hxxps://direct-link[.]net/211268/ignt

General

Target

https://direct-link.net/211268/ignt

Score

6^/10

Malware Config

Signatures

Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

80 api.ipify.org
83 api.ipify.org

flow	ioc
80	api.ipify.org
83	api.ipify.org

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133607816710026150"	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description ioc process

Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ chrome.exe
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

2840 chrome.exe
2840 chrome.exe
1928 chrome.exe
1928 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

Processes:

chrome.exe

pid process

2840 chrome.exe
2840 chrome.exe
2840 chrome.exe
2840 chrome.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe
Token: SeShutdownPrivilege	2840	chrome.exe
Token: SeCreatePagefilePrivilege	2840	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe
2840	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2840 wrote to memory of 3972	2840	chrome.exe	chrome.exe
PID 2840 wrote to memory of 3972	2840	chrome.exe	chrome.exe
PID 2840 wrote to memory of 2256	2840	chrome.exe	chrome.exe
PID 2840 wrote to memory of 2256	2840	chrome.exe	chrome.exe
PID 2840 wrote to memory of 2256	2840	chrome.exe	chrome.exe
PID 2840 wrote to memory of 2256	2840	chrome.exe	chrome.exe
PID 2840 wrote to memory of 2256	2840	chrome.exe	chrome.exe
PID 2840 wrote to memory of 2256	2840	chrome.exe	chrome.exe
PID 2840 wrote to memory of 2256	2840	chrome.exe	chrome.exe
PID 2840 wrote to memory of 2256	2840	chrome.exe	chrome.exe
PID 2840 wrote to memory of 2256	2840	chrome.exe	chrome.exe
PID 2840 wrote to memory of 2256	2840	chrome.exe	chrome.exe
PID 2840 wrote to memory of 2256	2840	chrome.exe	chrome.exe
PID 2840 wrote to memory of 2256	2840	chrome.exe	chrome.exe
PID 2840 wrote to memory of 2256	2840	chrome.exe	chrome.exe
PID 2840 wrote to memory of 2256	2840	chrome.exe	chrome.exe
PID 2840 wrote to memory of 2256	2840	chrome.exe	chrome.exe
PID 2840 wrote to memory of 2256	2840	chrome.exe	chrome.exe
PID 2840 wrote to memory of 2256	2840	chrome.exe	chrome.exe
PID 2840 wrote to memory of 2256	2840	chrome.exe	chrome.exe
PID 2840 wrote to memory of 2256	2840	chrome.exe	chrome.exe
PID 2840 wrote to memory of 2256	2840	chrome.exe	chrome.exe
PID 2840 wrote to memory of 2256	2840	chrome.exe	chrome.exe
PID 2840 wrote to memory of 2256	2840	chrome.exe	chrome.exe
PID 2840 wrote to memory of 2256	2840	chrome.exe	chrome.exe
PID 2840 wrote to memory of 2256	2840	chrome.exe	chrome.exe
PID 2840 wrote to memory of 2256	2840	chrome.exe	chrome.exe
PID 2840 wrote to memory of 2256	2840	chrome.exe	chrome.exe
PID 2840 wrote to memory of 2256	2840	chrome.exe	chrome.exe
PID 2840 wrote to memory of 2256	2840	chrome.exe	chrome.exe
PID 2840 wrote to memory of 2256	2840	chrome.exe	chrome.exe
PID 2840 wrote to memory of 2256	2840	chrome.exe	chrome.exe
PID 2840 wrote to memory of 2256	2840	chrome.exe	chrome.exe
PID 2840 wrote to memory of 4668	2840	chrome.exe	chrome.exe
PID 2840 wrote to memory of 4668	2840	chrome.exe	chrome.exe
PID 2840 wrote to memory of 1896	2840	chrome.exe	chrome.exe
PID 2840 wrote to memory of 1896	2840	chrome.exe	chrome.exe
PID 2840 wrote to memory of 1896	2840	chrome.exe	chrome.exe
PID 2840 wrote to memory of 1896	2840	chrome.exe	chrome.exe
PID 2840 wrote to memory of 1896	2840	chrome.exe	chrome.exe
PID 2840 wrote to memory of 1896	2840	chrome.exe	chrome.exe
PID 2840 wrote to memory of 1896	2840	chrome.exe	chrome.exe
PID 2840 wrote to memory of 1896	2840	chrome.exe	chrome.exe
PID 2840 wrote to memory of 1896	2840	chrome.exe	chrome.exe
PID 2840 wrote to memory of 1896	2840	chrome.exe	chrome.exe
PID 2840 wrote to memory of 1896	2840	chrome.exe	chrome.exe
PID 2840 wrote to memory of 1896	2840	chrome.exe	chrome.exe
PID 2840 wrote to memory of 1896	2840	chrome.exe	chrome.exe
PID 2840 wrote to memory of 1896	2840	chrome.exe	chrome.exe
PID 2840 wrote to memory of 1896	2840	chrome.exe	chrome.exe
PID 2840 wrote to memory of 1896	2840	chrome.exe	chrome.exe
PID 2840 wrote to memory of 1896	2840	chrome.exe	chrome.exe
PID 2840 wrote to memory of 1896	2840	chrome.exe	chrome.exe
PID 2840 wrote to memory of 1896	2840	chrome.exe	chrome.exe
PID 2840 wrote to memory of 1896	2840	chrome.exe	chrome.exe
PID 2840 wrote to memory of 1896	2840	chrome.exe	chrome.exe
PID 2840 wrote to memory of 1896	2840	chrome.exe	chrome.exe
PID 2840 wrote to memory of 1896	2840	chrome.exe	chrome.exe
PID 2840 wrote to memory of 1896	2840	chrome.exe	chrome.exe
PID 2840 wrote to memory of 1896	2840	chrome.exe	chrome.exe
PID 2840 wrote to memory of 1896	2840	chrome.exe	chrome.exe
PID 2840 wrote to memory of 1896	2840	chrome.exe	chrome.exe
PID 2840 wrote to memory of 1896	2840	chrome.exe	chrome.exe
PID 2840 wrote to memory of 1896	2840	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://direct-link.net/211268/ignt
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd5085ab58,0x7ffd5085ab68,0x7ffd5085ab78
2⤵
PID:3972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1884,i,488845168218336147,3640154643472849656,131072 /prefetch:2
2⤵
PID:2256

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1884,i,488845168218336147,3640154643472849656,131072 /prefetch:8
2⤵
PID:4668

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2220 --field-trial-handle=1884,i,488845168218336147,3640154643472849656,131072 /prefetch:8
2⤵
PID:1896

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3060 --field-trial-handle=1884,i,488845168218336147,3640154643472849656,131072 /prefetch:1
2⤵
PID:4028

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3076 --field-trial-handle=1884,i,488845168218336147,3640154643472849656,131072 /prefetch:1
2⤵
PID:4428

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4244 --field-trial-handle=1884,i,488845168218336147,3640154643472849656,131072 /prefetch:1
2⤵
PID:2232

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4460 --field-trial-handle=1884,i,488845168218336147,3640154643472849656,131072 /prefetch:1
2⤵
PID:3980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5008 --field-trial-handle=1884,i,488845168218336147,3640154643472849656,131072 /prefetch:8
2⤵
PID:5024

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5056 --field-trial-handle=1884,i,488845168218336147,3640154643472849656,131072 /prefetch:8
2⤵
PID:1528

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1536 --field-trial-handle=1884,i,488845168218336147,3640154643472849656,131072 /prefetch:8
2⤵
- Modifies registry class
PID:2804

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1844 --field-trial-handle=1884,i,488845168218336147,3640154643472849656,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1928

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4620

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
d078a89b789558ac8d345263de0a2036

SHA1
4309a4372ed2e7959a1c3345713dc9d145a2ff40

SHA256
d7379d6a24aac70adcb0d21deda8abd470e962b77829245da22bfcac1ff8c67b

SHA512
5a3022f89487b20c70811d756cb979ad71913ce196cac04a07641d30db04cd10a4ecbfd418dc786a262d338d009a52d37d8bc827a216a229fdcfda9eb81275f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
708262ca4819ecf115fead4e1f6c2a26

SHA1
771b3f0f5a74be452abb3d6809b9d9f4ea098217

SHA256
53828668c776ce4ca1090c815433d95abe931adf2c8e9ab4114c142d6bedb647

SHA512
64ca8ace45ea6a0bb4c3de4ec3b1a60aaf00a98752b3ed97fe5a92f08f99766ccd404e398fe4f12d1490b66c0b8c85f10d29fcb615149629202f9d324bf8e84a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
e1df5c6c233a01b8ca3f141a2d9bc5b1

SHA1
2d0a00bfc83943ac38305783b64554388ff38d44

SHA256
2db6f89d661164820ab252f19afdd920e57899f81bb0a22904403079f3f7edd3

SHA512
47d0f929dcac025525103d4893bfa6064a9d996917a209d65ceb5c174ab11001eb9a52188faa3113cb1160d8af4c24b84a73628bd6169a77da381b5867717e65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
11a9d469836c06bfc9488c5e859ee612

SHA1
c8ef15d29142ba9e3f1841d1fe88a7980604d6a7

SHA256
1d6bc0da5172d05475ad848b0640841453170f89ce2583f9289669c6550b69af

SHA512
0b0eff30ac42c4c0326652f7defe1a799f8540103d06a6314c0beff12fc14802e7f88dd815598cb4c0b96d34e41a00620f571da59232a65ecab8417f050136de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
75444d237055ce4801701397168e3904

SHA1
5167154550c375560df84e58ea827de695f9c512

SHA256
23539f826708c548b97f5f2b666fdbb37d59a8b5577789b7f5d8de02b206dadd

SHA512
e3f611d0fcd64f89ac8ddc37343c59061eede932c6f1a7d33901d4148c05cece78f9f98af5fabc39303be2bc4ce6f8bbbd2e50bd6ebbc17f34613bd63d6a1f9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
5f5dcf24af28f5945504c7c4ba5acc10

SHA1
f1ad4a2be6a60150ce35fe28d27d0540a3fcf048

SHA256
7fd0fbb5443d14b0ae607b912967baf6f8c3a7aed84d6e3358f291448c825c74

SHA512
300146141dc0cbddb16fb9f26dd66be966c601cfc339de8ef4c5e7caceec2d3a7b1281f33f90bd7b51941399937cc09d2c6b10bb9d7bb799e5e8b0dd4a81bd9d

Download Submit
\??\pipe\crashpad_2840_GBWWEXVFPRCWPVIT

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads