hxxps://click[.]totaljobsmail[.]com/f/a/fK2dDzT_2ILWFrrlJhUATA~~/AAAmIgA~/RgRonFzbP0UQbGlua191bnN1YnNjcmliZYQ0AWh0dHBzOi8vd3d3LnRvdGFsam9icy5jb20vSm9iU2VhcmNoL0VtYWlsTGluay5hc3B4P0dVSUQ9NmRiODZmN2MtYWI5Zi00MDM5LTg0YzItYmYwZWMwNjFmMzBmJlJldHVyblVybD1odHRwcyUzQSUyRiUyRnd3dy50b3RhbGpvYnMuY29tJTJGQWNjb3VudCUyRkVtYWlsJTJGVW5zdWJzY3JpYmUlMkY2ZGI4NmY3Yy1hYjlmLTQwMzktODRjMi1iZjBlYzA2MWYzMGYlM0ZEQ01QJTNEUl9FTV9JSk1fVEpfU1RfMTIwODIwMjRfSUpNX05FTl9WMl9DJnVtaWQ9MjAyNDA4MTIwOTM3MzAtZDFjOTljZTEtYzFiMC00M2E2LWI5YmItNzdmMTQzOWExMTU3VwVzcGNldUIKZrHb17lm3icVNVIXc2FyYS5oeW1hbkBsZWVkcy5nb3YudWtYBAAAAAY~

Resubmissions

12/08/2024, 11:04

240812-m59d3ssdlh 4

12/08/2024, 10:52

240812-mynh2axgnp 8

Analysis

max time kernel
70s
max time network
72s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
12/08/2024, 11:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://click.totaljobsmail.com/f/a/fK2dDzT_2ILWFrrlJhUATA~~/AAAmIgA~/RgRonFzbP0UQbGlua191bnN1YnNjcmliZYQ0AWh0dHBzOi8vd3d3LnRvdGFsam9icy5jb20vSm9iU2VhcmNoL0VtYWlsTGluay5hc3B4P0dVSUQ9NmRiODZmN2MtYWI5Zi00MDM5LTg0YzItYmYwZWMwNjFmMzBmJlJldHVyblVybD1odHRwcyUzQSUyRiUyRnd3dy50b3RhbGpvYnMuY29tJTJGQWNjb3VudCUyRkVtYWlsJTJGVW5zdWJzY3JpYmUlMkY2ZGI4NmY3Yy1hYjlmLTQwMzktODRjMi1iZjBlYzA2MWYzMGYlM0ZEQ01QJTNEUl9FTV9JSk1fVEpfU1RfMTIwODIwMjRfSUpNX05FTl9WMl9DJnVtaWQ9MjAyNDA4MTIwOTM3MzAtZDFjOTljZTEtYzFiMC00M2E2LWI5YmItNzdmMTQzOWExMTU3VwVzcGNldUIKZrHb17lm3icVNVIXc2FyYS5oeW1hbkBsZWVkcy5nb3YudWtYBAAAAAY~

Score

4^/10

discovery phishing

Malware Config

Signatures

Detected phishing page
phishing
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133679342704500215"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1340	chrome.exe
1340	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeCreatePagefilePrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeCreatePagefilePrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeCreatePagefilePrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeCreatePagefilePrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeCreatePagefilePrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeCreatePagefilePrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeCreatePagefilePrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeCreatePagefilePrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeCreatePagefilePrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeCreatePagefilePrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeCreatePagefilePrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeCreatePagefilePrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeCreatePagefilePrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeCreatePagefilePrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeCreatePagefilePrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeCreatePagefilePrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeCreatePagefilePrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeCreatePagefilePrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeCreatePagefilePrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeCreatePagefilePrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeCreatePagefilePrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeCreatePagefilePrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeCreatePagefilePrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeCreatePagefilePrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeCreatePagefilePrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeCreatePagefilePrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeCreatePagefilePrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeCreatePagefilePrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeCreatePagefilePrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeCreatePagefilePrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeCreatePagefilePrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeCreatePagefilePrivilege	1340	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1340 wrote to memory of 1596	1340	chrome.exe	72
PID 1340 wrote to memory of 1596	1340	chrome.exe	72
PID 1340 wrote to memory of 2756	1340	chrome.exe	74
PID 1340 wrote to memory of 2756	1340	chrome.exe	74
PID 1340 wrote to memory of 2756	1340	chrome.exe	74
PID 1340 wrote to memory of 2756	1340	chrome.exe	74
PID 1340 wrote to memory of 2756	1340	chrome.exe	74
PID 1340 wrote to memory of 2756	1340	chrome.exe	74
PID 1340 wrote to memory of 2756	1340	chrome.exe	74
PID 1340 wrote to memory of 2756	1340	chrome.exe	74
PID 1340 wrote to memory of 2756	1340	chrome.exe	74
PID 1340 wrote to memory of 2756	1340	chrome.exe	74
PID 1340 wrote to memory of 2756	1340	chrome.exe	74
PID 1340 wrote to memory of 2756	1340	chrome.exe	74
PID 1340 wrote to memory of 2756	1340	chrome.exe	74
PID 1340 wrote to memory of 2756	1340	chrome.exe	74
PID 1340 wrote to memory of 2756	1340	chrome.exe	74
PID 1340 wrote to memory of 2756	1340	chrome.exe	74
PID 1340 wrote to memory of 2756	1340	chrome.exe	74
PID 1340 wrote to memory of 2756	1340	chrome.exe	74
PID 1340 wrote to memory of 2756	1340	chrome.exe	74
PID 1340 wrote to memory of 2756	1340	chrome.exe	74
PID 1340 wrote to memory of 2756	1340	chrome.exe	74
PID 1340 wrote to memory of 2756	1340	chrome.exe	74
PID 1340 wrote to memory of 2756	1340	chrome.exe	74
PID 1340 wrote to memory of 2756	1340	chrome.exe	74
PID 1340 wrote to memory of 2756	1340	chrome.exe	74
PID 1340 wrote to memory of 2756	1340	chrome.exe	74
PID 1340 wrote to memory of 2756	1340	chrome.exe	74
PID 1340 wrote to memory of 2756	1340	chrome.exe	74
PID 1340 wrote to memory of 2756	1340	chrome.exe	74
PID 1340 wrote to memory of 2756	1340	chrome.exe	74
PID 1340 wrote to memory of 2756	1340	chrome.exe	74
PID 1340 wrote to memory of 2756	1340	chrome.exe	74
PID 1340 wrote to memory of 2756	1340	chrome.exe	74
PID 1340 wrote to memory of 2756	1340	chrome.exe	74
PID 1340 wrote to memory of 2756	1340	chrome.exe	74
PID 1340 wrote to memory of 2756	1340	chrome.exe	74
PID 1340 wrote to memory of 2756	1340	chrome.exe	74
PID 1340 wrote to memory of 2756	1340	chrome.exe	74
PID 1340 wrote to memory of 368	1340	chrome.exe	75
PID 1340 wrote to memory of 368	1340	chrome.exe	75
PID 1340 wrote to memory of 2708	1340	chrome.exe	76
PID 1340 wrote to memory of 2708	1340	chrome.exe	76
PID 1340 wrote to memory of 2708	1340	chrome.exe	76
PID 1340 wrote to memory of 2708	1340	chrome.exe	76
PID 1340 wrote to memory of 2708	1340	chrome.exe	76
PID 1340 wrote to memory of 2708	1340	chrome.exe	76
PID 1340 wrote to memory of 2708	1340	chrome.exe	76
PID 1340 wrote to memory of 2708	1340	chrome.exe	76
PID 1340 wrote to memory of 2708	1340	chrome.exe	76
PID 1340 wrote to memory of 2708	1340	chrome.exe	76
PID 1340 wrote to memory of 2708	1340	chrome.exe	76
PID 1340 wrote to memory of 2708	1340	chrome.exe	76
PID 1340 wrote to memory of 2708	1340	chrome.exe	76
PID 1340 wrote to memory of 2708	1340	chrome.exe	76
PID 1340 wrote to memory of 2708	1340	chrome.exe	76
PID 1340 wrote to memory of 2708	1340	chrome.exe	76
PID 1340 wrote to memory of 2708	1340	chrome.exe	76
PID 1340 wrote to memory of 2708	1340	chrome.exe	76
PID 1340 wrote to memory of 2708	1340	chrome.exe	76
PID 1340 wrote to memory of 2708	1340	chrome.exe	76
PID 1340 wrote to memory of 2708	1340	chrome.exe	76
PID 1340 wrote to memory of 2708	1340	chrome.exe	76

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://click.totaljobsmail.com/f/a/fK2dDzT_2ILWFrrlJhUATA~~/AAAmIgA~/RgRonFzbP0UQbGlua191bnN1YnNjcmliZYQ0AWh0dHBzOi8vd3d3LnRvdGFsam9icy5jb20vSm9iU2VhcmNoL0VtYWlsTGluay5hc3B4P0dVSUQ9NmRiODZmN2MtYWI5Zi00MDM5LTg0YzItYmYwZWMwNjFmMzBmJlJldHVyblVybD1odHRwcyUzQSUyRiUyRnd3dy50b3RhbGpvYnMuY29tJTJGQWNjb3VudCUyRkVtYWlsJTJGVW5zdWJzY3JpYmUlMkY2ZGI4NmY3Yy1hYjlmLTQwMzktODRjMi1iZjBlYzA2MWYzMGYlM0ZEQ01QJTNEUl9FTV9JSk1fVEpfU1RfMTIwODIwMjRfSUpNX05FTl9WMl9DJnVtaWQ9MjAyNDA4MTIwOTM3MzAtZDFjOTljZTEtYzFiMC00M2E2LWI5YmItNzdmMTQzOWExMTU3VwVzcGNldUIKZrHb17lm3icVNVIXc2FyYS5oeW1hbkBsZWVkcy5nb3YudWtYBAAAAAY~
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffab44c9758,0x7ffab44c9768,0x7ffab44c9778
  2⤵
  PID:1596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1804,i,18331385470034993193,17855712350015622907,131072 /prefetch:2
  2⤵
  PID:2756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1780 --field-trial-handle=1804,i,18331385470034993193,17855712350015622907,131072 /prefetch:8
  2⤵
  PID:368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2084 --field-trial-handle=1804,i,18331385470034993193,17855712350015622907,131072 /prefetch:8
  2⤵
  PID:2708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2916 --field-trial-handle=1804,i,18331385470034993193,17855712350015622907,131072 /prefetch:1
  2⤵
  PID:4708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2924 --field-trial-handle=1804,i,18331385470034993193,17855712350015622907,131072 /prefetch:1
  2⤵
  PID:2288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4416 --field-trial-handle=1804,i,18331385470034993193,17855712350015622907,131072 /prefetch:1
  2⤵
  PID:3500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5060 --field-trial-handle=1804,i,18331385470034993193,17855712350015622907,131072 /prefetch:1
  2⤵
  PID:3684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 --field-trial-handle=1804,i,18331385470034993193,17855712350015622907,131072 /prefetch:8
  2⤵
  PID:2324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 --field-trial-handle=1804,i,18331385470034993193,17855712350015622907,131072 /prefetch:8
  2⤵
  PID:1364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4488 --field-trial-handle=1804,i,18331385470034993193,17855712350015622907,131072 /prefetch:8
  2⤵
  PID:3924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3780 --field-trial-handle=1804,i,18331385470034993193,17855712350015622907,131072 /prefetch:1
  2⤵
  PID:524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3176 --field-trial-handle=1804,i,18331385470034993193,17855712350015622907,131072 /prefetch:1
  2⤵
  PID:1500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5536 --field-trial-handle=1804,i,18331385470034993193,17855712350015622907,131072 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3884 --field-trial-handle=1804,i,18331385470034993193,17855712350015622907,131072 /prefetch:1
  2⤵
  PID:3848

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3336

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

Filesize
122KB

MD5
e362018d59e81ae4d376e10583a2f449

SHA1
5d31c818a20882b90e48e95f079dbe5b600e6001

SHA256
58a3cce7a4cbb2243d9b6c4246ffc650b6a497d8cfdf1205c88ba001fdf66590

SHA512
6dc1d3eb140ecaffb744f33cf46d6bdbbb16219ff74d748b5240aaf2798e46ecfdf0d6517a4c61b08e81b9a1959ebe31d3afd70639369b63f24f80e6432f85ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
49KB

