kinsing | hxxps://2n8w[.]app[.]link/?~channel=Email&~feature=ConfirmationEmail--AtocETicket&~campaign=WebToApp&~tags=locale%3Den_GB&~tags=version%3D1&~tags=marketing_code%3DBSH3675&$android_url=https%3A%2F%2Fplay[.]google[.]com%2Fstore%2Fapps%2Fdetails%3Fid%3Dcom[.]thetrainline%26hl%3Den-GB&$android_deepview=false&$android_passive_deepview=false&$ios_url=https%3A%2F%2Fitunes[.]apple[.]com%2FGB%2Fapp%2Fthetrainline%2Fid334235181&$ios_deepview=false&$ios_passive_deepview=false&$fallback_url=hxxps://closeup[.]com[.]bo/cps/json/w3wfq8/marcus[.]kvist@beijerbygg[.]se

General

Target

https://2n8w.app.link/?~channel=Email&~feature=ConfirmationEmail--AtocETicket&~campaign=WebToApp&~tags=locale%3Den_GB&~tags=version%3D1&~tags=marketing_code%3DBSH3675&$android_url=https%3A%2F%2Fplay.google.com%2Fstore%2Fapps%2Fdetails%3Fid%3Dcom.thetrainline%26hl%3Den-GB&$android_deepview=false&$android_passive_deepview=false&$ios_url=https%3A%2F%2Fitunes.apple.com%2FGB%2Fapp%2Fthetrainline%2Fid334235181&$ios_deepview=false&$ios_passive_deepview=false&$fallback_url=https://closeup.com.bo/cps/json/w3wfq8/[email protected]

Score

10^/10

kinsing loader

Malware Config

Signatures

Kinsing
Kinsing is a loader written in Golang.
loader kinsing

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133506759410715867"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

4308 chrome.exe
4308 chrome.exe
3268 chrome.exe
3268 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

Processes:

chrome.exe

pid process

4308 chrome.exe
4308 chrome.exe
4308 chrome.exe
4308 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe
Token: SeShutdownPrivilege	4308	chrome.exe
Token: SeCreatePagefilePrivilege	4308	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe
4308	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4308 wrote to memory of 1332	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 1332	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 1312	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 1312	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 1312	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 1312	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 1312	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 1312	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 1312	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 1312	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 1312	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 1312	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 1312	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 1312	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 1312	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 1312	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 1312	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 1312	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 1312	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 1312	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 1312	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 1312	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 1312	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 1312	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 1312	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 1312	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 1312	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 1312	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 1312	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 1312	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 1312	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 1312	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 1312	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 1312	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 1312	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 1312	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 1312	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 1312	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 1312	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 1312	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 3700	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 3700	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 5092	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 5092	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 5092	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 5092	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 5092	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 5092	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 5092	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 5092	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 5092	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 5092	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 5092	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 5092	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 5092	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 5092	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 5092	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 5092	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 5092	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 5092	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 5092	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 5092	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 5092	4308	chrome.exe	chrome.exe
PID 4308 wrote to memory of 5092	4308	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffea8d39758,0x7ffea8d39768,0x7ffea8d39778
1⤵
PID:1332

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://2n8w.app.link/?~channel=Email&~feature=ConfirmationEmail--AtocETicket&~campaign=WebToApp&~tags=locale%3Den_GB&~tags=version%3D1&~tags=marketing_code%3DBSH3675&$android_url=https%3A%2F%2Fplay.google.com%2Fstore%2Fapps%2Fdetails%3Fid%3Dcom.thetrainline%26hl%3Den-GB&$android_deepview=false&$android_passive_deepview=false&$ios_url=https%3A%2F%2Fitunes.apple.com%2FGB%2Fapp%2Fthetrainline%2Fid334235181&$ios_deepview=false&$ios_passive_deepview=false&$fallback_url=https://closeup.com.bo/cps/json/w3wfq8/[email protected]
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4308

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2864 --field-trial-handle=1740,i,14175777272607063829,15330466355972636105,131072 /prefetch:1
2⤵
PID:2704

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2856 --field-trial-handle=1740,i,14175777272607063829,15330466355972636105,131072 /prefetch:1
2⤵
PID:1344

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2140 --field-trial-handle=1740,i,14175777272607063829,15330466355972636105,131072 /prefetch:8
2⤵
PID:5092

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1740,i,14175777272607063829,15330466355972636105,131072 /prefetch:8
2⤵
PID:3700

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1760 --field-trial-handle=1740,i,14175777272607063829,15330466355972636105,131072 /prefetch:2
2⤵
PID:1312

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3916 --field-trial-handle=1740,i,14175777272607063829,15330466355972636105,131072 /prefetch:1
2⤵
PID:3392

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4796 --field-trial-handle=1740,i,14175777272607063829,15330466355972636105,131072 /prefetch:1
2⤵
PID:4340

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2860 --field-trial-handle=1740,i,14175777272607063829,15330466355972636105,131072 /prefetch:8
2⤵
PID:3232

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 --field-trial-handle=1740,i,14175777272607063829,15330466355972636105,131072 /prefetch:8
2⤵
PID:4376

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4104 --field-trial-handle=1740,i,14175777272607063829,15330466355972636105,131072 /prefetch:8
2⤵
PID:4356

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2476 --field-trial-handle=1740,i,14175777272607063829,15330466355972636105,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3268

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2836

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
72B

MD5
d97907093a77a5873b086b7aad20dc91

SHA1
df6a4357489ae58a7b55f72e33286e1f2b3bd156

SHA256
e9adfc173880f147d7bec2188576e78681bd83ec78aba7bdaac8c8b4bb23fd05

SHA512
fcce9c0b8148d3a159e1e5fcb00bcd50351fc67b17e6cac52cd0fec032f55f810af9f48008436b7fda7cc9028221e8b4e81800e3abb7e399b8da4c1f3245051f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
e60093344084de3c0edb07f6bcdfde46

SHA1
08c0a81bde27fb0661aeb4c8a79dda0ed31e9b6b

SHA256
bfdda098b1acb54d8b9ff05aead6f4399ecb3ce4dfae1b92083da580b7ef2d20

SHA512
21b18c791ad821376eed1f5863b7a210f4ea57c37cfc917e1045f68ee2ef6377e73815fcc5c08d72c37ac5d75940f8a0e5d3890fbaf910c90ccc64675e772fe6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
536B

MD5
0b9ce6b8485ae9ba1c8bdde90a9715ea

SHA1
3572d8cdeb1f4d20d34d89841442f783bb44a5d3

SHA256
84b80687d9332f655d9b6d56e0c2ef6a3ef712f693d55703c1c960b1b2eac699

SHA512
597ee8e33dda45180a96b9c846a6c5fb995294366c36e4aa03e8c2f6ea3f027ea96702ea7ea54eb3ed3d0f956c0db96badeea8d826fd448bdf2898ee42b03cc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
2004df2d41169d516856c0b2a14336fa

SHA1
57b8af771f4c2d0ae4aab2db4d250892ae765dbb

SHA256
0dbdd605e844c2ecd4c1a5ca119ba2b2f2da902e19ae18dfe28155e31356eb60

SHA512
d802294f62a99f9c656fecdb9dc5f8c27f880188f76a167e89b3fab5d0ed2cfc94e4b9bda9b7ef04e0fba22e34adc2f52fbe3b91f36222eeecdf52721acfa4cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
114KB

MD5
a22e8c3924f428eb87e7e41867a38ef0

SHA1
a3829b65612abfdb908997b45682d39ebff85e3c

SHA256
4c51bc62aa4670fa449cec64f9f27fd3518323536c410d61a467022cfa0759b3

SHA512
12d9d34579cc7d0720eccf5d5790c8d56a5e0063f4030bc88f7218079f0ce96c55310a295362e92808bffd9948c6b2553e75a732851c00a060565f890d69936a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_4308_ESBJQUBQXZYKUKBH
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads