hxxps://bit[.]ly/3JJSRB4

General

Target

https://bit.ly/3JJSRB4

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133236495575341315"	chrome.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

chrome.exechrome.exe

pid process

2540 chrome.exe
2540 chrome.exe
2540 chrome.exe
1176 chrome.exe
1176 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

chrome.exe

pid process

2540 chrome.exe
2540 chrome.exe
2540 chrome.exe
2540 chrome.exe
2540 chrome.exe
2540 chrome.exe
2540 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2540 wrote to memory of 2732	2540	chrome.exe	chrome.exe
PID 2540 wrote to memory of 2732	2540	chrome.exe	chrome.exe
PID 2540 wrote to memory of 1348	2540	chrome.exe	chrome.exe
PID 2540 wrote to memory of 1348	2540	chrome.exe	chrome.exe
PID 2540 wrote to memory of 1348	2540	chrome.exe	chrome.exe
PID 2540 wrote to memory of 1348	2540	chrome.exe	chrome.exe
PID 2540 wrote to memory of 1348	2540	chrome.exe	chrome.exe
PID 2540 wrote to memory of 1348	2540	chrome.exe	chrome.exe
PID 2540 wrote to memory of 1348	2540	chrome.exe	chrome.exe
PID 2540 wrote to memory of 1348	2540	chrome.exe	chrome.exe
PID 2540 wrote to memory of 1348	2540	chrome.exe	chrome.exe
PID 2540 wrote to memory of 1348	2540	chrome.exe	chrome.exe
PID 2540 wrote to memory of 1348	2540	chrome.exe	chrome.exe
PID 2540 wrote to memory of 1348	2540	chrome.exe	chrome.exe
PID 2540 wrote to memory of 1348	2540	chrome.exe	chrome.exe
PID 2540 wrote to memory of 1348	2540	chrome.exe	chrome.exe
PID 2540 wrote to memory of 1348	2540	chrome.exe	chrome.exe
PID 2540 wrote to memory of 1348	2540	chrome.exe	chrome.exe
PID 2540 wrote to memory of 1348	2540	chrome.exe	chrome.exe
PID 2540 wrote to memory of 1348	2540	chrome.exe	chrome.exe
PID 2540 wrote to memory of 1348	2540	chrome.exe	chrome.exe
PID 2540 wrote to memory of 1348	2540	chrome.exe	chrome.exe
PID 2540 wrote to memory of 1348	2540	chrome.exe	chrome.exe
PID 2540 wrote to memory of 1348	2540	chrome.exe	chrome.exe
PID 2540 wrote to memory of 1348	2540	chrome.exe	chrome.exe
PID 2540 wrote to memory of 1348	2540	chrome.exe	chrome.exe
PID 2540 wrote to memory of 1348	2540	chrome.exe	chrome.exe
PID 2540 wrote to memory of 1348	2540	chrome.exe	chrome.exe
PID 2540 wrote to memory of 1348	2540	chrome.exe	chrome.exe
PID 2540 wrote to memory of 1348	2540	chrome.exe	chrome.exe
PID 2540 wrote to memory of 1348	2540	chrome.exe	chrome.exe
PID 2540 wrote to memory of 1348	2540	chrome.exe	chrome.exe
PID 2540 wrote to memory of 1348	2540	chrome.exe	chrome.exe
PID 2540 wrote to memory of 1348	2540	chrome.exe	chrome.exe
PID 2540 wrote to memory of 1348	2540	chrome.exe	chrome.exe
PID 2540 wrote to memory of 1348	2540	chrome.exe	chrome.exe
PID 2540 wrote to memory of 1348	2540	chrome.exe	chrome.exe
PID 2540 wrote to memory of 1348	2540	chrome.exe	chrome.exe
PID 2540 wrote to memory of 1348	2540	chrome.exe	chrome.exe
PID 2540 wrote to memory of 1348	2540	chrome.exe	chrome.exe
PID 2540 wrote to memory of 388	2540	chrome.exe	chrome.exe
PID 2540 wrote to memory of 388	2540	chrome.exe	chrome.exe
PID 2540 wrote to memory of 1836	2540	chrome.exe	chrome.exe
PID 2540 wrote to memory of 1836	2540	chrome.exe	chrome.exe
PID 2540 wrote to memory of 1836	2540	chrome.exe	chrome.exe
PID 2540 wrote to memory of 1836	2540	chrome.exe	chrome.exe
PID 2540 wrote to memory of 1836	2540	chrome.exe	chrome.exe
PID 2540 wrote to memory of 1836	2540	chrome.exe	chrome.exe
PID 2540 wrote to memory of 1836	2540	chrome.exe	chrome.exe
PID 2540 wrote to memory of 1836	2540	chrome.exe	chrome.exe
PID 2540 wrote to memory of 1836	2540	chrome.exe	chrome.exe
PID 2540 wrote to memory of 1836	2540	chrome.exe	chrome.exe
PID 2540 wrote to memory of 1836	2540	chrome.exe	chrome.exe
PID 2540 wrote to memory of 1836	2540	chrome.exe	chrome.exe
PID 2540 wrote to memory of 1836	2540	chrome.exe	chrome.exe
PID 2540 wrote to memory of 1836	2540	chrome.exe	chrome.exe
PID 2540 wrote to memory of 1836	2540	chrome.exe	chrome.exe
PID 2540 wrote to memory of 1836	2540	chrome.exe	chrome.exe
PID 2540 wrote to memory of 1836	2540	chrome.exe	chrome.exe
PID 2540 wrote to memory of 1836	2540	chrome.exe	chrome.exe
PID 2540 wrote to memory of 1836	2540	chrome.exe	chrome.exe
PID 2540 wrote to memory of 1836	2540	chrome.exe	chrome.exe
PID 2540 wrote to memory of 1836	2540	chrome.exe	chrome.exe
PID 2540 wrote to memory of 1836	2540	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://bit.ly/3JJSRB4
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2540

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa4c089758,0x7ffa4c089768,0x7ffa4c089778
2⤵
PID:2732

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=1812,i,6451022491584084833,1761021763379799974,131072 /prefetch:2
2⤵
PID:1348

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1812,i,6451022491584084833,1761021763379799974,131072 /prefetch:8
2⤵
PID:388

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1812,i,6451022491584084833,1761021763379799974,131072 /prefetch:8
2⤵
PID:1836

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3200 --field-trial-handle=1812,i,6451022491584084833,1761021763379799974,131072 /prefetch:1
2⤵
PID:1564

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3220 --field-trial-handle=1812,i,6451022491584084833,1761021763379799974,131072 /prefetch:1
2⤵
PID:1108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4852 --field-trial-handle=1812,i,6451022491584084833,1761021763379799974,131072 /prefetch:1
2⤵
PID:3224

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3812 --field-trial-handle=1812,i,6451022491584084833,1761021763379799974,131072 /prefetch:1
2⤵
PID:1104

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4884 --field-trial-handle=1812,i,6451022491584084833,1761021763379799974,131072 /prefetch:8
2⤵
PID:1532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4004 --field-trial-handle=1812,i,6451022491584084833,1761021763379799974,131072 /prefetch:8
2⤵
PID:4540

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5312 --field-trial-handle=1812,i,6451022491584084833,1761021763379799974,131072 /prefetch:8
2⤵
PID:660

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4636 --field-trial-handle=1812,i,6451022491584084833,1761021763379799974,131072 /prefetch:1
2⤵
PID:2500

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2824 --field-trial-handle=1812,i,6451022491584084833,1761021763379799974,131072 /prefetch:1
2⤵
PID:3544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2756 --field-trial-handle=1812,i,6451022491584084833,1761021763379799974,131072 /prefetch:1
2⤵
PID:3636

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2824 --field-trial-handle=1812,i,6451022491584084833,1761021763379799974,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1176

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2228

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
0f4a3dca5e594faca100eb523a3d866d

SHA1
7852c38b4e0783ffa52a3dfa0657b0b08a261f65

SHA256
c08ddc0c817bd904881e38e3629c4015762b50f083194db4b91cb0318e57eabf

SHA512
a17db258633a55184e5408375e29d8de7e9711df83c42132eb9531dfefb9bf2936bc1d966d4fad802c41ad2d4a38b3dd8570fd3979ae0bca5aef0ce831538958

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
7e5a948eab2074b7fe29938d6f5e0f38

SHA1
0fc3a2dab481e0b2920ddd2bb889fcee1e31e283

SHA256
de4fb0333686b194e3ccbcc1efb0bd8aa1548ee65c091dceaca8e242aabc1a7f

SHA512
4bde885c323aee3a523299e972ca4ad9a19517da2ad2a41fa0c08e463de4f2fe28bf6b8af4f6318dcdfeb3c1c6c531160a068613384a290fbdddab16c19ece70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
2bc3e400d0a905997594f90ed64e8c92

SHA1
35c1fca3a38d253d53ecbd4fa02c20b4d11d93a0

SHA256
9771bb8122bd0213ce4b2df34a4bc04e8032cf5e2d0671870727555f46760032

SHA512
6e67e3727cef15e0e5c7f3208657075708e41129f9dd8c90798bc832a4c80187bb9da605afb8f61a7df258d90e037f08987ec2ea62ef2d155167782e0ab97216

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
daf2b2d5dd1bb6e55c9f9e9bd87953e7

SHA1
f1a4f94e319e11b14717c8910a72d37add56787d

SHA256
240945890e4e68b632432a7160cb5b79c2c8bf2159fb546b9ad9adc9fde4bf50

SHA512
14c132c870d375029fc538f8bc5b9cc4488df0d365eeda42902d4c5f19f690d702072a821ffa820fa5ca705e6a58ffc71d371d3a3374fb6d6a045d7606b63525

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
143KB

MD5
1d76bc323f5bcc9d28e4624a98844ef6

SHA1
0dcf22817ef1b92239c588269cf5f702ca27e692

SHA256
8dc6792d8ca316b01cfcb2a13ba123ed98ad9d05a86f4eb2e5cd5ed64f8e6364

SHA512
752cd643e23666f155f28a419f142ec789ba8d3cac90017ccbbde920dafe660d8792ce7c9a6cbf19261e111c9179d01841f69e585280b7a864a34597e43dc52b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_2540_WNIVKNDCGSZEDBCS
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads