrote to memory of 2504	4868	chrome.exe	86
PID 4868 wrote to memory of 2504	4868	chrome.exe	86
PID 4868 wrote to memory of 2504	4868	chrome.exe	86
PID 4868 wrote to memory of 2504	4868	chrome.exe	86
PID 4868 wrote to memory of 2504	4868	chrome.exe	86
PID 4868 wrote to memory of 2504	4868	chrome.exe	86
PID 4868 wrote to memory of 2504	4868	chrome.exe	86
PID 4868 wrote to memory of 2504	4868	chrome.exe	86
PID 4868 wrote to memory of 2504	4868	chrome.exe	86
PID 4868 wrote to memory of 2504	4868	chrome.exe	86
PID 4868 wrote to memory of 2504	4868	chrome.exe	86
PID 4868 wrote to memory of 2504	4868	chrome.exe	86
PID 4868 wrote to memory of 2504	4868	chrome.exe	86
PID 4868 wrote to memory of 2504	4868	chrome.exe	86
PID 4868 wrote to memory of 2504	4868	chrome.exe	86
PID 4868 wrote to memory of 2504	4868	chrome.exe	86
PID 4868 wrote to memory of 2504	4868	chrome.exe	86
PID 4868 wrote to memory of 2504	4868	chrome.exe	86
PID 4868 wrote to memory of 2504	4868	chrome.exe	86
PID 4868 wrote to memory of 2504	4868	chrome.exe	86
PID 4868 wrote to memory of 2504	4868	chrome.exe	86
PID 4868 wrote to memory of 2504	4868	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://cjflrpmzcjrbdyejaldje.blob.core.windows.net/cjflrpmzcjrbdyejaldje/1.html?qo7UfckMaB47Gx3O2gUcqQgqQO5AKJ2DwKvFvEMNzT2DDVcS57x9dWAZFl1CQ3XFudvpltlzoGxldIFJvWOWBl3uFpJYsf559DyY#cl/594_md/1200/114/683/3/586236
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa1ec8ab58,0x7ffa1ec8ab68,0x7ffa1ec8ab78
  2⤵
  PID:4724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1660 --field-trial-handle=1772,i,3630536170074599120,2981384979424297476,131072 /prefetch:2
  2⤵
  PID:2340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1772,i,3630536170074599120,2981384979424297476,131072 /prefetch:8
  2⤵
  PID:2372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2200 --field-trial-handle=1772,i,3630536170074599120,2981384979424297476,131072 /prefetch:8
  2⤵
  PID:2504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3064 --field-trial-handle=1772,i,3630536170074599120,2981384979424297476,131072 /prefetch:1
  2⤵
  PID:5724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3068 --field-trial-handle=1772,i,3630536170074599120,2981384979424297476,131072 /prefetch:1
  2⤵
  PID:5712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4384 --field-trial-handle=1772,i,3630536170074599120,2981384979424297476,131072 /prefetch:1
  2⤵
  PID:5488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4620 --field-trial-handle=1772,i,3630536170074599120,2981384979424297476,131072 /prefetch:1
  2⤵
  PID:4292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4712 --field-trial-handle=1772,i,3630536170074599120,2981384979424297476,131072 /prefetch:1
  2⤵
  PID:5580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4848 --field-trial-handle=1772,i,3630536170074599120,2981384979424297476,131072 /prefetch:8
  2⤵
  PID:1804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4408 --field-trial-handle=1772,i,3630536170074599120,2981384979424297476,131072 /prefetch:8
  2⤵
  PID:5412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4984 --field-trial-handle=1772,i,3630536170074599120,2981384979424297476,131072 /prefetch:8
  2⤵
  PID:3724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4472 --field-trial-handle=1772,i,3630536170074599120,2981384979424297476,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:3320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4980 --field-trial-handle=1772,i,3630536170074599120,2981384979424297476,131072 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3296 --field-trial-handle=1772,i,3630536170074599120,2981384979424297476,131072 /prefetch:1
  2⤵
  PID:4956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5352 --field-trial-handle=1772,i,3630536170074599120,2981384979424297476,131072 /prefetch:1
  2⤵
  PID:4100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5564 --field-trial-handle=1772,i,3630536170074599120,2981384979424297476,131072 /prefetch:1
  2⤵
  PID:5588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5676 --field-trial-handle=1772,i,3630536170074599120,2981384979424297476,131072 /prefetch:1
  2⤵
  PID:1956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5800 --field-trial-handle=1772,i,3630536170074599120,2981384979424297476,131072 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4868 --field-trial-handle=1772,i,3630536170074599120,2981384979424297476,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6064

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:5300

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
936B

MD5
802c5c7d352433d107cc693c31cf8364

SHA1
ea22adbb1a7558a3a9e9520355331ac53cd53fe1

SHA256
8481dab648e2b1cdea7d3e9dabc2eb053e651cc5daaa7d337c1bd57c52fe79c9

SHA512
189ef09b3ad9da17c9850d77f8467fb533832dccfe9ade3aee77c2f4cb0cdc544bc6988290ac3c1a7b3537bddc65b5069a0663405c86a29bc208436b9838be6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
981b27730a39762716dd75012bc49ec2

SHA1
05ffb38676d3ee851f41424a00a2905ada2e5e97

SHA256
f6d0e459c4ec2eacca95b77d3a7c73b04bad20cb9f8d35cc7c791977be154375

SHA512
b9e268dfddfe95754ba95719fef709a3d62e34fda67a8eb009eed41f2e675c18966fa62712814c4fd685ce159ae77d92e48117bddcad6c80b2b6d04f3fc7b802

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
312bff672db5ab1a7b378848aa479282

SHA1
36157cdb0ee34ae489ed2821f3704161d5b1fbcf

SHA256
a02ec5c23b90b5575a87d76e03ada72c7bfa5d47af109d6b2bcaa38142cab5f3

SHA512
dbb1b658d8dc3c05d550c6774e88e17901c6dbbdb487ff7854073c027494d0950b4ec0d4622d83ecf84231a71bff34149bdb6a0f1a71c0327f6509b973b15be8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
b0d5dfb19a42424123c7c89ac57433d3

SHA1
34fa124ed718895f9c596f707eb6793ae53a0813

SHA256
2fa646c9af58d4fd44134e3673c774520f3b606a67e905fd14f8547198c82ba6

SHA512
1d8506ba9d15b3cda42d13f53d99675528099c961b76b086cead853ca01aca55477fd0785fa65b3f688c81ebb206e25bd15dbd00b326d54c13e541c45097b82e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
dfd6d5984f18145a1b3c9421b0e6d04b

SHA1
6b409a9105835f56fa6ab7414fdd543abc2669a2

SHA256
b21ffbaf23ec9c5c80c89607468ca1d25206bdbd907c9dd1150a612e9ad2d608

SHA512
e638ca21a8ea4589dc2aa44f4d6f9dbea893135ecbbfb4ee6e80a34f51795e5ea30506983d09f3a971f2de4a3d19eab8fccb1f5d895519bb2eb885fccf54c2be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
bb5abcf452d9a91e16d519baf627af7d

SHA1
416a28934d3e87510269041b017b91a469cd0327

SHA256
40dc12d631f8d2e0f2623d168104457b1ef36350490416c3090ba2017308c58a

SHA512
4b0256ab0fdb89aca2f36c001eca38751052355001df3a5a04846762983121b5e872951f2f8fb958bc51a964f043b5a38adbae3728d11d593f833a5be92a56ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
047053330b34b7eb8fa158237a9970f8

SHA1
25d6dba41c8a7b5373bd3eb1f05cae3ada7cc840

SHA256
3a1b9a842837c89975e393d9d4f13be3b7cc4d7edd52a4b6072fa1d65494bc06

SHA512
e787d27c5cda3668e808f6ce01dd6ea4b5d301ea7a66ebc3bacbf9d562abf5dda3f474df0436e51a8e9f5de66ef05635ee88d925d7c93dd00503594040356af5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
233c7812e6e6306a9d932ed185d923a7

SHA1
06f96966e5681f6c744469e929251bd60b54a753

SHA256
5b99a292f32e943565ba2a603eed6ebd7530cf71ae46394b381782d52f583d19

SHA512
38e3685d6d96c7b5e65f1dd37e0f757d614ff129d374c3f497694b8f912183a996f8544bd5d3c65a85afd240bf48a61ef887a35006c04251fb0b9d4fad035aad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
65f8a56575945b060e5434a14b40b0e4

SHA1
105f97857deb1752886a0383ca4c096962867461

SHA256
78694a79bfcba971c5e43a877dece3db1971eb549b1f232147d24f222f854753

SHA512
653aaa8247b80781400ffe4a70834b8dda64ab658897dcc225e3181c743a548c6b292ac8fd17b61b99d08e67f29de379a64b05e02843609686888cbd4ac1bff9

Download Submit