MD5
8991c3ec80ec8fbc41382a55679e3911

SHA1
8cc8cee91d671038acd9e3ae611517d6801b0909

SHA256
f55bacd4a20fef96f5c736a912d1947be85c268df18003395e511c1e860e8800

SHA512
4968a21d8cb9821282d10ba2d19f549a07f996b9fa2cdbcc677ac9901627c71578b1fc65db3ca78e56a47da382e89e52ac16fee8437caa879ece2cfba48c5a6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
34KB

MD5
85aecebad65b9c25a4582a369858d6b2

SHA1
5285d91365626a1e6a745621cbe35ca40d1af6e9

SHA256
20cb3311bf1478103f3f9ce438c4fc22127cd64b8017a4329964c60cff5549cd

SHA512
c4e5eb3210bdfeefc65a05b4995172204c3f8d01a5dae551c59ccbfc09381430eeab543c8bcaeaae82cbfed79ba2b8b14a39bd642842ffe011f499e7eb90fda3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
245KB

MD5
b3a6bf5100ba93f0dcdc5a1006799de6

SHA1
cc86d6df24aaba731859d19f700ea77897a3c1a1

SHA256
d14e601551fde1d96b99be3e38d882d743b460e1061d3d3bea386df73375d299

SHA512
5f22329e0734911e87a0c2baa4a20ebda3bdb01ebec2eb144ac060db75decee610d08d9c2900d99511528e6c68564ea8cebeafaff72a6d56b5c80133549a73a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
62KB

MD5
f28202c3d727f8dbcf56ae065fd4c789

SHA1
8711ec3c4b8bb1f2f0a9235313f202ff1ae8747f

SHA256
03bac66653311f016b1ebff25af841287a4b5442b8e52552450992ace895010e

SHA512
5fcf17d5d0f7f673f266dc1660eb76d7cc6f4352cb7c70257bdf936da13c60d5382d8bbbcab3807ab4c542818a67fe09d18cc38b10e2ff7f8b17aa55a3f3e938

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
24KB

MD5
a47539811f95bd10c9b8aeff9a000b79

SHA1
c8c362c196ee59e48033c1ed999dfdc4be1719cd

SHA256
bb236df0a04d560e3d875b45475921ecb87b66a41f7f0fbfae644e89595d2542

SHA512
e8a740b8a325812844980fd9968f75808cb448cbcfbfa4b1efc3e3cc86402a98eff51c5cadc31a8771b4b1fddb537d9c4b76992036dcf3e85e0761658cea8a40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
35KB

MD5
b7b4246a2ea306668b4c2695c3ee45b1

SHA1
34febfe1d7aca72007477640eedf734e517ac0ef

SHA256
afd9ac04a231a13f23320251a1cf079b4cf8b8913eafb0b3f4addd92209b7b6b

SHA512
47956ce2bf885c0647254febdfb074047dfb3dc6a4f02f4980b8cefa5169976ffb16b504c76ef5410fe8aa0f5dc4ed42e4b86c70a3ccd576278e71c236f6b879

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
41KB

MD5
eb8d95f220d6a519191b7e2285bdb86d

SHA1
fcad77e813df3601cfb20785d8531dff3d8c93c4

SHA256
344bb29cf42ef1b549ef2d905da24bbc5f45dcd40c7c6db847b5bf680e3eac98

SHA512
6c43ea7392fb667ec585a89b87384a6a7dda96ba0fad0e5df047f40bcf9e3bdf7d94ab426e9c246c946049cd39bd7fa1cefb1ef6f554f160aac5e3c3c6909205

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
19KB

MD5
6b60fbe11c920804423780431f89fead

SHA1
d559778e4631354604ddbcab436ed1e2c5a1f81c

SHA256
f346da4fe000a410c4523508ce52c1f6de3723ceafab35ecfdcab02ca2ca0412

SHA512
4b41bade68f8c9dbd0d334b0e10c2e025a7cf4decfee43e111c15ce3d6a0fcba3c0a3fc7ab54c3db9ada20da391c1559cd870d413ac8e4c23b47aa0fd9588091

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
57KB

MD5
be1f6aaefa820251c64a81cc8062b64d

SHA1
0dde12114c5b4f29e1ca8372453f97ae2e9c3125

SHA256
eb1619e6a949ef0e8eb0dce4ddcac0d5342ccb5903ea77ad8cef0166149e6643

SHA512
b778bc24ef091d9011e3b7969a2c9eac3a257476d39276347c8eb5b72e40ce4f4e5df20a2f7e82398df710db22930018b43b26f0407dc4d6174a118710be2341

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
84KB

MD5
a4183626ecfff2b3c3457c1754a3ad21

SHA1
764e5643a0a5de7a6fcff4406e1a1ee18379ea66

SHA256
a61bf2dec09955126d2ddd06285a22728c5e10e6b5d79c23118d895fba8a1f52

SHA512
68a7feaf7a226e622d630fbd441bf8dcceeb4e01810db5e292249abe53761dc7c3c4ecbd1f68b895d4e24e288b98b402325dfd902b2b129ca8e9fb8bd4fbd65d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002b

Filesize
26KB

MD5
d4454099634fdce7b47b12e7fb8d03dd

SHA1
479eb9d353a0411a616aeef29598bc2b762d8f66

SHA256
87a9d4ecf9edd3f33071f909dfec8251d763e9c30dd09139fed3a5f2016d10ca

SHA512
8b4cac616ef67d633aecf3f0979b2554e81f35ab9e079e043fedac63c68ca4fff2b622365a8454f09ddb65baa12a23c99f18ce22c5975f5458e6fe78cc9a994b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
8d6d6a3da11c2f88e46789e5c7d38efc

SHA1
4cc1971e5658669f5d19bbb1b9c6da692924a1ed

SHA256
59b0421f6446ab407e4a529b6d7ad5609af874b363a039ab837ae823d648fd5c

SHA512
b26e80dbaab3642907cbafacd97287cd06a1ac7eec70ff33f54c339b1259cdf2c09e0679dbea30ecd667dd15a309bbfabca9e4623c5b97d34fb2e54b0669bba8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
3259ffa1b60c94cd8e22d5f952f0408d

SHA1
1ffdeeae352c3b0042308edd64717a17d830b0cb

SHA256
8ed9b0935bcf90daf546abcf3989e075cf13f5e1425244c30ce69af7c02f8879

SHA512
730739187fbc3128b5143281c3ac831d587f9bb1dc02a2e2dfa9b8d81881f86b14109f0b744117f4272e2cc6067eb15da9ceb254095625ba14258a63b7891ebe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
9a141a20695860fa1f3271559e50e550

SHA1
9223099b44137ede7edf50151aeb507fcbe2cee5

SHA256
e1af2ad70da9d28c844cc110fd69adb0069773011c3e58831fe2c9521f2e85fc

SHA512
deb1e600186ea8f8955a949a16692c8a0b72ec8c26589b422860fa1fd6e19a759a3359e4d4fe15598d1b9f796b818938e3fcd71172df26aedb3ad3c873bbc638

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
7cfb32b7fca5776263456a7d993e5dc5

SHA1
cd45743bbeea12528b3de64e86133097bac31027

SHA256
52897709eabd88a9b343a4050b06ada5ac58507a193da69525b4bac0a8c6167b

SHA512
0c2a24c2975bf8c1374499dd8792da13f83fba63b755a704d5be5f42c81f5f4c340d28ccc76ed9ea1f662e7a1265b82ec922c740189a3a5b857f23bca3df3b22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
df79dc32300071d8996e25eedabc7919

SHA1
31fc57910f9b362e03b3b35d9eee0f2dc946f737

SHA256
f6624c053d4979a69e91abdd34d947c65ca8eeca7a8111fe2fc84dcbde45ab20

SHA512
e8edbc05ccff5fb89bc3ad4fde09bec20a7dc44b873fc324a1cf1efed9f1ff721f218ed0b43d469c287e58a7386b4f91ecc9a3671d0a7b6d7b5ac779fdbfc1c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
afc939d8b510ec0cd6f4620b02a759eb

SHA1
2f34818f9399336507b50664f84b2d5fb0c9650c

SHA256
6a4edf330647219f8de99b3ed9100bc5bfdfe46fadd9c3498994b649f1dad777

SHA512
7b983ac9432fba08b4f339797f03847f8634e1f46141ede0349c83ee34f9d0f28673882980d13ef6f21d378c59c623982411211a589930670dc9dd80f9f21228

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
88037cbe613f7cbd083b6d409b850fc3

SHA1
ee065f992e71a608e101ca6dc2b553df59cc9bb6

SHA256
92cc521cb09ff6bf87dadddab7894568db67075b1f887019e96040a267437899

SHA512
a9456a4131d19ba576f27da5c87e3aecdbc196dc0ac02b2222c577106760eb13ef797ebd9353693c14703d05e501b2c589989e5cbbbf377cc12d39a7de90e05e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
fa568ce16c1ade2074f05d53f5ff5ef1

SHA1
ddf5763509ee56ed79b7fdd4760abefd783c6df6

SHA256
a1e9a99fa4aa476634ad8914ab55ca8d493ca8412be6f912e22de30ca0cbbdc7

SHA512
ada628d1de44ece2638f166fc41a9024dc79812652623eadcfedc0bfde5da591bf81c5bf92bb99718800df47b593021ecbfc9a0dd76c67406240d489faad32a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8c0fdb87c13404f2014a6d54e6ada0a9

SHA1
bbdce733fe5bd502af8052a8ded811a672af292b

SHA256
07b2fc4f92e01839db0b509d42d3c3c44a47668b7dcc3ad3329dc90239b63cdf

SHA512
7c2b16921e9cdc6e4ecbefc26ad4e6771dba689c066419724c7ea7ecae6b0fe88a3e2438e31c9c875f67aba0cea046333d33903ffb85bb9725c8c07b483dda35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
222b32a92df1e8f131ef90d757c697f5

SHA1
3750da5c62785c5cf86cb21c1bb7892ea8cdbd9e

SHA256
b88ca22c6cc3df3d02fff43637d1707787a150745353575934e71f7ed2b64369

SHA512
715b9e9c8c0e594eea5ea5e2f70dd2b7d9a27406e757dcef58bb1c04d8b29d7700c60830201be2db6a3d6741a7d2220db439ccdd9552bcdf90b0560f70aff362

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
16607b7c5503468595092b8e19a53bc6

SHA1
3624548b653b5f584bd972e17692089759f1f640

SHA256
c177415995bb25642b5dff045f18312bfba5db9c3c2a02a38dc5d16d7bec26f5

SHA512
8b61b689b3b22c8918b0e5fa28ccb0efb579a8024288488e54104ccdd6598a20672d65f36765c5ac12a137de251b74e35aae6a12ccb459de6d3e2f1baa59bf72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\0ba63bb6379499186825cc0b340b96fc86c16276\a9990727-4c9a-4508-9e27-b65c5b245fc2\index-dir\the-real-index

Filesize
72B

MD5
5df4f70e8f2ad74a0280431588f7c773

SHA1
d25f664a4aaa042c414eb692afba785235463a25

SHA256
17d20325ce4193fea4c3793d021a5f4b54a25c50f54b61195d7409172ea56f50

SHA512
37c392b692785a3fec7ac61cc2620b153aaf732dec7a50cd9af492188d5b182eff4b6a0a35e2fa80613bc1e20823333484b7b30c78b5fd982a535c135a5cee91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\0ba63bb6379499186825cc0b340b96fc86c16276\a9990727-4c9a-4508-9e27-b65c5b245fc2\index-dir\the-real-index~RFe57be2f.TMP

Filesize
48B

MD5
3ea8c81b9a13750dc14f5b1cee96fa4e

SHA1
7d277455ce887cae597862ebdf795b423c663d6e

SHA256
06c497b0cfafa5730a6fe41fe9f33380ab00f36ff0f743afc8a00f9e59bb24b0

SHA512
f7cd9a7819f5627ca704ef05de1ce5cfa3de829a30492d91d8f4b2adb602f40c298856cbadd9338066c2051b4b83b6dfa271726da269193c1868aa442bfdc258

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\0ba63bb6379499186825cc0b340b96fc86c16276\index.txt

Filesize
111B

MD5
5dc41d291ad24a9890601e296daaef11

SHA1
e2ae67986e65b9e0ffbce2b5c6fb89379e4f71b1

SHA256
e0e5ce8f3d3a928de072bb946bd2e23d68523ef3975e481dd0709c29adc4a8c4

SHA512
a3a43126ca871fb8ef8d6a4e8d1fa90d1f9fb880672feffeac5f4f5dc5e7dee3fc5f1c239747e836323b41021df6bcef4042d1b96fa1524f636c0d3c0eb29f9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\0ba63bb6379499186825cc0b340b96fc86c16276\index.txt~RFe57be4f.TMP

Filesize
117B

MD5
d7d44c48cdb463d61db2039ab049dde5

SHA1
942c20fcac2e650cc16e6b66996a3bfbbd81c362

SHA256
827e252d4426ee8ab1454c982d105c034a27e760eca03a5166e02ac1c3cd3871

SHA512
a45af6d67bf17545668caf88717fc60c4fc917ef1d7b1c6387b7b7f106c8f9914acb9372f7d16b7f98335f7cb3e80c17717829848e515bcc2aebe6c87db28c96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
f6908ee2e44a7039308fbafc6244336a

SHA1
43a2531a38d39ef62bd2ae627d825d6f542d1c58

SHA256
550cd62a8343506c9b17df1d67e41fc99e5459df997b087bc78c4cc6323ea654

SHA512
d60942b1b451459e4551dc6276b55c3b763851bc31532e3a5d6c3b04791d786228165a0c4f72d56c8ebd6b72ae9f824aa19214e3193f374669f90d6abe37dd01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57bdd2.TMP

Filesize
48B

MD5
7483b0b1c8f8fffdeda1a496e39aa8e9

SHA1
d99b425dcf52b1e09dd3baed730c2af1fc80c0f6

SHA256
dc33ec26f828bfe0c4ab83c21f2e5b1cdc14ffe35f07d04b799d9c6e0dddd0a9

SHA512
c1c903efceddce0cf2b14d9420e9555104333298eb658bac01fa5587b13920c00e7151368268ea2ffccbba4901f558b35e7fe5c16e7bc29c88d5aec75664a8d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\bc651512-5ee0-435f-8942-e20581477ff9.tmp

Filesize
5KB

MD5
1db25a469e09668abd3a4b1fce23990d

SHA1
e9ab31b7a7480a59b3577a6b2c946e9b83f85c12

SHA256
14c92c40d588ee90d157c18bc0bdb9375cf7e10ae835dc3b15013f832a6dc2e6

SHA512
5e9d73fda49311dc813a00132fc1c96c53ce5e2fc7f31bc60155896255ed41f129c059e1a20a0e76095faa21e01a34946a1f7a143883f42bfa16e11fa813f92b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
b951d34e0397cd871667e8c5259054d2

SHA1
b5b74bc771804bc025acf0f83448ab68e720c13b

SHA256
ddf42b77aa815035cfd64dae781c9b96a7b942023ed6fc9a7c0fdeeb788e662d

SHA512
2dd07ae8fd75b4ec92638e9bf63d96119787c08a8526ab872f133940f0522ead11ec8f016339829b5977e780fc43373bd5044b3c559c52f67cf32cce949ff9cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
5f32930b9ea46e80caa2033761b757fc

SHA1
35ff5bcaef517d1b0e82d5dce8f7ad9e736c19e3

SHA256
4edf59255c4b09549c1a253b69709d9c98fdbe97af82112041b833f683f0a673

SHA512
f123aece77a8be87f434f7d78a732e368a0947bc2224f93dba0bcbd1b5130d3ff443055ec4980beca2e37bbac01b6c16f5dbbe07700f7ae25c4fe66433acb549

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
102KB

MD5
a05ea22555a16eae1481b4eee3918c1d

SHA1
04420c94ed4355cd2ba71ae61e42d96865bea100

SHA256
7e598adb729b41135d3f733a48b8c825a9f2b37dc7e2798710476cade20360b4

SHA512
14bb186e1da430e0b1f421b240544626de50bf633f63682234aea47331ad9000e233fcb96e72c7a6530dfae2f1bbf92600c9f447c34e62dd337118787daa56da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57e3e8.TMP

Filesize
98KB

MD5
4f76277441607ff38ab348921d81ede1

SHA1
dc66b661177ab874776623e322002fa84d376fe3

SHA256
81208d8148e7ef51f30e5575820432a6d6106192226b2d4bcecab7eecf0212d1

SHA512
f17446c1b7bdaa92f09764b21f7416a72124e4b389429d8e43f83c55c768322c210654cd710785db7825549044bf3edb3e810cb86cd0c8364d075b1bf28531a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit