hxxp://recp[.]mkt81[.]net/ctt?m=9201264&r=MjcwMzc5ODk4MTM3S0&b=0&j=MTY4MDU5NzgyOAS2&k=Language&kx=1&kt=12&kd=[//]assets-usa[.]mkt[.]dynamics[.]com/2cd19119-032d-ef11-8406-000d3a342d2d/digitalassets/standaloneforms/0a33dc78-c42f-ef11-8409-000d3a5c988f??#Ytv1fbx-2FTav-2BQH9ZOs5QAVQoyOVXkjqzWmn068bxJM1DUjUUU5Y-2BBw-3D-3D&data=05|02|bob[.]briggs@grammer[.]com|eacc07dcf1304938423e08dc122cbb1b|63d639818f404ab2a0cc299291d700fc|0|0|638405230530695155|Unknown|TWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0=|3000|||&sdata=idFt5Zdq6/FBDWXC9y5X6YRdrAeTIbDuY+57c2BGf8Q=&reserved=0&McasTsid=20893&McasCSRF=6cb6998babe0869e6f1be1711d4d6fe2f63a7c6279b2ca508c107864e8181b5e

General

Target

http://recp.mkt81.net/ctt?m=9201264&r=MjcwMzc5ODk4MTM3S0&b=0&j=MTY4MDU5NzgyOAS2&k=Language&kx=1&kt=12&kd=//assets-usa.mkt.dynamics.com/2cd19119-032d-ef11-8406-000d3a342d2d/digitalassets/standaloneforms/0a33dc78-c42f-ef11-8409-000d3a5c988f??#Ytv1fbx-2FTav-2BQH9ZOs5QAVQoyOVXkjqzWmn068bxJM1DUjUUU5Y-2BBw-3D-3D&data=05|02|[email protected]|eacc07dcf1304938423e08dc122cbb1b|63d639818f404ab2a0cc299291d700fc|0|0|638405230530695155|Unknown|TWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0=|3000|||&sdata=idFt5Zdq6/FBDWXC9y5X6YRdrAeTIbDuY+57c2BGf8Q=&reserved=0&McasTsid=20893&McasCSRF=6cb6998babe0869e6f1be1711d4d6fe2f63a7c6279b2ca508c107864e8181b5e

Score

6^/10

motw phishing

Malware Config

Signatures

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs
phishing motw

Processes:

flow ioc

14 https://df.onecloud.azure-test.net/Error/UE_404?shown=true

flow	ioc
14	https://df.onecloud.azure-test.net/Error/UE_404?shown=true

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133634792682864351"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exechrome.exe

pid process

3172 chrome.exe
3172 chrome.exe
4216 chrome.exe
4216 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

Processes:

chrome.exe

pid process

3172 chrome.exe
3172 chrome.exe
3172 chrome.exe
3172 chrome.exe
3172 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3172	chrome.exe
Token: SeCreatePagefilePrivilege	3172	chrome.exe
Token: SeShutdownPrivilege	3172	chrome.exe
Token: SeCreatePagefilePrivilege	3172	chrome.exe
Token: SeShutdownPrivilege	3172	chrome.exe
Token: SeCreatePagefilePrivilege	3172	chrome.exe
Token: SeShutdownPrivilege	3172	chrome.exe
Token: SeCreatePagefilePrivilege	3172	chrome.exe
Token: SeShutdownPrivilege	3172	chrome.exe
Token: SeCreatePagefilePrivilege	3172	chrome.exe
Token: SeShutdownPrivilege	3172	chrome.exe
Token: SeCreatePagefilePrivilege	3172	chrome.exe
Token: SeShutdownPrivilege	3172	chrome.exe
Token: SeCreatePagefilePrivilege	3172	chrome.exe
Token: SeShutdownPrivilege	3172	chrome.exe
Token: SeCreatePagefilePrivilege	3172	chrome.exe
Token: SeShutdownPrivilege	3172	chrome.exe
Token: SeCreatePagefilePrivilege	3172	chrome.exe
Token: SeShutdownPrivilege	3172	chrome.exe
Token: SeCreatePagefilePrivilege	3172	chrome.exe
Token: SeShutdownPrivilege	3172	chrome.exe
Token: SeCreatePagefilePrivilege	3172	chrome.exe
Token: SeShutdownPrivilege	3172	chrome.exe
Token: SeCreatePagefilePrivilege	3172	chrome.exe
Token: SeShutdownPrivilege	3172	chrome.exe
Token: SeCreatePagefilePrivilege	3172	chrome.exe
Token: SeShutdownPrivilege	3172	chrome.exe
Token: SeCreatePagefilePrivilege	3172	chrome.exe
Token: SeShutdownPrivilege	3172	chrome.exe
Token: SeCreatePagefilePrivilege	3172	chrome.exe
Token: SeShutdownPrivilege	3172	chrome.exe
Token: SeCreatePagefilePrivilege	3172	chrome.exe
Token: SeShutdownPrivilege	3172	chrome.exe
Token: SeCreatePagefilePrivilege	3172	chrome.exe
Token: SeShutdownPrivilege	3172	chrome.exe
Token: SeCreatePagefilePrivilege	3172	chrome.exe
Token: SeShutdownPrivilege	3172	chrome.exe
Token: SeCreatePagefilePrivilege	3172	chrome.exe
Token: SeShutdownPrivilege	3172	chrome.exe
Token: SeCreatePagefilePrivilege	3172	chrome.exe
Token: SeShutdownPrivilege	3172	chrome.exe
Token: SeCreatePagefilePrivilege	3172	chrome.exe
Token: SeShutdownPrivilege	3172	chrome.exe
Token: SeCreatePagefilePrivilege	3172	chrome.exe
Token: SeShutdownPrivilege	3172	chrome.exe
Token: SeCreatePagefilePrivilege	3172	chrome.exe
Token: SeShutdownPrivilege	3172	chrome.exe
Token: SeCreatePagefilePrivilege	3172	chrome.exe
Token: SeShutdownPrivilege	3172	chrome.exe
Token: SeCreatePagefilePrivilege	3172	chrome.exe
Token: SeShutdownPrivilege	3172	chrome.exe
Token: SeCreatePagefilePrivilege	3172	chrome.exe
Token: SeShutdownPrivilege	3172	chrome.exe
Token: SeCreatePagefilePrivilege	3172	chrome.exe
Token: SeShutdownPrivilege	3172	chrome.exe
Token: SeCreatePagefilePrivilege	3172	chrome.exe
Token: SeShutdownPrivilege	3172	chrome.exe
Token: SeCreatePagefilePrivilege	3172	chrome.exe
Token: SeShutdownPrivilege	3172	chrome.exe
Token: SeCreatePagefilePrivilege	3172	chrome.exe
Token: SeShutdownPrivilege	3172	chrome.exe
Token: SeCreatePagefilePrivilege	3172	chrome.exe
Token: SeShutdownPrivilege	3172	chrome.exe
Token: SeCreatePagefilePrivilege	3172	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe
3172	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3172 wrote to memory of 2152	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 2152	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 2708	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 2708	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 2708	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 2708	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 2708	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 2708	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 2708	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 2708	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 2708	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 2708	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 2708	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 2708	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 2708	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 2708	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 2708	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 2708	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 2708	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 2708	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 2708	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 2708	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 2708	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 2708	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 2708	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 2708	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 2708	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 2708	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 2708	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 2708	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 2708	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 2708	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 2708	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 2664	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 2664	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 3672	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 3672	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 3672	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 3672	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 3672	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 3672	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 3672	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 3672	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 3672	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 3672	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 3672	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 3672	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 3672	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 3672	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 3672	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 3672	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 3672	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 3672	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 3672	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 3672	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 3672	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 3672	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 3672	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 3672	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 3672	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 3672	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 3672	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 3672	3172	chrome.exe	chrome.exe
PID 3172 wrote to memory of 3672	3172	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://recp.mkt81.net/ctt?m=9201264&r=MjcwMzc5ODk4MTM3S0&b=0&j=MTY4MDU5NzgyOAS2&k=Language&kx=1&kt=12&kd=//assets-usa.mkt.dynamics.com/2cd19119-032d-ef11-8406-000d3a342d2d/digitalassets/standaloneforms/0a33dc78-c42f-ef11-8409-000d3a5c988f??#Ytv1fbx-2FTav-2BQH9ZOs5QAVQoyOVXkjqzWmn068bxJM1DUjUUU5Y-2BBw-3D-3D&data=05|02|[email protected]|eacc07dcf1304938423e08dc122cbb1b|63d639818f404ab2a0cc299291d700fc|0|0|638405230530695155|Unknown|TWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0=|3000|||&sdata=idFt5Zdq6/FBDWXC9y5X6YRdrAeTIbDuY+57c2BGf8Q=&reserved=0&McasTsid=20893&McasCSRF=6cb6998babe0869e6f1be1711d4d6fe2f63a7c6279b2ca508c107864e8181b5e
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3172

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9747eab58,0x7ff9747eab68,0x7ff9747eab78
2⤵
PID:2152

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1680 --field-trial-handle=1904,i,17733283637523150423,211687621767651524,131072 /prefetch:2
2⤵
PID:2708

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1904,i,17733283637523150423,211687621767651524,131072 /prefetch:8
2⤵
PID:2664

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2108 --field-trial-handle=1904,i,17733283637523150423,211687621767651524,131072 /prefetch:8
2⤵
PID:3672

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2872 --field-trial-handle=1904,i,17733283637523150423,211687621767651524,131072 /prefetch:1
2⤵
PID:3568

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2880 --field-trial-handle=1904,i,17733283637523150423,211687621767651524,131072 /prefetch:1
2⤵
PID:4116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4224 --field-trial-handle=1904,i,17733283637523150423,211687621767651524,131072 /prefetch:1
2⤵
PID:4876

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2968 --field-trial-handle=1904,i,17733283637523150423,211687621767651524,131072 /prefetch:8
2⤵
PID:4228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4088 --field-trial-handle=1904,i,17733283637523150423,211687621767651524,131072 /prefetch:8
2⤵
PID:2028

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4152 --field-trial-handle=1904,i,17733283637523150423,211687621767651524,131072 /prefetch:1
2⤵
PID:3492

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4388 --field-trial-handle=1904,i,17733283637523150423,211687621767651524,131072 /prefetch:1
2⤵
PID:4024

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2608 --field-trial-handle=1904,i,17733283637523150423,211687621767651524,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4216

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:684

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
144B

MD5
2b95d908f2996b135063e56a9c83297e

SHA1
40bcd8f6cd0a24198b93cb6501e7ed5dd4506cd6

SHA256
70e507d3de99d8f346c6bd6b009041acc7610558bfde77fa4e95e4474656a26b

SHA512
51a05e7c8fef2b0fb350e8e7e34d04c2b5a9dc620f97f4d90a8dfd5b2b4c7e7953e0cce5a9e50e2e7a577d260db594290ad4d8094c6943c872efcd8e081c3443

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
ba14bab52c40e5a947e6db1a0290b225

SHA1
977dc54701c6f9591fbe3ec1c2072523a5c272da

SHA256
ea9f7eca94fe55a3b4e8849a9e78e4c06288fd5df55e25de48f4e69182cbee5d

SHA512
8b044e5a4a82d8f2427c0b006c41530d562485f0ac613e07638f9095b117f789937a3717771494c5d85bce20bee86b48550baad72c172390f841b6babb5d3719

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
b33a36e67c66c4255e17eaacaecc501a

SHA1
5ac9d358f16f28a41b06ad6062f67cbe8a340487

SHA256
fef52f59186acd9e60e63865f6eb4cc44c0e7bde02d9205d5d8a50cc21959cf9

SHA512
af56cfe10dd364d143a839c40284d9ea0ceea671c1143c7e0dd1567e79f0448a0a7c02b0186b8f10f532a370696e593732d745c41007a6dd3b6acec0a5e46356

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
48594866c8d0fd2d741634afc790ba09

SHA1
b847e8841ae8464b155abd67ab6309a3b0421f13

SHA256
e58ffc76003d88821222514d038e8e9285c758e7e268445359b6184fb2fb735b

SHA512
517a1098b420da8afe2afed9b34fb0a2fd9371dec876c556705fca6958bd7a2d55e426c01eb69777b978b9618184873d90af8915b070003e7b6d98d164400775

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
129KB

MD5
e4e5dca37f7f5e1ad9dcd809867498df

SHA1
168ed91ecf7249a37503deec8bca7c29475b411b

SHA256
2aa0b1a9f730d1048c6b09de73b8726edff6841da3d61dfb15ee60ba2106f59c

SHA512
beddac39d97a29bcb96da4fa547d4d74fee5263e45b6caacc04d4f021bd3bd38803d6661d6d51d418fd85fd0fe6cf0ea967ae3d3f08785cc64359a769abf4576

Download Submit
\??\pipe\crashpad_3172_ZMOUIYLFSINUHLGZ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads