hxxp://go[.]onelink[.]me/107872968?pid=InProduct&c=Global_Internal_YGrowth_AndroidEmailSig__AndroidUsers&af_wl=ym&af_sub1=Internal&af_sub2=Global_YGrowth&af_sub3=EmailSignature&af_web_dp=https%3A%2F%2Fhermestravel[.]ir%2Fnb%2F%2F%2Femail%2Fauth%2F%2Flhlrtm%2F%2F%2Fhey@example[.]de

General

Target

http://go.onelink.me/107872968?pid=InProduct&c=Global_Internal_YGrowth_AndroidEmailSig__AndroidUsers&af_wl=ym&af_sub1=Internal&af_sub2=Global_YGrowth&af_sub3=EmailSignature&af_web_dp=https%3A%2F%2Fhermestravel.ir%2Fnb%2F%2F%2Femail%2Fauth%2F%2Flhlrtm%2F%2F%[email protected]

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133238608632610014"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

4736 chrome.exe
4736 chrome.exe
3452 chrome.exe
3452 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

Processes:

chrome.exe

pid process

4736 chrome.exe
4736 chrome.exe
4736 chrome.exe
4736 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe
Token: SeShutdownPrivilege	4736	chrome.exe
Token: SeCreatePagefilePrivilege	4736	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe
4736	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4736 wrote to memory of 1316	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 1316	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 1804	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 1804	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 1804	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 1804	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 1804	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 1804	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 1804	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 1804	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 1804	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 1804	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 1804	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 1804	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 1804	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 1804	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 1804	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 1804	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 1804	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 1804	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 1804	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 1804	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 1804	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 1804	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 1804	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 1804	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 1804	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 1804	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 1804	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 1804	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 1804	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 1804	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 1804	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 1804	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 1804	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 1804	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 1804	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 1804	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 1804	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 1804	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 112	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 112	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 316	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 316	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 316	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 316	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 316	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 316	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 316	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 316	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 316	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 316	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 316	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 316	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 316	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 316	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 316	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 316	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 316	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 316	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 316	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 316	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 316	4736	chrome.exe	chrome.exe
PID 4736 wrote to memory of 316	4736	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://go.onelink.me/107872968?pid=InProduct&c=Global_Internal_YGrowth_AndroidEmailSig__AndroidUsers&af_wl=ym&af_sub1=Internal&af_sub2=Global_YGrowth&af_sub3=EmailSignature&af_web_dp=https%3A%2F%2Fhermestravel.ir%2Fnb%2F%2F%2Femail%2Fauth%2F%2Flhlrtm%2F%2F%[email protected]
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4736

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa25bc9758,0x7ffa25bc9768,0x7ffa25bc9778
2⤵
PID:1316

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=1812,i,1689362662620218907,17585789102197534805,131072 /prefetch:2
2⤵
PID:1804

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1812,i,1689362662620218907,17585789102197534805,131072 /prefetch:8
2⤵
PID:112

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1784 --field-trial-handle=1812,i,1689362662620218907,17585789102197534805,131072 /prefetch:8
2⤵
PID:316

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3144 --field-trial-handle=1812,i,1689362662620218907,17585789102197534805,131072 /prefetch:1
2⤵
PID:4924

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3156 --field-trial-handle=1812,i,1689362662620218907,17585789102197534805,131072 /prefetch:1
2⤵
PID:4324

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4468 --field-trial-handle=1812,i,1689362662620218907,17585789102197534805,131072 /prefetch:1
2⤵
PID:4268

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4936 --field-trial-handle=1812,i,1689362662620218907,17585789102197534805,131072 /prefetch:1
2⤵
PID:2448

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3432 --field-trial-handle=1812,i,1689362662620218907,17585789102197534805,131072 /prefetch:8
2⤵
PID:1128

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5132 --field-trial-handle=1812,i,1689362662620218907,17585789102197534805,131072 /prefetch:8
2⤵
PID:1788

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 --field-trial-handle=1812,i,1689362662620218907,17585789102197534805,131072 /prefetch:8
2⤵
PID:2084

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3792 --field-trial-handle=1812,i,1689362662620218907,17585789102197534805,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3452

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4552

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
72B

MD5
0d850e80d57a1baad583c25cd2f38934

SHA1
7e552e1452e2f1758122fdd5688265a15f72851d

SHA256
74f7309cf3f52bc13eaacf3fce13ad243e22e933736962d6a4af40154dee467d

SHA512
530875533a333aafef192295086b4c7a692326eba3e054bc6b4c6cc87a290fd95e84ab56e52f93a7eaf79637a7d228feced04060b098d2b28b74b5065f191d39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
32e0f177e9c0b734c5e5a28942557e1e

SHA1
9c94853d4553e9be09e1402b1fef32e81d149900

SHA256
dee54c4ae3f276ec340f0736c5583bda3c6d1adec988d87dd1e072fceb4626cb

SHA512
ead1d335240c7db25e3f3fecb2d9ec4ef65dd42793c6967b03ded3e4c3ec69a46ccb5820152938c6b23c07cc8dbb81ad2a61495c26abef3361b0b32ba1134b36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
706B

MD5
46c1463dab4963a743564978321a7c2e

SHA1
d5e638d27de54c3ecaf5120c6f16175ac661ce58

SHA256
4f84a804c071b6387610115054bd99b5c2db2ada68a23922ced3d9024c6e8a23

SHA512
6db4c26c2f826dacfc2721d01816a9c46946bab7e6add7241afcc04a5e5603f8a9d416b16d6c9d192716d38eefca1429e564e2b8fed75f1ac4181feecb9b05ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
ec14924a0c1a59c6dfc61fcc2536dfbc

SHA1
dd30d1a973b6393294294846bd090fe3d4fdeacf

SHA256
f85ba61c5264dc4803db6ee3ce3f253b986315963185c1785d1c0a5158f3e4ef

SHA512
2de7c131885fd30e7e6ce3d9ad2f3bb098d02de886d12cb7c61a5070fb4023d0400f6595d313d6a2067952cebcdca2090a09ca4d9efdccb3cc82491343439d52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
38d0bc433d19e3d6c107d15d513073d9

SHA1
89051be070ca22a7e228e48a6ddd28c27b76de56

SHA256
a5268a604f34be8ab80ad6d125c107c40bb8de76407cd807efb56d5890e72bd6

SHA512
b456d52f279ba71b3c646d3f4bdc4932527497500f9c0e755e0d22369241c003be3bf02069c41a147b5bb0aeb8dfef8819a3e181c27934c60a3cb413099115bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
144KB

MD5
f632de62ac2d56253e2d533a5925a78d

SHA1
4637f64c7ac48010e5b3f4fe5bf7dae1c38af524

SHA256
8c8729524d91179050c9394b4276c47c0799e5875b5e9973ea95a2c0e0b27851

SHA512
83e4d4fe84443b562ec742b399a40635fab6f3aa18cd991a752f82113eecafc5051b54f433575d2bf041471d60e6e3413a05769c426747a7d63788a6865b151d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_4736_WNTKKMJNIZXMFSAB
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads