Analysis
-
max time kernel
150s -
max time network
128s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
19-03-2023 02:26
Static task
static1
Behavioral task
behavioral1
Sample
Setup (1).exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Setup (1).exe
Resource
win10v2004-20230220-en
General
-
Target
Setup (1).exe
-
Size
1.6MB
-
MD5
0f6a293b1e53a1d5bcb3167bff991945
-
SHA1
2c046fe82fa07a323e6b0fe1437cb9aba037024c
-
SHA256
002fe9ce401b6ba1332efd3752825b28d66e02e19508574e44c907744a2fcd4e
-
SHA512
67376884c39ab73941a96202a2546fac39c2cfb32493a5967db6221837f4415243c956ee61b182b53d1e68462e74aa7e90e6f76c39a0101f58c522764fbf3496
-
SSDEEP
24576:q7FUDowAyrTVE3U5FRQyA/pBh2FQ7iiqW4OzV5wv:qBuZrEUaRB0FQOxWXo
Malware Config
Signatures
-
Downloads MZ/PE file
-
Modifies Installed Components in the registry 2 TTPs 7 IoCs
Processes:
setup.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}\Version = "43,0,0,0" setup.exe Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components setup.exe Key created \REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC} setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}\ = "Chromnius" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}\StubPath = "\"C:\\Program Files\\Chromnius\\Application\\112.0.5567.0\\Installer\\chrmstp.exe\" --configure-user-settings --verbose-logging --system-level" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}\Localized Name = "Chromnius" setup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}\IsInstalled = "1" setup.exe -
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
cmd.exechromnius.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation cmd.exe Key value queried \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation chromnius.exe -
Executes dropped EXE 15 IoCs
Processes:
Setup (1).tmp64.exesetup.exesetup.exesetup.exesetup.exechromnius.exechromnius.exechromnius.exechromnius.exechromnius.exechromnius.exechromnius.exechromnius.exechromnius.exepid process 1192 Setup (1).tmp 5584 64.exe 5372 setup.exe 5416 setup.exe 5732 setup.exe 5712 setup.exe 6096 chromnius.exe 6028 chromnius.exe 5892 chromnius.exe 3368 chromnius.exe 5340 chromnius.exe 716 chromnius.exe 6136 chromnius.exe 5440 chromnius.exe 2864 chromnius.exe -
Loads dropped DLL 10 IoCs
Processes:
chromnius.exechromnius.exechromnius.exechromnius.exechromnius.exechromnius.exechromnius.exechromnius.exechromnius.exepid process 6096 chromnius.exe 6028 chromnius.exe 5892 chromnius.exe 6096 chromnius.exe 3368 chromnius.exe 5340 chromnius.exe 716 chromnius.exe 6136 chromnius.exe 5440 chromnius.exe 2864 chromnius.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Registers COM server for autorun 1 TTPs 3 IoCs
Processes:
setup.exedescription ioc process Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\LocalServer32 setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\LocalServer32\ = "\"C:\\Program Files\\Chromnius\\Application\\112.0.5567.0\\notification_helper.exe\"" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\LocalServer32\ServerExecutable = "C:\\Program Files\\Chromnius\\Application\\112.0.5567.0\\notification_helper.exe" setup.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops Chrome extension 1 IoCs
Processes:
chrome.exedescription ioc process File created C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pejhfhcoekcajgokallhmklcjkkeemgj\2.9_0\manifest.json chrome.exe -
Drops file in Program Files directory 64 IoCs
Processes:
setup.exesetup.exechromnius.exedescription ioc process File created C:\Program Files\Chromnius\Temp\source5372_1830699730\Chrome-bin\112.0.5567.0\chrome_200_percent.pak setup.exe File created C:\Program Files\Chromnius\Temp\source5372_1830699730\Chrome-bin\112.0.5567.0\Locales\am.pak setup.exe File created C:\Program Files\Chromnius\Temp\source5372_1830699730\Chrome-bin\112.0.5567.0\Locales\ur.pak setup.exe File created C:\Program Files\Chromnius\Temp\source5372_1830699730\Chrome-bin\112.0.5567.0\VisualElements\SmallLogo.png setup.exe File created C:\Program Files\Chromnius\Temp\source5372_1830699730\Chrome-bin\112.0.5567.0\Locales\ar.pak setup.exe File created C:\Program Files\Chromnius\Temp\source5372_1830699730\Chrome-bin\112.0.5567.0\Locales\da.pak setup.exe File created C:\Program Files\Chromnius\Temp\source5372_1830699730\Chrome-bin\112.0.5567.0\nacl_irt_x86_64.nexe setup.exe File created C:\Program Files\Chromnius\Temp\source5372_1830699730\Chrome-bin\112.0.5567.0\resources.pak setup.exe File created C:\Program Files\Chromnius\Application\SetupMetrics\ac5efbca-776f-4493-8f17-f899690349c8.tmp setup.exe File created C:\Program Files\Chromnius\Temp\source5372_1830699730\Chrome-bin\112.0.5567.0\Locales\nb.pak setup.exe File created C:\Program Files\Chromnius\Temp\source5372_1830699730\Chrome-bin\112.0.5567.0\Locales\pt-PT.pak setup.exe File created C:\Program Files\Chromnius\Temp\source5372_1830699730\Chrome-bin\112.0.5567.0\mojo_core.dll setup.exe File created C:\Program Files\Chromnius\Temp\source5372_1830699730\Chrome-bin\112.0.5567.0\notification_helper.exe setup.exe File opened for modification C:\Program Files\Chromnius\Application\chromnius.exe setup.exe File created C:\Program Files\Chromnius\Temp\source5372_1830699730\Chrome-bin\112.0.5567.0\Extensions\external_extensions.json setup.exe File created C:\Program Files\Chromnius\Temp\source5372_1830699730\Chrome-bin\112.0.5567.0\Locales\af.pak setup.exe File created C:\Program Files\Chromnius\Temp\source5372_1830699730\Chrome-bin\112.0.5567.0\Locales\es-419.pak setup.exe File created C:\Program Files\Chromnius\Temp\source5372_1830699730\Chrome-bin\112.0.5567.0\Locales\id.pak setup.exe File created C:\Program Files\Chromnius\Temp\source5372_1830699730\Chrome-bin\112.0.5567.0\Locales\sk.pak setup.exe File created C:\Program Files\Chromnius\Application\SetupMetrics\20230319032736.pma~RFe5752f2.TMP setup.exe File created C:\Program Files\Chromnius\Temp\source5372_1830699730\Chrome-bin\112.0.5567.0\eventlog_provider.dll setup.exe File created C:\Program Files\Chromnius\Temp\source5372_1830699730\Chrome-bin\112.0.5567.0\Locales\bn.pak setup.exe File created C:\Program Files\Chromnius\Temp\source5372_1830699730\Chrome-bin\112.0.5567.0\Locales\hu.pak setup.exe File created C:\Program Files\Chromnius\Temp\source5372_1830699730\Chrome-bin\112.0.5567.0\Locales\ja.pak setup.exe File created C:\Program Files\Chromnius\Temp\source5372_1830699730\Chrome-bin\112.0.5567.0\Locales\ko.pak setup.exe File created C:\Program Files\Chromnius\Application\112.0.5567.0\Installer\chrmstp.exe setup.exe File created C:\Program Files\Chromnius\Temp\source5372_1830699730\Chrome-bin\112.0.5567.0\chrome_elf.dll setup.exe File created C:\Program Files\Chromnius\Temp\source5372_1830699730\Chrome-bin\112.0.5567.0\Locales\bg.pak setup.exe File created C:\Program Files\Chromnius\Temp\source5372_1830699730\Chrome-bin\112.0.5567.0\Locales\el.pak setup.exe File created C:\Program Files\Chromnius\Temp\source5372_1830699730\Chrome-bin\112.0.5567.0\Locales\zh-TW.pak setup.exe File created C:\Program Files\Chromnius\Temp\source5372_1830699730\Chrome-bin\112.0.5567.0\Extensions\chromnius.crx setup.exe File created C:\Program Files\Chromnius\Temp\source5372_1830699730\Chrome-bin\112.0.5567.0\Locales\ml.pak setup.exe File created C:\Program Files\Chromnius\Temp\source5372_1830699730\Chrome-bin\112.0.5567.0\Locales\pt-BR.pak setup.exe File created C:\Program Files\Chromnius\Temp\source5372_1830699730\Chrome-bin\112.0.5567.0\Locales\sv.pak setup.exe File created C:\Program Files\Chromnius\Temp\source5372_1830699730\Chrome-bin\112.0.5567.0\Locales\vi.pak setup.exe File opened for modification C:\Program Files\Chromnius\Application\SetupMetrics\20230319032736.pma setup.exe File created C:\Program Files\Chromnius\Temp\source5372_1830699730\Chrome-bin\112.0.5567.0\Locales\de.pak setup.exe File created C:\Program Files\Chromnius\Temp\source5372_1830699730\Chrome-bin\112.0.5567.0\Locales\ru.pak setup.exe File created C:\Program Files\Chromnius\Temp\source5372_1830699730\Chrome-bin\chromnius.exe setup.exe File created C:\Program Files\Chromnius\Temp\source5372_1830699730\Chrome-bin\112.0.5567.0\chrome_wer.dll setup.exe File created C:\Program Files\Chromnius\Temp\source5372_1830699730\Chrome-bin\112.0.5567.0\Locales\cs.pak setup.exe File created C:\Program Files\Chromnius\Temp\source5372_1830699730\Chrome-bin\112.0.5567.0\Locales\en-GB.pak setup.exe File created C:\Program Files\Chromnius\Temp\source5372_1830699730\Chrome-bin\112.0.5567.0\Locales\fil.pak setup.exe File created C:\Program Files\Chromnius\Temp\source5372_1830699730\Chrome-bin\112.0.5567.0\Locales\hi.pak setup.exe File created C:\Program Files\Chromnius\Temp\source5372_1830699730\Chrome-bin\112.0.5567.0\Locales\kn.pak setup.exe File created C:\Program Files\Chromnius\Temp\source5372_1830699730\Chrome-bin\112.0.5567.0\Locales\pl.pak setup.exe File created C:\Program Files\Chromnius\Temp\source5372_1830699730\Chrome-bin\112.0.5567.0\Locales\tr.pak setup.exe File created C:\Program Files\Chromnius\Temp\source5372_1830699730\Chrome-bin\112.0.5567.0\MEIPreload\preloaded_data.pb setup.exe File created C:\Program Files\Chromnius\Application\112.0.5567.0\Installer\setup.exe setup.exe File created C:\Program Files\Chromnius\Temp\source5372_1830699730\chrome.7z setup.exe File created C:\Program Files\Chromnius\Temp\source5372_1830699730\Chrome-bin\112.0.5567.0\112.0.5567.0.manifest setup.exe File created C:\Program Files\Chromnius\Temp\source5372_1830699730\Chrome-bin\112.0.5567.0\chrome_pwa_launcher.exe setup.exe File created C:\Program Files\Chromnius\Temp\source5372_1830699730\Chrome-bin\112.0.5567.0\icudtl.dat setup.exe File created C:\Program Files\Chromnius\Temp\source5372_1830699730\Chrome-bin\112.0.5567.0\Locales\hr.pak setup.exe File created C:\Program Files\Chromnius\Temp\source5372_1830699730\Chrome-bin\112.0.5567.0\Locales\nl.pak setup.exe File created C:\Program Files\Chromnius\Temp\source5372_1830699730\Chrome-bin\112.0.5567.0\Locales\sw.pak setup.exe File created C:\Program Files\Chromnius\Temp\source5372_1830699730\Chrome-bin\112.0.5567.0\Locales\th.pak setup.exe File created C:\Program Files\Chromnius\Temp\source5372_1830699730\Chrome-bin\112.0.5567.0\v8_context_snapshot.bin setup.exe File created C:\Program Files\Chromnius\Temp\source5372_1830699730\Chrome-bin\112.0.5567.0\vk_swiftshader_icd.json setup.exe File created C:\Program Files\Chromnius\Application\SetupMetrics\f1c39ff7-7785-4931-8624-3fd78f6f56b2.tmp setup.exe File opened for modification C:\Program Files\Chromnius\Application\debug.log chromnius.exe File created C:\Program Files\Chromnius\Temp\source5372_1830699730\Chrome-bin\112.0.5567.0\chrome.dll setup.exe File created C:\Program Files\Chromnius\Temp\source5372_1830699730\Chrome-bin\112.0.5567.0\Locales\es.pak setup.exe File created C:\Program Files\Chromnius\Temp\source5372_1830699730\Chrome-bin\112.0.5567.0\Locales\fi.pak setup.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Delays execution with timeout.exe 3 IoCs
Processes:
timeout.exetimeout.exetimeout.exepid process 3376 timeout.exe 4296 timeout.exe 5224 timeout.exe -
Enumerates system info in registry 2 TTPs 9 IoCs
Processes:
chrome.exemsedge.exechromnius.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chromnius.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chromnius.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chromnius.exe -
Kills process with taskkill 2 IoCs
Processes:
taskkill.exetaskkill.exepid process 2212 taskkill.exe 1808 taskkill.exe -
Modifies registry class 64 IoCs
Processes:
setup.exemsedge.exesetup.exedescription ioc process Key created \REGISTRY\MACHINE\Software\Classes\AppID setup.exe Key created \REGISTRY\MACHINE\Software\Classes\Interface\{B88C45B9-8825-4629-B83E-77CC67D9CEED} setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ChromniusHTM\Application\ApplicationName = "Chromnius" setup.exe Key created \REGISTRY\MACHINE\Software\Classes\.htm\OpenWithProgids setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\LocalServer32\ServerExecutable = "C:\\Program Files\\Chromnius\\Application\\112.0.5567.0\\notification_helper.exe" setup.exe Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{B88C45B9-8825-4629-B83E-77CC67D9CEED}\1.0\0 setup.exe Key created \REGISTRY\MACHINE\Software\Classes\.pdf\OpenWithProgids setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.xhtml\OpenWithProgIds\ChromniusHTM setup.exe Key created \REGISTRY\MACHINE\Software\Classes\.webp setup.exe Key created \REGISTRY\MACHINE\Software\Classes\Interface\{B88C45B9-8825-4629-B83E-77CC67D9CEED}\TypeLib setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ChromniusHTM\Application\ApplicationIcon = "C:\\Program Files\\Chromnius\\Application\\chromnius.exe,0" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\LocalServer32\ = "\"C:\\Program Files\\Chromnius\\Application\\112.0.5567.0\\notification_helper.exe\"" setup.exe Key created \REGISTRY\MACHINE\Software\Classes\ChromniusHTM\shell setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.html\OpenWithProgIds\ChromniusHTM setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.shtml\OpenWithProgids\ChromniusHTM setup.exe Key created \REGISTRY\MACHINE\Software\Classes\.xhtml setup.exe Key created \REGISTRY\MACHINE\Software\Classes\AppID\{D133B120-6DB4-4D6B-8BFE-83BF8CA1B1B0} setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{D133B120-6DB4-4D6B-8BFE-83BF8CA1B1B0}\LocalService = "ChromniusElevationService" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B88C45B9-8825-4629-B83E-77CC67D9CEED}\1.0\0\win64\ = "C:\\Program Files\\Chromnius\\Application\\112.0.5567.0\\elevation_service.exe" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ChromniusHTM\ = "Chromnius HTML Document" setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ msedge.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B88C45B9-8825-4629-B83E-77CC67D9CEED}\1.0\0\win32\ = "C:\\Program Files\\Chromnius\\Application\\112.0.5567.0\\elevation_service.exe" setup.exe Key created \REGISTRY\MACHINE\Software\Classes\ChromniusHTM\Application setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ChromniusHTM\Application\ApplicationCompany = "The Chromnius Authors" setup.exe Key created \REGISTRY\MACHINE\Software\Classes\.pdf setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.svg\OpenWithProgIds\ChromniusHTM setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B88C45B9-8825-4629-B83E-77CC67D9CEED}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B88C45B9-8825-4629-B83E-77CC67D9CEED}\TypeLib\ = "{B88C45B9-8825-4629-B83E-77CC67D9CEED}" setup.exe Key created \REGISTRY\MACHINE\Software\Classes\ChromniusHTM\shell\open\command setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ChromniusHTM\shell\open\command\ = "\"C:\\Program Files\\Chromnius\\Application\\chromnius.exe\" --single-argument %1" setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.pdf\OpenWithProgids\ChromniusHTM setup.exe Key created \REGISTRY\MACHINE\Software\Classes\.xht\OpenWithProgids setup.exe Key created \REGISTRY\MACHINE\Software\Classes\.webp\OpenWithProgids setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.webp\OpenWithProgids\ChromniusHTM setup.exe Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{D133B120-6DB4-4D6B-8BFE-83BF8CA1B1B0} setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ setup.exe Key created \REGISTRY\MACHINE\Software\Classes\ChromniusHTM\shell\open setup.exe Key created \REGISTRY\MACHINE\Software\Classes\.htm setup.exe Key created \REGISTRY\MACHINE\Software\Classes\.shtml\OpenWithProgids setup.exe Key created \REGISTRY\MACHINE\Software\Classes\Interface setup.exe Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\LocalServer32 setup.exe Key created \REGISTRY\MACHINE\Software\Classes\Interface\{B88C45B9-8825-4629-B83E-77CC67D9CEED}\ProxyStubClsid32 setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B88C45B9-8825-4629-B83E-77CC67D9CEED}\TypeLib\Version = "1.0" setup.exe Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{B88C45B9-8825-4629-B83E-77CC67D9CEED} setup.exe Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{B88C45B9-8825-4629-B83E-77CC67D9CEED}\1.0\0\win64 setup.exe Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159} setup.exe Key created \REGISTRY\MACHINE\Software\Classes\.xht setup.exe Key created \REGISTRY\MACHINE\Software\Classes\.svg\OpenWithProgids setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ChromniusHTM\DefaultIcon\ = "C:\\Program Files\\Chromnius\\Application\\chromnius.exe,0" setup.exe Key created \REGISTRY\MACHINE\Software\Classes\.html\OpenWithProgids setup.exe Key created \REGISTRY\MACHINE\Software\Classes\.shtml setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.xht\OpenWithProgIds\ChromniusHTM setup.exe Key created \REGISTRY\MACHINE\Software\Classes\ChromniusHTM setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithProgIds\ChromniusHTM setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ChromniusHTM\Application\ApplicationDescription = "Access the Internet" setup.exe Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{B88C45B9-8825-4629-B83E-77CC67D9CEED}\1.0\0\win32 setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ChromniusHTM\AppUserModelId = "Chromnius" setup.exe Key created \REGISTRY\MACHINE\Software\Classes\.svg setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D133B120-6DB4-4D6B-8BFE-83BF8CA1B1B0}\AppID = "{D133B120-6DB4-4D6B-8BFE-83BF8CA1B1B0}" setup.exe Key created \REGISTRY\MACHINE\Software\Classes\TypeLib setup.exe Key created \REGISTRY\MACHINE\Software\Classes\TypeLib\{B88C45B9-8825-4629-B83E-77CC67D9CEED}\1.0 setup.exe Key created \REGISTRY\MACHINE\Software\Classes\ChromniusHTM\DefaultIcon setup.exe Key created \REGISTRY\MACHINE\Software\Classes\.xhtml\OpenWithProgids setup.exe Key created \REGISTRY\MACHINE\Software\Classes\CLSID setup.exe -
Suspicious behavior: EnumeratesProcesses 15 IoCs
Processes:
Setup (1).tmppowershell.exepowershell.exemsedge.exepowershell.exepid process 1192 Setup (1).tmp 1192 Setup (1).tmp 4100 powershell.exe 4100 powershell.exe 4100 powershell.exe 1752 powershell.exe 1752 powershell.exe 1752 powershell.exe 1752 powershell.exe 4600 msedge.exe 4600 msedge.exe 1220 powershell.exe 1220 powershell.exe 1220 powershell.exe 1220 powershell.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
Processes:
chrome.exemsedge.exepid process 2592 chrome.exe 2668 msedge.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
powershell.exechrome.exepowershell.exe64.exedescription pid process Token: SeDebugPrivilege 4100 powershell.exe Token: SeShutdownPrivilege 2592 chrome.exe Token: SeCreatePagefilePrivilege 2592 chrome.exe Token: SeShutdownPrivilege 2592 chrome.exe Token: SeCreatePagefilePrivilege 2592 chrome.exe Token: SeShutdownPrivilege 2592 chrome.exe Token: SeCreatePagefilePrivilege 2592 chrome.exe Token: SeShutdownPrivilege 2592 chrome.exe Token: SeCreatePagefilePrivilege 2592 chrome.exe Token: SeShutdownPrivilege 2592 chrome.exe Token: SeCreatePagefilePrivilege 2592 chrome.exe Token: SeShutdownPrivilege 2592 chrome.exe Token: SeCreatePagefilePrivilege 2592 chrome.exe Token: SeDebugPrivilege 1752 powershell.exe Token: SeShutdownPrivilege 2592 chrome.exe Token: SeCreatePagefilePrivilege 2592 chrome.exe Token: SeShutdownPrivilege 2592 chrome.exe Token: SeCreatePagefilePrivilege 2592 chrome.exe Token: SeShutdownPrivilege 2592 chrome.exe Token: SeCreatePagefilePrivilege 2592 chrome.exe Token: SeShutdownPrivilege 2592 chrome.exe Token: SeCreatePagefilePrivilege 2592 chrome.exe Token: SeShutdownPrivilege 2592 chrome.exe Token: SeCreatePagefilePrivilege 2592 chrome.exe Token: SeShutdownPrivilege 2592 chrome.exe Token: SeCreatePagefilePrivilege 2592 chrome.exe Token: SeShutdownPrivilege 2592 chrome.exe Token: SeCreatePagefilePrivilege 2592 chrome.exe Token: SeShutdownPrivilege 2592 chrome.exe Token: SeCreatePagefilePrivilege 2592 chrome.exe Token: SeShutdownPrivilege 2592 chrome.exe Token: SeCreatePagefilePrivilege 2592 chrome.exe Token: SeShutdownPrivilege 2592 chrome.exe Token: SeCreatePagefilePrivilege 2592 chrome.exe Token: SeShutdownPrivilege 2592 chrome.exe Token: SeCreatePagefilePrivilege 2592 chrome.exe Token: SeShutdownPrivilege 2592 chrome.exe Token: SeCreatePagefilePrivilege 2592 chrome.exe Token: SeShutdownPrivilege 2592 chrome.exe Token: SeCreatePagefilePrivilege 2592 chrome.exe Token: SeShutdownPrivilege 2592 chrome.exe Token: SeCreatePagefilePrivilege 2592 chrome.exe Token: SeShutdownPrivilege 2592 chrome.exe Token: SeCreatePagefilePrivilege 2592 chrome.exe Token: SeShutdownPrivilege 2592 chrome.exe Token: SeCreatePagefilePrivilege 2592 chrome.exe Token: SeShutdownPrivilege 2592 chrome.exe Token: SeCreatePagefilePrivilege 2592 chrome.exe Token: SeShutdownPrivilege 2592 chrome.exe Token: SeCreatePagefilePrivilege 2592 chrome.exe Token: SeShutdownPrivilege 2592 chrome.exe Token: SeCreatePagefilePrivilege 2592 chrome.exe Token: SeShutdownPrivilege 2592 chrome.exe Token: SeCreatePagefilePrivilege 2592 chrome.exe Token: SeShutdownPrivilege 2592 chrome.exe Token: SeCreatePagefilePrivilege 2592 chrome.exe Token: SeShutdownPrivilege 2592 chrome.exe Token: SeCreatePagefilePrivilege 2592 chrome.exe Token: 33 5584 64.exe Token: SeIncBasePriorityPrivilege 5584 64.exe Token: SeShutdownPrivilege 2592 chrome.exe Token: SeCreatePagefilePrivilege 2592 chrome.exe Token: SeShutdownPrivilege 2592 chrome.exe Token: SeCreatePagefilePrivilege 2592 chrome.exe -
Suspicious use of FindShellTrayWindow 9 IoCs
Processes:
Setup (1).tmpchrome.exemsedge.exesetup.exepid process 1192 Setup (1).tmp 2592 chrome.exe 2592 chrome.exe 2592 chrome.exe 2668 msedge.exe 2668 msedge.exe 2668 msedge.exe 2668 msedge.exe 5732 setup.exe -
Suspicious use of SendNotifyMessage 6 IoCs
Processes:
chrome.exemsedge.exepid process 2592 chrome.exe 2592 chrome.exe 2592 chrome.exe 2668 msedge.exe 2668 msedge.exe 2668 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
Setup (1).exeSetup (1).tmpcmd.exechrome.exedescription pid process target process PID 1480 wrote to memory of 1192 1480 Setup (1).exe Setup (1).tmp PID 1480 wrote to memory of 1192 1480 Setup (1).exe Setup (1).tmp PID 1480 wrote to memory of 1192 1480 Setup (1).exe Setup (1).tmp PID 1192 wrote to memory of 808 1192 Setup (1).tmp cmd.exe PID 1192 wrote to memory of 808 1192 Setup (1).tmp cmd.exe PID 808 wrote to memory of 4100 808 cmd.exe powershell.exe PID 808 wrote to memory of 4100 808 cmd.exe powershell.exe PID 808 wrote to memory of 4732 808 cmd.exe reg.exe PID 808 wrote to memory of 4732 808 cmd.exe reg.exe PID 808 wrote to memory of 2360 808 cmd.exe reg.exe PID 808 wrote to memory of 2360 808 cmd.exe reg.exe PID 808 wrote to memory of 1040 808 cmd.exe reg.exe PID 808 wrote to memory of 1040 808 cmd.exe reg.exe PID 808 wrote to memory of 2540 808 cmd.exe reg.exe PID 808 wrote to memory of 2540 808 cmd.exe reg.exe PID 808 wrote to memory of 3292 808 cmd.exe reg.exe PID 808 wrote to memory of 3292 808 cmd.exe reg.exe PID 808 wrote to memory of 2844 808 cmd.exe reg.exe PID 808 wrote to memory of 2844 808 cmd.exe reg.exe PID 808 wrote to memory of 2592 808 cmd.exe chrome.exe PID 808 wrote to memory of 2592 808 cmd.exe chrome.exe PID 2592 wrote to memory of 3432 2592 chrome.exe chrome.exe PID 2592 wrote to memory of 3432 2592 chrome.exe chrome.exe PID 808 wrote to memory of 3376 808 cmd.exe timeout.exe PID 808 wrote to memory of 3376 808 cmd.exe timeout.exe PID 2592 wrote to memory of 2736 2592 chrome.exe chrome.exe PID 2592 wrote to memory of 2736 2592 chrome.exe chrome.exe PID 2592 wrote to memory of 2736 2592 chrome.exe chrome.exe PID 2592 wrote to memory of 2736 2592 chrome.exe chrome.exe PID 2592 wrote to memory of 2736 2592 chrome.exe chrome.exe PID 2592 wrote to memory of 2736 2592 chrome.exe chrome.exe PID 2592 wrote to memory of 2736 2592 chrome.exe chrome.exe PID 2592 wrote to memory of 2736 2592 chrome.exe chrome.exe PID 2592 wrote to memory of 2736 2592 chrome.exe chrome.exe PID 2592 wrote to memory of 2736 2592 chrome.exe chrome.exe PID 2592 wrote to memory of 2736 2592 chrome.exe chrome.exe PID 2592 wrote to memory of 2736 2592 chrome.exe chrome.exe PID 2592 wrote to memory of 2736 2592 chrome.exe chrome.exe PID 2592 wrote to memory of 2736 2592 chrome.exe chrome.exe PID 2592 wrote to memory of 2736 2592 chrome.exe chrome.exe PID 2592 wrote to memory of 2736 2592 chrome.exe chrome.exe PID 2592 wrote to memory of 2736 2592 chrome.exe chrome.exe PID 2592 wrote to memory of 2736 2592 chrome.exe chrome.exe PID 2592 wrote to memory of 2736 2592 chrome.exe chrome.exe PID 2592 wrote to memory of 2736 2592 chrome.exe chrome.exe PID 2592 wrote to memory of 2736 2592 chrome.exe chrome.exe PID 2592 wrote to memory of 2736 2592 chrome.exe chrome.exe PID 2592 wrote to memory of 2736 2592 chrome.exe chrome.exe PID 2592 wrote to memory of 2736 2592 chrome.exe chrome.exe PID 2592 wrote to memory of 2736 2592 chrome.exe chrome.exe PID 2592 wrote to memory of 2736 2592 chrome.exe chrome.exe PID 2592 wrote to memory of 2736 2592 chrome.exe chrome.exe PID 2592 wrote to memory of 2736 2592 chrome.exe chrome.exe PID 2592 wrote to memory of 2736 2592 chrome.exe chrome.exe PID 2592 wrote to memory of 2736 2592 chrome.exe chrome.exe PID 2592 wrote to memory of 2736 2592 chrome.exe chrome.exe PID 2592 wrote to memory of 2736 2592 chrome.exe chrome.exe PID 2592 wrote to memory of 2736 2592 chrome.exe chrome.exe PID 2592 wrote to memory of 2736 2592 chrome.exe chrome.exe PID 2592 wrote to memory of 2736 2592 chrome.exe chrome.exe PID 2592 wrote to memory of 2736 2592 chrome.exe chrome.exe PID 2592 wrote to memory of 2736 2592 chrome.exe chrome.exe PID 2592 wrote to memory of 2736 2592 chrome.exe chrome.exe PID 2592 wrote to memory of 3912 2592 chrome.exe chrome.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Setup (1).exe"C:\Users\Admin\AppData\Local\Temp\Setup (1).exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\is-RQ8HD.tmp\Setup (1).tmp"C:\Users\Admin\AppData\Local\Temp\is-RQ8HD.tmp\Setup (1).tmp" /SL5="$8003C,800077,786944,C:\Users\Admin\AppData\Local\Temp\Setup (1).exe"2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /C ""C:\Users\Admin\AppData\Local\Temp\is-HOIOB.tmp\chrome.bat" install"3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowershell.exe -ExecutionPolicy Bypass -File C:\Users\Admin\AppData\Local\Temp\is-HOIOB.tmp\\chrome.ps14⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\reg.exeREG ADD "HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallAllowlist" /v "1" /t REG_SZ /d pejhfhcoekcajgokallhmklcjkkeemgj /f4⤵
-
C:\Windows\system32\reg.exeREG ADD "HKLM\SOFTWARE\Google\Chrome\Extensions\pejhfhcoekcajgokallhmklcjkkeemgj" /v "path" /t REG_SZ /d C:\\apps.crx /f4⤵
-
C:\Windows\system32\reg.exeREG ADD "HKLM\SOFTWARE\Google\Chrome\Extensions\pejhfhcoekcajgokallhmklcjkkeemgj" /v "version" /t REG_SZ /d 2.9 /f4⤵
-
C:\Windows\system32\reg.exeREG ADD "HKLM\SOFTWARE\WOW6432Node\Policies\Google\Chrome\ExtensionInstallAllowlist" /v "1" /t REG_SZ /d pejhfhcoekcajgokallhmklcjkkeemgj /f4⤵
-
C:\Windows\system32\reg.exeREG ADD "HKLM\SOFTWARE\WOW6432Node\Google\Chrome\Extensions\pejhfhcoekcajgokallhmklcjkkeemgj" /v "path" /t REG_SZ /d C:\\apps.crx /f4⤵
-
C:\Windows\system32\reg.exeREG ADD "HKLM\SOFTWARE\WOW6432Node\Google\Chrome\Extensions\pejhfhcoekcajgokallhmklcjkkeemgj" /v "version" /t REG_SZ /d 2.9 /f4⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --profile-directory="Default" --load-extension="C:\apps-helper" --no-startup-window4⤵
- Drops Chrome extension
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xec,0xf0,0x40,0xe8,0x114,0x7ffbb7279758,0x7ffbb7279768,0x7ffbb72797785⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1808 --field-trial-handle=1824,i,16386087108081516449,140628050511314153,131072 /prefetch:25⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1824,i,16386087108081516449,140628050511314153,131072 /prefetch:85⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 --field-trial-handle=1824,i,16386087108081516449,140628050511314153,131072 /prefetch:85⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3148 --field-trial-handle=1824,i,16386087108081516449,140628050511314153,131072 /prefetch:85⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3836 --field-trial-handle=1824,i,16386087108081516449,140628050511314153,131072 /prefetch:85⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4024 --field-trial-handle=1824,i,16386087108081516449,140628050511314153,131072 /prefetch:85⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4240 --field-trial-handle=1824,i,16386087108081516449,140628050511314153,131072 /prefetch:15⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4520 --field-trial-handle=1824,i,16386087108081516449,140628050511314153,131072 /prefetch:85⤵
-
C:\Windows\system32\timeout.exetimeout 84⤵
- Delays execution with timeout.exe
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /C ""C:\Users\Admin\AppData\Local\Temp\is-HOIOB.tmp\edge.bat" install"3⤵
- Checks computer location settings
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowershell.exe -ExecutionPolicy Bypass -File C:\Users\Admin\AppData\Local\Temp\is-HOIOB.tmp\\edge.ps14⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\reg.exeREG ADD "HKLM\SOFTWARE\Policies\Microsoft\Edge\ExtensionInstallAllowlist" /v "1" /t REG_SZ /d pejhfhcoekcajgokallhmklcjkkeemgj /f4⤵
-
C:\Windows\system32\reg.exeREG ADD "HKLM\SOFTWARE\Microsoft\Edge\Extensions\pejhfhcoekcajgokallhmklcjkkeemgj" /v "path" /t REG_SZ /d C:\\apps.crx /f4⤵
-
C:\Windows\system32\reg.exeREG ADD "HKLM\SOFTWARE\Microsoft\Edge\Extensions\pejhfhcoekcajgokallhmklcjkkeemgj" /v "version" /t REG_SZ /d 2.9 /f4⤵
-
C:\Windows\system32\reg.exeREG ADD "HKLM\SOFTWARE\WOW6432Node\Policies\Microsoft\Edge\ExtensionInstallAllowlist" /v "1" /t REG_SZ /d pejhfhcoekcajgokallhmklcjkkeemgj /f4⤵
-
C:\Windows\system32\reg.exeREG ADD "HKLM\SOFTWARE\WOW6432Node\Microsoft\Edge\Extensions\pejhfhcoekcajgokallhmklcjkkeemgj" /v "path" /t REG_SZ /d C:\\apps.crx /f4⤵
-
C:\Windows\system32\reg.exeREG ADD "HKLM\SOFTWARE\WOW6432Node\Microsoft\Edge\Extensions\pejhfhcoekcajgokallhmklcjkkeemgj" /v "version" /t REG_SZ /d 2.9 /f4⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory="Default" --load-extension="C:\apps-helper" --no-startup-window4⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xf8,0xd4,0x7ffbb7a546f8,0x7ffbb7a54708,0x7ffbb7a547185⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,10693824522007169883,18269952369684970419,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:25⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,10693824522007169883,18269952369684970419,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 /prefetch:35⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,10693824522007169883,18269952369684970419,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:85⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2148,10693824522007169883,18269952369684970419,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3424 /prefetch:85⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2148,10693824522007169883,18269952369684970419,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3912 /prefetch:85⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,10693824522007169883,18269952369684970419,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:15⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2148,10693824522007169883,18269952369684970419,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4340 /prefetch:85⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2148,10693824522007169883,18269952369684970419,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4348 /prefetch:85⤵
-
C:\Windows\system32\timeout.exetimeout 84⤵
- Delays execution with timeout.exe
-
C:\Users\Admin\AppData\Local\Temp\is-HOIOB.tmp\64.exe"C:\Users\Admin\AppData\Local\Temp\is-HOIOB.tmp\64.exe" --system-level3⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Temp\is-HOIOB.tmp\CR_DFD7E.tmp\setup.exe"C:\Users\Admin\AppData\Local\Temp\is-HOIOB.tmp\CR_DFD7E.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\is-HOIOB.tmp\CR_DFD7E.tmp\CHROME.PACKED.7Z" --system-level4⤵
- Modifies Installed Components in the registry
- Executes dropped EXE
- Registers COM server for autorun
- Drops file in Program Files directory
- Modifies registry class
-
C:\Users\Admin\AppData\Local\Temp\is-HOIOB.tmp\CR_DFD7E.tmp\setup.exeC:\Users\Admin\AppData\Local\Temp\is-HOIOB.tmp\CR_DFD7E.tmp\setup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --annotation=plat=Win64 --annotation=prod=Chromnius --annotation=ver=112.0.5567.0 --initial-client-data=0x25c,0x260,0x264,0x238,0x268,0x7ff7924575b0,0x7ff7924575c0,0x7ff7924575d05⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\is-HOIOB.tmp\CR_DFD7E.tmp\setup.exe"C:\Users\Admin\AppData\Local\Temp\is-HOIOB.tmp\CR_DFD7E.tmp\setup.exe" --system-level --verbose-logging --create-shortcuts=0 --install-level=15⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Modifies registry class
- Suspicious use of FindShellTrayWindow
-
C:\Users\Admin\AppData\Local\Temp\is-HOIOB.tmp\CR_DFD7E.tmp\setup.exeC:\Users\Admin\AppData\Local\Temp\is-HOIOB.tmp\CR_DFD7E.tmp\setup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --annotation=plat=Win64 --annotation=prod=Chromnius --annotation=ver=112.0.5567.0 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff7924575b0,0x7ff7924575c0,0x7ff7924575d06⤵
- Executes dropped EXE
-
C:\Program Files\Chromnius\Application\chromnius.exe"C:\Program Files\Chromnius\Application\chromnius.exe" --from-installer5⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Enumerates system info in registry
-
C:\Program Files\Chromnius\Application\chromnius.exe"C:\Program Files\Chromnius\Application\chromnius.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Chromnius\User Data" /prefetch:7 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\Admin\AppData\Local\Chromnius\User Data" --monitor-self-argument=/prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Chromnius\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=Chromnius --annotation=ver=112.0.5567.0 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffbb7da08f8,0x7ffbb7da0908,0x7ffbb7da09186⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Program Files\Chromnius\Application\chromnius.exe"C:\Program Files\Chromnius\Application\chromnius.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Chromnius\User Data" /prefetch:7 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Chromnius\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=Chromnius --annotation=ver=112.0.5567.0 --initial-client-data=0x13c,0x140,0x144,0xe4,0x148,0x7ff6476e4a38,0x7ff6476e4a48,0x7ff6476e4a587⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Program Files\Chromnius\Application\chromnius.exe"C:\Program Files\Chromnius\Application\chromnius.exe" --type=gpu-process --start-stack-profiler --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1624 --field-trial-handle=1992,i,18132148846593838453,1930268812542676857,131072 /prefetch:26⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Program Files\Chromnius\Application\chromnius.exe"C:\Program Files\Chromnius\Application\chromnius.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --start-stack-profiler --mojo-platform-channel-handle=2068 --field-trial-handle=1992,i,18132148846593838453,1930268812542676857,131072 /prefetch:86⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Program Files\Chromnius\Application\chromnius.exe"C:\Program Files\Chromnius\Application\chromnius.exe" --type=renderer --first-renderer-process --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2504 --field-trial-handle=1992,i,18132148846593838453,1930268812542676857,131072 /prefetch:16⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Program Files\Chromnius\Application\chromnius.exe"C:\Program Files\Chromnius\Application\chromnius.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2128 --field-trial-handle=1992,i,18132148846593838453,1930268812542676857,131072 /prefetch:86⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Program Files\Chromnius\Application\chromnius.exe"C:\Program Files\Chromnius\Application\chromnius.exe" --type=renderer --extension-process --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2512 --field-trial-handle=1992,i,18132148846593838453,1930268812542676857,131072 /prefetch:16⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Program Files\Chromnius\Application\chromnius.exe"C:\Program Files\Chromnius\Application\chromnius.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3928 --field-trial-handle=1992,i,18132148846593838453,1930268812542676857,131072 /prefetch:86⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /C ""C:\Users\Admin\AppData\Local\Temp\is-HOIOB.tmp\close.bat" install"3⤵
-
C:\Windows\system32\timeout.exetimeout 14⤵
- Delays execution with timeout.exe
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowershell.exe -ExecutionPolicy Bypass -File C:\Users\Admin\AppData\Local\Temp\is-HOIOB.tmp\\chromnius.ps14⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ex4xxhxj\ex4xxhxj.cmdline"5⤵
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE6A7.tmp" "c:\Users\Admin\AppData\Local\Temp\ex4xxhxj\CSC5F86CE44920442D1825E51ADE7DFCDD8.TMP"6⤵
-
C:\Windows\system32\taskkill.exetaskkill /F /IM chrome.exe /T4⤵
- Kills process with taskkill
-
C:\Windows\system32\taskkill.exetaskkill /F /IM msedge.exe /T4⤵
- Kills process with taskkill
-
C:\Windows\system32\reg.exeREG ADD "HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist" /v "1" /t REG_SZ /d pejhfhcoekcajgokallhmklcjkkeemgj /f4⤵
-
C:\Windows\system32\reg.exeREG ADD "HKLM\SOFTWARE\WOW6432Node\Policies\Google\Chrome\ExtensionInstallForcelist" /v "1" /t REG_SZ /d pejhfhcoekcajgokallhmklcjkkeemgj /f4⤵
-
C:\Windows\system32\reg.exeREG ADD "HKLM\SOFTWARE\Policies\Microsoft\Edge\ExtensionInstallForcelist" /v "1" /t REG_SZ /d pejhfhcoekcajgokallhmklcjkkeemgj /f4⤵
-
C:\Windows\system32\reg.exeREG ADD "HKLM\SOFTWARE\WOW6432Node\Policies\Microsoft\Edge\ExtensionInstallForcelist" /v "1" /t REG_SZ /d pejhfhcoekcajgokallhmklcjkkeemgj /f4⤵
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files\Chromnius\Application\112.0.5567.0\Installer\setup.exeFilesize
3.0MB
MD5183d951fba47ce3865c0d249584c7dca
SHA1a730f71636bec0c48bc280e1ba82ddb19913d234
SHA25684425be0f55a9c44773ce048b30993035e56f1fb4fc83bce44c5a06b2cb8bdec
SHA5121f94837ba5d8a1ab7ade955ccd7d6342885a57d1970bfe328dda420325c8b9ff862eeb7023ba3fa2f6fa71875be8005d7801611ca18d783cbbc755381352a597
-
C:\Program Files\Chromnius\Application\112.0.5567.0\chrome.dllFilesize
191.6MB
MD546596c0d7ba1c8b98bb282b4538dd768
SHA1ae3f28433e57428927153d799c05501f2f3091e3
SHA25617513ff72cd515dc5f005cb53d56db5126b82de26d2cb498829d77f59c014d4e
SHA512a396d2f04a4a06f86ef02296c883579e4cc88a5aaecac958f3fd2fcdfa27c81db12d6f93781c5af15545561cf01577b601f065a206b5ede56b0564b9107305d1
-
C:\Program Files\Chromnius\Application\112.0.5567.0\chrome_elf.dllFilesize
1.2MB
MD5473604dfe6e0ac134bd91eb8266576c6
SHA1f70593e183d143d38706edf89cd375cd6926d0f7
SHA2567db3705cdabb49a72337597de2e2294eb6c11a3fd719b33d2325d49bb6865695
SHA512ee565787336f102afcbe255572b79b7cec2f7d02530ae1c0dbe4bfbbe8656caefe6f19519c96ca308008dbab6a0a00eefc03365fd4b28f802da047c307b8d7c8
-
C:\Program Files\Chromnius\Application\112.0.5567.0\chrome_elf.dllFilesize
1.2MB
MD5473604dfe6e0ac134bd91eb8266576c6
SHA1f70593e183d143d38706edf89cd375cd6926d0f7
SHA2567db3705cdabb49a72337597de2e2294eb6c11a3fd719b33d2325d49bb6865695
SHA512ee565787336f102afcbe255572b79b7cec2f7d02530ae1c0dbe4bfbbe8656caefe6f19519c96ca308008dbab6a0a00eefc03365fd4b28f802da047c307b8d7c8
-
C:\Program Files\Chromnius\Application\112.0.5567.0\chrome_elf.dllFilesize
1.2MB
MD5473604dfe6e0ac134bd91eb8266576c6
SHA1f70593e183d143d38706edf89cd375cd6926d0f7
SHA2567db3705cdabb49a72337597de2e2294eb6c11a3fd719b33d2325d49bb6865695
SHA512ee565787336f102afcbe255572b79b7cec2f7d02530ae1c0dbe4bfbbe8656caefe6f19519c96ca308008dbab6a0a00eefc03365fd4b28f802da047c307b8d7c8
-
C:\Program Files\Chromnius\Application\112.0.5567.0\chrome_elf.dllFilesize
1.2MB
MD5473604dfe6e0ac134bd91eb8266576c6
SHA1f70593e183d143d38706edf89cd375cd6926d0f7
SHA2567db3705cdabb49a72337597de2e2294eb6c11a3fd719b33d2325d49bb6865695
SHA512ee565787336f102afcbe255572b79b7cec2f7d02530ae1c0dbe4bfbbe8656caefe6f19519c96ca308008dbab6a0a00eefc03365fd4b28f802da047c307b8d7c8
-
C:\Program Files\Chromnius\Application\112.0.5567.0\chrome_elf.dllFilesize
1.2MB
MD5473604dfe6e0ac134bd91eb8266576c6
SHA1f70593e183d143d38706edf89cd375cd6926d0f7
SHA2567db3705cdabb49a72337597de2e2294eb6c11a3fd719b33d2325d49bb6865695
SHA512ee565787336f102afcbe255572b79b7cec2f7d02530ae1c0dbe4bfbbe8656caefe6f19519c96ca308008dbab6a0a00eefc03365fd4b28f802da047c307b8d7c8
-
C:\Program Files\Chromnius\Application\112.0.5567.0\chrome_elf.dllFilesize
1.2MB
MD5473604dfe6e0ac134bd91eb8266576c6
SHA1f70593e183d143d38706edf89cd375cd6926d0f7
SHA2567db3705cdabb49a72337597de2e2294eb6c11a3fd719b33d2325d49bb6865695
SHA512ee565787336f102afcbe255572b79b7cec2f7d02530ae1c0dbe4bfbbe8656caefe6f19519c96ca308008dbab6a0a00eefc03365fd4b28f802da047c307b8d7c8
-
C:\Program Files\Chromnius\Application\112.0.5567.0\chrome_elf.dllFilesize
1.2MB
MD5473604dfe6e0ac134bd91eb8266576c6
SHA1f70593e183d143d38706edf89cd375cd6926d0f7
SHA2567db3705cdabb49a72337597de2e2294eb6c11a3fd719b33d2325d49bb6865695
SHA512ee565787336f102afcbe255572b79b7cec2f7d02530ae1c0dbe4bfbbe8656caefe6f19519c96ca308008dbab6a0a00eefc03365fd4b28f802da047c307b8d7c8
-
C:\Program Files\Chromnius\Application\112.0.5567.0\chrome_elf.dllFilesize
1.2MB
MD5473604dfe6e0ac134bd91eb8266576c6
SHA1f70593e183d143d38706edf89cd375cd6926d0f7
SHA2567db3705cdabb49a72337597de2e2294eb6c11a3fd719b33d2325d49bb6865695
SHA512ee565787336f102afcbe255572b79b7cec2f7d02530ae1c0dbe4bfbbe8656caefe6f19519c96ca308008dbab6a0a00eefc03365fd4b28f802da047c307b8d7c8
-
C:\Program Files\Chromnius\Application\112.0.5567.0\chrome_elf.dllFilesize
1.2MB
MD5473604dfe6e0ac134bd91eb8266576c6
SHA1f70593e183d143d38706edf89cd375cd6926d0f7
SHA2567db3705cdabb49a72337597de2e2294eb6c11a3fd719b33d2325d49bb6865695
SHA512ee565787336f102afcbe255572b79b7cec2f7d02530ae1c0dbe4bfbbe8656caefe6f19519c96ca308008dbab6a0a00eefc03365fd4b28f802da047c307b8d7c8
-
C:\Program Files\Chromnius\Application\SetupMetrics\20230319032736.pmaFilesize
488B
MD56d971ce11af4a6a93a4311841da1a178
SHA1cbfdbc9b184f340cbad764abc4d8a31b9c250176
SHA256338ddefb963d5042cae01de7b87ac40f4d78d1bfa2014ff774036f4bc7486783
SHA512c58b59b9677f70a5bb5efd0ecbf59d2ac21cbc52e661980241d3be33663825e2a7a77adafbcec195e1d9d89d05b9ccb5e5be1a201f92cb1c1f54c258af16e29f
-
C:\Program Files\Chromnius\Application\SetupMetrics\20230319032736.pmaFilesize
2KB
MD5228ec25cc5f56197368b8a7b71243b76
SHA1afe863639dab978f88c18cc5754f1f64061d9a3e
SHA256e9a890917b238f427228a03a5d2db7f7bc417254f471717fc6a5a9dfddc273b8
SHA512e1b5dd32ecff795da2c6b2d4b8ee120c53afda16a7ee2383647cfff21389c824fc10df65fd1b0680a4151f11a8bc9e7a363d3a5d3787923088cfbeb81e8836c4
-
C:\Program Files\Chromnius\Application\chromnius.exeFilesize
2.4MB
MD57a6df73b4ddabe414b1dbd9cfa3df1dd
SHA1a7ea91344da56f4707bed3b1f158ff21d622ce8a
SHA2566442265ab0c2f3bf389d7c4a8d418af6319f41f1b4df82e4b068de283a535eac
SHA512344d095869e1e594f41b16a15295c59000a8eeb842d028d342f9ffa7b7bd30b4e35f0200aea3c11b83721acea75e9445482166f8d9c64723eb67fb44d3d413ca
-
C:\Program Files\Chromnius\Application\chromnius.exeFilesize
2.4MB
MD57a6df73b4ddabe414b1dbd9cfa3df1dd
SHA1a7ea91344da56f4707bed3b1f158ff21d622ce8a
SHA2566442265ab0c2f3bf389d7c4a8d418af6319f41f1b4df82e4b068de283a535eac
SHA512344d095869e1e594f41b16a15295c59000a8eeb842d028d342f9ffa7b7bd30b4e35f0200aea3c11b83721acea75e9445482166f8d9c64723eb67fb44d3d413ca
-
C:\Program Files\Chromnius\Application\chromnius.exeFilesize
2.4MB
MD57a6df73b4ddabe414b1dbd9cfa3df1dd
SHA1a7ea91344da56f4707bed3b1f158ff21d622ce8a
SHA2566442265ab0c2f3bf389d7c4a8d418af6319f41f1b4df82e4b068de283a535eac
SHA512344d095869e1e594f41b16a15295c59000a8eeb842d028d342f9ffa7b7bd30b4e35f0200aea3c11b83721acea75e9445482166f8d9c64723eb67fb44d3d413ca
-
C:\Program Files\Chromnius\Application\chromnius.exeFilesize
2.4MB
MD57a6df73b4ddabe414b1dbd9cfa3df1dd
SHA1a7ea91344da56f4707bed3b1f158ff21d622ce8a
SHA2566442265ab0c2f3bf389d7c4a8d418af6319f41f1b4df82e4b068de283a535eac
SHA512344d095869e1e594f41b16a15295c59000a8eeb842d028d342f9ffa7b7bd30b4e35f0200aea3c11b83721acea75e9445482166f8d9c64723eb67fb44d3d413ca
-
C:\Program Files\Chromnius\Application\chromnius.exeFilesize
2.4MB
MD57a6df73b4ddabe414b1dbd9cfa3df1dd
SHA1a7ea91344da56f4707bed3b1f158ff21d622ce8a
SHA2566442265ab0c2f3bf389d7c4a8d418af6319f41f1b4df82e4b068de283a535eac
SHA512344d095869e1e594f41b16a15295c59000a8eeb842d028d342f9ffa7b7bd30b4e35f0200aea3c11b83721acea75e9445482166f8d9c64723eb67fb44d3d413ca
-
C:\Program Files\Chromnius\Application\chromnius.exeFilesize
2.4MB
MD57a6df73b4ddabe414b1dbd9cfa3df1dd
SHA1a7ea91344da56f4707bed3b1f158ff21d622ce8a
SHA2566442265ab0c2f3bf389d7c4a8d418af6319f41f1b4df82e4b068de283a535eac
SHA512344d095869e1e594f41b16a15295c59000a8eeb842d028d342f9ffa7b7bd30b4e35f0200aea3c11b83721acea75e9445482166f8d9c64723eb67fb44d3d413ca
-
C:\Program Files\Chromnius\Application\chromnius.exeFilesize
2.4MB
MD57a6df73b4ddabe414b1dbd9cfa3df1dd
SHA1a7ea91344da56f4707bed3b1f158ff21d622ce8a
SHA2566442265ab0c2f3bf389d7c4a8d418af6319f41f1b4df82e4b068de283a535eac
SHA512344d095869e1e594f41b16a15295c59000a8eeb842d028d342f9ffa7b7bd30b4e35f0200aea3c11b83721acea75e9445482166f8d9c64723eb67fb44d3d413ca
-
C:\Program Files\Chromnius\Application\chromnius.exeFilesize
2.4MB
MD57a6df73b4ddabe414b1dbd9cfa3df1dd
SHA1a7ea91344da56f4707bed3b1f158ff21d622ce8a
SHA2566442265ab0c2f3bf389d7c4a8d418af6319f41f1b4df82e4b068de283a535eac
SHA512344d095869e1e594f41b16a15295c59000a8eeb842d028d342f9ffa7b7bd30b4e35f0200aea3c11b83721acea75e9445482166f8d9c64723eb67fb44d3d413ca
-
C:\Program Files\Chromnius\Application\chromnius.exeFilesize
2.4MB
MD57a6df73b4ddabe414b1dbd9cfa3df1dd
SHA1a7ea91344da56f4707bed3b1f158ff21d622ce8a
SHA2566442265ab0c2f3bf389d7c4a8d418af6319f41f1b4df82e4b068de283a535eac
SHA512344d095869e1e594f41b16a15295c59000a8eeb842d028d342f9ffa7b7bd30b4e35f0200aea3c11b83721acea75e9445482166f8d9c64723eb67fb44d3d413ca
-
C:\Program Files\Chromnius\Application\chromnius.exeFilesize
2.4MB
MD57a6df73b4ddabe414b1dbd9cfa3df1dd
SHA1a7ea91344da56f4707bed3b1f158ff21d622ce8a
SHA2566442265ab0c2f3bf389d7c4a8d418af6319f41f1b4df82e4b068de283a535eac
SHA512344d095869e1e594f41b16a15295c59000a8eeb842d028d342f9ffa7b7bd30b4e35f0200aea3c11b83721acea75e9445482166f8d9c64723eb67fb44d3d413ca
-
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chromnius.lnkFilesize
2KB
MD5601315029c5e2821ffa0a5785832d498
SHA11d7fa2854ccfb82ecc0c4401e86b83a2a4fe683c
SHA256d0fe8559e5eca6f1e0ac0820a36f1833c029d083759e79bb680359db79bae2cf
SHA512d6334d6cc972cb038ee61a3bc4f95e7cf60346414243c9882106a342f26e9dc0033d02b508b793dee699b1fa880e22b8699d752f8cc153e5f302c404d4762ab0
-
C:\Users\Admin\AppData\Local\Chromnius\User Data\Default\Code Cache\js\indexFilesize
24B
MD554cb446f628b2ea4a5bce5769910512e
SHA1c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA5128f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0
-
C:\Users\Admin\AppData\Local\Chromnius\User Data\Default\PreferencesFilesize
3KB
MD57b8bed4a03330c10d7675ffc3a7b45d2
SHA14b83182e90c0b06c0fdf62fa853806b83c98a361
SHA25653d7d56df2932b3791e081f80c21c39aaab701a52ca692ecc0e095b43b646266
SHA51261e30a044b9769711d9d2028b9d894d3aef24e25196f4badbccefec1f6d63973e73da5af40324db52b45e4a5ad068ed2154a4ddddf8e81f0465725bd31993acb
-
C:\Users\Admin\AppData\Local\Chromnius\User Data\Default\PreferencesFilesize
3KB
MD5475e67b123db8c93700a998c0ed7ae42
SHA175dc0c53552ded88ef3380b7dba5b55a645d3a55
SHA25616149227927cff2c9419ffd2aa1bc2b78075350e696e44ad4040f07c0d2a0b34
SHA5121d2671c80cc797ac430c2740e968e136e43311b32195a7c138225d3904b3e7f4e816d42e07dd83cd5e326cf63e3b2663e43f2f85d04a3e2749ab1289d0ee4a04
-
C:\Users\Admin\AppData\Local\Chromnius\User Data\Default\Preferences~RFe57fa4e.TMPFilesize
3KB
MD5a6e4cdf8286df2a110b4b3e3e74e7dc7
SHA1d4dcb8dfdb63b83e6766d95572044abacb4840e1
SHA256344e044a194f55848b0fae0f4d72767486d7a12f2f08792608b32824be8a68fe
SHA51241e7e4abc47091c6af25df4f7224283c0aa3a51700aa6f03914b2ca93c135e9884ba2a20f3e9680ffaeb1358a7fa7dc0dec71d32178a40588b54294c13e36b34
-
C:\Users\Admin\AppData\Local\Chromnius\User Data\Default\d56cebec-0da3-4ed5-bf1c-e3b5cc681ca7.tmpFilesize
194KB
MD57d674ef293aa828b54f35c936ce2a7b6
SHA11426fa7c38db45386f2f154009e1d261b1361240
SHA2565ab00c2222e6b2a4f2ac4f2032781a2d765b6bb828ef35e9aac3187d90551be4
SHA512ff92154cf9ed1a135bc295e03e046e32be60958e9ba6804008c4947d40456947694306aa4e8687551607a04db6727331f0a989bbf5a15b7971a0e3c466036e8e
-
C:\Users\Admin\AppData\Local\Chromnius\User Data\Local StateFilesize
1KB
MD5ee2a1395e0e24df37df6afe217e14e64
SHA11f380bf0e0ca612f4c9b1be9bb0443d701ec9046
SHA2562952d5a2802f35af38ff989598736e0d16496b18340a15ec72ee94f7bf32fc97
SHA5123d1cbe04a945dbd34122f8ad6e131802d4d220f6cb89eae4d5143e0b6cbd93dd5d90266a512aa5e125e7f9b1ae6966e410aebbb7fb275261fdd439232aea95d1
-
C:\Users\Admin\AppData\Local\Chromnius\User Data\Local State~RFe57851e.TMPFilesize
913B
MD5d9b1be1f535b9ce799d38034e943d15a
SHA1c5bc00f15cc5198fec4d73102fadd6a6e56284a9
SHA2569680f356c45bb582704fb038fd3ea55c6161acd472ee81e09f4370be5d25354a
SHA512c93fbb82f96ac405eff2fc90643c56c174174a69609eec7cd6130aa55d9f77cda192fd2552e661958d4f857e837b21e5b58e7c16720450a45a23a578e68535fd
-
C:\Users\Admin\AppData\Local\Chromnius\User Data\ShaderCache\data_0Filesize
8KB
MD5cf89d16bb9107c631daabf0c0ee58efb
SHA13ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA5128cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0
-
C:\Users\Admin\AppData\Local\Chromnius\User Data\ShaderCache\data_2Filesize
8KB
MD50962291d6d367570bee5454721c17e11
SHA159d10a893ef321a706a9255176761366115bedcb
SHA256ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed
-
C:\Users\Admin\AppData\Local\Chromnius\User Data\ShaderCache\data_3Filesize
8KB
MD541876349cb12d6db992f1309f22df3f0
SHA15cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1Filesize
264KB
MD51a73369c4870a46d46ba52509b2b7f92
SHA115b7cd62f3255e62d47f4612fddd610c3eebe21f
SHA256b146565a1a7214d37aa0bf9de578bd1967385e80dbc87e8cdf11db2e8a5f9fa2
SHA512332414d5e475310c14180796c2fd03460ac0662d53342fad5e2dd62f8ff563a096644b923bf965e904f37c5055ec7ed7064c49b3aa8c07f5ef2839711de7c34b
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir2592_1708171490\CRX_INSTALL\data.jsFilesize
153B
MD510c30d08cbeaf1ff64deb4a59b73d3dc
SHA1db43a9486df0de2ebf1a088bae24fc3eef30522a
SHA256c89b65c9f412fe552de6710e1c8e9c429647e29fedd6cf457151901060a4d4c7
SHA5120e41b2152d08cb9b0dcabdb7c00dc0b63c8dd5b1a49a971807255abd5427fba5b38571239bcf87e8458fb42edd17a10c4fe5978560f19c4e652c5f1b722336b6
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir2592_1708171490\CRX_INSTALL\functions.jsFilesize
883B
MD5348b4354a40b372122dc27b2423f417c
SHA1dd46c31b962c92b6f768ab0b379d8715483b1ceb
SHA256e3a39e8eb38792b8992216dbc84f9022f6dc5c171c693b5e70f9e4e4b9137f5f
SHA512d4ede90d528c3dc255de3b028ce4ddb1f3a43ffb1f571a63fc00140a182f81fb192af604c819a09a05aec393d01f1b725c6ce958d517b537d57d4ffc237b6f0f
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir2592_1708171490\CRX_INSTALL\helpers.jsFilesize
3KB
MD5f6e0d198738122e9dfae4197e79933b1
SHA16c20c5fc475dde4433c37b533df1002af082cac3
SHA256d45d511b794d2a7bb2f2878e8cd2c332be057113fc9018ce46462cc88aba2aa7
SHA512dde02dcd28ae8978a198ff5218657eb1d30345744cf1c0251a407445d5f27970a86b21196a81b0fbaee8373106bce6a232b585dc43d290ba71201e1656f7805f
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir2592_1708171490\CRX_INSTALL\img\icon.pngFilesize
4KB
MD556ec49b699de9c5d2155f8d46d5a1d8d
SHA1915949dcc4dfc76d53b2c177123f448f3f4bd833
SHA256c20bbb80ac4da9c8ff50912ed2e23338f640036189733430ac90d473ce72f3bc
SHA5120e92544ecd9ef1fbdcd72bb0acfa1d69088e08c5fa442d73697874282bcddfe4bc898e0dd24c66aca52250a7d8edb0f651f676dc8cbbb5acfe42cbb6d579c183
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir2592_1708171490\CRX_INSTALL\manifest.jsonFilesize
1KB
MD52dc7911290d1f9f8347c50d364559d4e
SHA1413be633cb7a0d0b2a86f586dbdfa40d19f4879d
SHA256e314f7767aaaed712d2c5377208582b0b3d3d7ddbce15053bb180fd88f4b1e27
SHA5123409fb6f65dd74b9d7269fcc049b6f5b987b85a802e5d0fafbc943a663c707b648a0b275ed59922af5f1cdde3eebeba5da3ade415c964e36943c47ad14967ee9
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir2592_1708171490\CRX_INSTALL\notifications.jsFilesize
2KB
MD5c45a273f370f17b7fff755982364448f
SHA1a1f865ad92c9be62b24a2d91fae640df86c247df
SHA256f3d495384968a729bc72071076f5648c4f38c7f27b895402b22f877e6b8b7b14
SHA512bc8d6f5c62b57677a255d4b90bbe8c405aa0ba2394846491cee656c785be91a1c0df725f7c4962b18a56e489f63d0537a80784f419a0933fff6c1d82fb251981
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir2592_1708171490\CRX_INSTALL\service.jsFilesize
4KB
MD544bc8aad0124773c105dd15740a0644d
SHA1eb82b7c0b63701af7a454ccdfacf773d2a6375ca
SHA256695d4d1e2506ac5ee22bce891a82ffd243ecc8624ff0bef3407696eb95f868a2
SHA5124a11988cb7cfb9ef33f560d7d8ffa1b18fd08fdb6979531aa08effc830f215a655c98317972e6a60575314e2c1b2f599034c1a8657417f49e16e3f9400a60b09
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir2592_1708171490\CRX_INSTALL\user-agent.jsFilesize
686B
MD5e860f2a011729aeb1ef57ba1d8751230
SHA110f94757530e7d2598ffa03ef4da9eca51f638e3
SHA2560a6c31b1f52978b5dc627cbb3189a89b4d452d16a257a9f1c816b086ad3921a6
SHA51203f4e65f1f8abbea49148c40fd271a9e26d54214c17eb768db765fbdff2abf81d69838c8441e869b78771e7c4b459d708154d776719a90eebcd8295c2e6f8564
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
1KB
MD57dbaa42334208c6b267027126cdc84a7
SHA19a55b511cabf0779da5daab8f35ef3358fe43202
SHA256d6d9abf11e5bfb3c8865aca1891aa54ac068171c6095fe08757ec8c4a75d146b
SHA51288c98b9fbb93c9e67789eddd39316e9de80ed0d1fdfcd5a1913c200e723b6d630665f2427656e5507fb056146443d45b3e0d6e331245ebc40e06d09daae800c1
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD5f70235c58ba904a39c0597dacb4aa94a
SHA133d0db3f20a1a4e98d26a89c84231f3e1977f3ac
SHA2561c15c32f1f341b2bb97b2a9f731ea22537d5b4206fca19b5aed98b6f2f4ab0f8
SHA512e8752bc0a5f31a15b8f8f6682c19743c46ca94220c6a024c87003738cb90463565985f273acb964aba5063c102cc1a63b6d93abd4948cd68ccf9dc91763f3049
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD54daf03a61ad5f987ee9350a71aa4d288
SHA1d774fc5946ccae92c5b1561a19b22ed14872d535
SHA2560ee04ee4fa2707d1f48eae3b9574c67cac4db1b6aa462fe3219e9bae32e0de28
SHA51210bfdd47142c035a9cd3edd40ab4e145b28f828c19976e1f98726a120fdda21586820c13b52b58594214451c6a740ac4fe5d93654508ecd3c382d7b1a4ef9a42
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure PreferencesFilesize
18KB
MD5378beb73fa7bb2a00d73589ef504a5a7
SHA1d89d6df19e9886d16ed5af44da53d1abf19d10fe
SHA256a29807d29aca6fea0a6976863d92b85bb0ff37b2255272c5fe59008e5ad949a9
SHA5127eb34e857035c737b227bd86abb9ba53b97f9eb08bb23ab8e80a02dcc069453828a6ec9f7df3fd6b43b2bf740b70a00f9129c20e1af8cd2e8d006ecafcbb6880
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-indexFilesize
72B
MD59dfec2b134b1600b0b880082bba85b2c
SHA1172e6f90a366d64150d6bb3dc69f6fbdef52cba9
SHA256245b13919a4282bee8afcadfddbc6ca034d15d510daa32393c82b9c0642eb3d5
SHA5128c3154db7eafeecd4c68177ea49d6214f5dac07ac7e5d7ae7a51da063702e8af662b1b8c6434c25b39f5948a896a4f40bae0ae18dae64f575def12acf76d7776
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe570b79.TMPFilesize
48B
MD5991b484fdafb8d5dc3f09b6524937ecd
SHA11363267b77039b8f1a88ea92a2efdf03fc57b3cc
SHA25625312b5a24586bb0b1bef2946da830b45e0d3c9c0d8a7d4b3a6c16744d650159
SHA512e63537fe59120232a017bf033138cfb56055e269f610edf0b7d6e845aceaf91b012f14f0185718e75db6f77e7ef8e139908e45b94c53be9bafa93d1114030cda
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
143KB
MD52f9d13db6b4812bb15981b979db6e138
SHA1d837f2746e10748c9d522600bae38cdb326b6fa3
SHA2563981fc8f79db6a7496089310dccab866dd61d3191eecd05214d8bfa3d0fe2066
SHA5129b07e1a2d648cf70091d4491966c25c49ee83dcab37765df248460bef560c02e9c63559cf60f5f7e92c16c0d91a4c57931fd3d398ff9595fa19563455927960c
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
143KB
MD52f9d13db6b4812bb15981b979db6e138
SHA1d837f2746e10748c9d522600bae38cdb326b6fa3
SHA2563981fc8f79db6a7496089310dccab866dd61d3191eecd05214d8bfa3d0fe2066
SHA5129b07e1a2d648cf70091d4491966c25c49ee83dcab37765df248460bef560c02e9c63559cf60f5f7e92c16c0d91a4c57931fd3d398ff9595fa19563455927960c
-
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.logFilesize
2KB
MD56cf293cb4d80be23433eecf74ddb5503
SHA124fe4752df102c2ef492954d6b046cb5512ad408
SHA256b1f292b6199aa29c7fafbca007e5f9e3f68edcbbca1965bc828cc92dc0f18bb8
SHA5120f91e2da0da8794b9797c7b50eb5dfd27bde4546ceb6902a776664ce887dd6f12a0dd8773d612ccc76dfd029cd280778a0f0ae17ce679b3d2ffd968dd7e94a00
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD578c7656527762ed2977adf983a6f4766
SHA121a66d2eefcb059371f4972694057e4b1f827ce6
SHA256e1000099751602ae1adcec6f1c74e1d65f472936817b45239dfed4b043984296
SHA5120a8e58ae95163b3cdf8e81b5085887761e73cb7c836a1a6a972e837fb3df69b2ac70cfd6311d06d40656344ec35eb48e512f007561480f0345486ac2b329be0b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.icoFilesize
70KB
MD5e5e3377341056643b0494b6842c0b544
SHA1d53fd8e256ec9d5cef8ef5387872e544a2df9108
SHA256e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25
SHA51283f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
4KB
MD55a091676e6ccaf38077bc14f52ae07d0
SHA1fdd3d99c5e9206293eb68829d7ccf84d0ffc73d2
SHA2561e3708421bbea86eb41b579d282b09d7935264edf8fa92ed57528ca86b2542dc
SHA512f2e78b76551ed0a13f6da9d698515963e4f472fec31a8ff0ff23b1d5fb1ae6fe75e48ba320bda574182e5a4f4be2b60eeac715c3c2e3586f3a33cdf925ec9566
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
4KB
MD5c218d41e86a2b294a4b10266f44df1e3
SHA1ac65cf5f3d0881b792dfc8672a84c9cad6554ecf
SHA25678563489dd5c46de84e62aa248c471444d82bfa6d4192acff459228d897b2b9c
SHA51290dd8d7a261f5da30423cee2f54567cb3321509eb9098018c06957eaa5471add89644795f8baf23a1c21df93816e0950774395328e5742fdd66dfcd4d35c6aff
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure PreferencesFilesize
25KB
MD5bb457ead0d5f89162579f1b3f4ffc37b
SHA119394d4e095b9800a2cc1442d5ac9828581174f3
SHA256ac3d36e3dfe823e0df5c8d4dc9d347376989a94b6c75785ad170523275b97f84
SHA512b462d419c5a8dfb2e0b582e378461c257e0e3a5ef7102111f21196cb23755731b9f67948669b07e9069e1ed56adb96e2979095bf49837f9fe3b4140e014ee76b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure PreferencesFilesize
27KB
MD516b1b8430f8f3cb41243674f590e5443
SHA100f2ba72f4f55b2cfdb98ed754ad5b82bdec441c
SHA256230edde810f743a5cafa2644334e4954a1a4d98f525f3138828afce2e0f1de26
SHA512a4892b2cb7e89419941c2255108ce31bf491829a684ad25eeae37ac141db18b43ea91739eb2ee66bd9fd648c841722ebdb2069f119560e5719ea76c745378807
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-indexFilesize
72B
MD5b91de437e05365c46037b484322682bb
SHA13434420a4192ea0d5c3fc1433cebee5d4a0107e6
SHA2561a4d01b3a1827c230ef8411bf561f48f590f009838eee5988e2eabec05a08252
SHA51295d7aa5f4557f687571ea31bb4fdfea95e415312ff64a13efadc66e75a948a4c6bf54ed28debb13a160f54d3fcfbbee4505e4bd51a770dfa49de2a1f56d4da23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe573170.TMPFilesize
72B
MD53bf43fb168922235200e72ae4c56e724
SHA1b9b106a56701573864218eddcf7bd7bee2b4a43b
SHA25660bfd2116be5f8e0d33c237e4117b9b1ff1a4b869893b39e3418ace75649bdf4
SHA512bd4d6a72ce1e153b71285a9b04f36bb2c07be16fb41879ef51c01030dbfcb758d44b0152918e41b77fabf6bf1a15b244afe3eba0aab2c595de2e1667a57790fb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
9KB
MD509af0836bb3a83546a4943afcd56e81f
SHA1c619f8ab575d05586ec86328c32dc3f8fe334039
SHA2564cb1f1b75f699fcae12721a5e2a68497e63db8c56095700be8ebe2bb0e86f446
SHA5129e221722803d81277522fc5c4aaf1681a55a90017f8d4b4db68d4adecc5c06e47293c155fa5f1bcb135c98e81f600ff15059e3e2928ebd4fdd75f77637c8086c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
9KB
MD5fafa82527041fc5804a89093038dc897
SHA1774405095f9efac8fb92ec3cfed462222b5ae59f
SHA25607ba6b76f2ce5d97d147831eeba12f5b2fc189053697ecbfd4a0fdb0085d9ec8
SHA51264ecb5466c9c71342bdf53b6fedd7ebc350c2cab005abccb7e54c579a09dc02fa87f618a4e1e553be63f22254fd08e07fa2b4c776474d3cb71a487f442cd57df
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractiveFilesize
1KB
MD57164c3d7c57ebbaec233482f2e1cc1f1
SHA1a767f48a2a10c216470d0782100828f0bed91579
SHA25665ca843513f0f6ee03ae9b357fd6fea801a17ffe23c8a04777f8f06a5f0206ae
SHA512bc09ee737727408fa5a969a6eb2be0be83d521e4f3f6c0567e4caa28f09de2794d413fbef52a5a7243fb49005d69ab56052ce417440d07beadbc6684cb362951
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractiveFilesize
1KB
MD52af5fe16d04b1629ce11200d0a10ba99
SHA17ee89342753edfe30935f7ca126aa8947147d9a9
SHA256259beba2bf77a7d26f062dcaafe818c8d99e96582f606859042f9d0a0a70320d
SHA512e80d12a6eed88dbad7915fc8e8744e4ec2814b0e105802a4da75449f5fa41e443be1c6543e1fb51859285c267179fbfbcc8e5dae25c2f37bad8a7f89ca4428fa
-
C:\Users\Admin\AppData\Local\Temp\RESE6A7.tmpFilesize
1KB
MD5fe87d7d3fadbda220c7d0fd5ed972209
SHA19d8c248513719c21a37f937a4a02c604e724d328
SHA2568e2e0a0684d1baec275f55d5229b314cf69629a93d23b9aca5c3710e49f3c3d3
SHA512f79df0471937e2c0aef04d2406d8714883c7f48e511b7043f3a01f7fd819a2f828ab01f361e2805e96a516aa12222f3152c45485905c6ae54442a2cc160a8ad2
-
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_k5zlswqp.u4d.ps1Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
C:\Users\Admin\AppData\Local\Temp\ex4xxhxj\ex4xxhxj.dllFilesize
3KB
MD50a8578ce0baafd0e448653b1fe7ba7bb
SHA13fe1523e4d75714e488a4463c7720eebfd19674b
SHA25686ed7b193f7e352b8cfaa20a6c3b717efeac6dc2c6142d0b34611639b96ee287
SHA5128ce016605c0703d250d44f9b96ef37b168afdbbf3bbeadbc4c9f35371100279cfcbd86a7985c0ef00c368d379a2fd1972e804a3a68ea8477b316bbfc21b87770
-
C:\Users\Admin\AppData\Local\Temp\f87c50c1-9c6f-4a53-861e-668f01c2b05d.tmpFilesize
1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
C:\Users\Admin\AppData\Local\Temp\is-HOIOB.tmp\64.exeFilesize
76.7MB
MD5dd55acb4e7da17d3adbd39a7a9424ec4
SHA1e6b2198cab4cadc9f7b4b836b23a2db98d8007cb
SHA256ea47702b9edf57d228ba9baff5b7579fd36311745ce13815c3f67e873144f7d3
SHA5125a90c5e25c9e9e262673ef34c19165da5e441fb001a08df56c89e47ec2ea6d572d24bc94c0a81f28c7cae3045233f19c1bdda0415ffe5c49cbd0422044d39cf0
-
C:\Users\Admin\AppData\Local\Temp\is-HOIOB.tmp\64.exeFilesize
76.7MB
MD5dd55acb4e7da17d3adbd39a7a9424ec4
SHA1e6b2198cab4cadc9f7b4b836b23a2db98d8007cb
SHA256ea47702b9edf57d228ba9baff5b7579fd36311745ce13815c3f67e873144f7d3
SHA5125a90c5e25c9e9e262673ef34c19165da5e441fb001a08df56c89e47ec2ea6d572d24bc94c0a81f28c7cae3045233f19c1bdda0415ffe5c49cbd0422044d39cf0
-
C:\Users\Admin\AppData\Local\Temp\is-HOIOB.tmp\CR_DFD7E.tmp\CHROME.PACKED.7ZFilesize
75.5MB
MD5f5e16309299c728b32fd4ce7e7062119
SHA168246a33b75b06cc7d9c207f7b59f96812bebff9
SHA256d1a552b0567dc153c496ad552bfe236ba4ea5d0038fbe0d2a28f44cef9fca560
SHA51264ae2db7822c57c7373ee9126bddcf628577150da6f95f4b9edc6da213e049e1bc73fadbd925f6aec81636fa463680ff669a922fd6a446d9676e2adf445cd832
-
C:\Users\Admin\AppData\Local\Temp\is-HOIOB.tmp\CR_DFD7E.tmp\setup.exeFilesize
3.0MB
MD5183d951fba47ce3865c0d249584c7dca
SHA1a730f71636bec0c48bc280e1ba82ddb19913d234
SHA25684425be0f55a9c44773ce048b30993035e56f1fb4fc83bce44c5a06b2cb8bdec
SHA5121f94837ba5d8a1ab7ade955ccd7d6342885a57d1970bfe328dda420325c8b9ff862eeb7023ba3fa2f6fa71875be8005d7801611ca18d783cbbc755381352a597
-
C:\Users\Admin\AppData\Local\Temp\is-HOIOB.tmp\CR_DFD7E.tmp\setup.exeFilesize
3.0MB
MD5183d951fba47ce3865c0d249584c7dca
SHA1a730f71636bec0c48bc280e1ba82ddb19913d234
SHA25684425be0f55a9c44773ce048b30993035e56f1fb4fc83bce44c5a06b2cb8bdec
SHA5121f94837ba5d8a1ab7ade955ccd7d6342885a57d1970bfe328dda420325c8b9ff862eeb7023ba3fa2f6fa71875be8005d7801611ca18d783cbbc755381352a597
-
C:\Users\Admin\AppData\Local\Temp\is-HOIOB.tmp\CR_DFD7E.tmp\setup.exeFilesize
3.0MB
MD5183d951fba47ce3865c0d249584c7dca
SHA1a730f71636bec0c48bc280e1ba82ddb19913d234
SHA25684425be0f55a9c44773ce048b30993035e56f1fb4fc83bce44c5a06b2cb8bdec
SHA5121f94837ba5d8a1ab7ade955ccd7d6342885a57d1970bfe328dda420325c8b9ff862eeb7023ba3fa2f6fa71875be8005d7801611ca18d783cbbc755381352a597
-
C:\Users\Admin\AppData\Local\Temp\is-HOIOB.tmp\CR_DFD7E.tmp\setup.exeFilesize
3.0MB
MD5183d951fba47ce3865c0d249584c7dca
SHA1a730f71636bec0c48bc280e1ba82ddb19913d234
SHA25684425be0f55a9c44773ce048b30993035e56f1fb4fc83bce44c5a06b2cb8bdec
SHA5121f94837ba5d8a1ab7ade955ccd7d6342885a57d1970bfe328dda420325c8b9ff862eeb7023ba3fa2f6fa71875be8005d7801611ca18d783cbbc755381352a597
-
C:\Users\Admin\AppData\Local\Temp\is-HOIOB.tmp\CR_DFD7E.tmp\setup.exeFilesize
3.0MB
MD5183d951fba47ce3865c0d249584c7dca
SHA1a730f71636bec0c48bc280e1ba82ddb19913d234
SHA25684425be0f55a9c44773ce048b30993035e56f1fb4fc83bce44c5a06b2cb8bdec
SHA5121f94837ba5d8a1ab7ade955ccd7d6342885a57d1970bfe328dda420325c8b9ff862eeb7023ba3fa2f6fa71875be8005d7801611ca18d783cbbc755381352a597
-
C:\Users\Admin\AppData\Local\Temp\is-HOIOB.tmp\chrome.batFilesize
3KB
MD54c5b195c47cebff1b982c9afad1cca4e
SHA19e1520208b0cdfd477e9bffb3052fe430a8a3e9f
SHA256863be4d05876fb592b7aaad0182a16cfea50ecbac47e35b55cb3b66484ddde5f
SHA5126a1f2abddf5585530817510be84a09ffcc88811f22193b67a0a4b163b77fd42c963820eb9795d5488ac84d3219ab775a477e6f861aec2b248cb56d9ea24e2712
-
C:\Users\Admin\AppData\Local\Temp\is-HOIOB.tmp\chrome.ps1Filesize
27B
MD5c774ee6f456444fcadd09dc5e27a501b
SHA13b49a20623ff5968b24dac1bcd1a57125e111341
SHA256d3477d17f918bc82462191dee88fe57f25d19173a8361d94580e2dfae3b503df
SHA512a2b8f0ce3dd8b3c9d7e1bd468953eb4a03f0f11511cf65531497056d7ad9a8134d628cf1e1a5e2baafbe05a1a47ffa4673d1fcdc915e7aa9e7da12de4644674d
-
C:\Users\Admin\AppData\Local\Temp\is-HOIOB.tmp\chromnius.ps1Filesize
463B
MD5a828f4ab4961fef91bdb9d57dcb99820
SHA114ebef5080f5fdaba42df0df825385b921f7a10e
SHA256bf7661f9b1e317a9227f6c4dd1189b1acfb5c40369fec641247d8ab4b20ac023
SHA512f059640d0f9f968387af2d6e78a27a4293a84510ccc781e447ad812d16ae9f51e1aa28cedfe417f321de09b51d9ad6421a969cf53519347f4e7b92c2ab71e5fd
-
C:\Users\Admin\AppData\Local\Temp\is-HOIOB.tmp\close.batFilesize
683B
MD58e02bc9b54180591563d7308b34d9477
SHA14562c4ea851d83a40f8530f63cf73224e598735b
SHA25683f59409aa9b6934e0f923c3d339511ce3c97381a5f8aa0f74ec717da5ccc4de
SHA5120bc6081cd8804109e5fdce6ed30d9c829e332086d36ef26c035120dc4a47d1b80d1075df55711a31875f20a0a1a03222a7d54cea39e9b30ad3978fa38347df7f
-
C:\Users\Admin\AppData\Local\Temp\is-HOIOB.tmp\edge.batFilesize
2KB
MD5197091a1406e37481df082c9c8a22c9f
SHA146ba95dd2546f9a49f60b5556be4f3f307ef7edf
SHA25668fb78ac6345271ac15010969bee7409384b086022f9513a76598692c1e8bd25
SHA512a82957ac8c69b8b9dfb694b9e7faf65cba92330bf1910e06620e3cc2424a354b24a6ede3948715dc11dfeb0676a3af655c05b0249ca07661afd5d8d3fa891b8a
-
C:\Users\Admin\AppData\Local\Temp\is-HOIOB.tmp\edge.ps1Filesize
27B
MD5c2325eb340fbf3ac139dad081449f643
SHA151f767c9d7c8b823983932e0c6821fa94b6791d4
SHA2561fbcca088a4e94dd4bcf72c74051c621185b9c12397d927cc63452399f4ed8b3
SHA512e68bcdcba878e35804c164437ea07d42228adc60f7d3e5e046d56009965282119e691a2398f09749e11c457055f2aeb9e87c4157553358e957ea26f5baf9ef6f
-
C:\Users\Admin\AppData\Local\Temp\is-RQ8HD.tmp\Setup (1).tmpFilesize
3.0MB
MD5104684b539640daef74e717e02abcf98
SHA13dbe093bbe92ab27c23610795358a763eab1b11b
SHA256c46d28f68af133e26dcb5f60564e4e31896c7917b68baf5d0c11fc2dd5bad7f3
SHA5123eaa956d34ec3d98fcb9cb28a08d8832314140f0ac9f7e3266a75831ea7e99041090fd98ff69a221ce8a0a5615767b34cd3555c182d069e3a1bbd02e1a5e54c1
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir2592_588251565\CRX_INSTALL\web.jsFilesize
3KB
MD50a0612e56656b3934b4df8c191cd29c7
SHA16d1f60e6b509e3f13f6f1cd1540b586a90c5e400
SHA256d1c1e27fed617c153492939dc1a495cb7ded48bffc7554c6d68d4e35cabdeef7
SHA5128536a6bbc4c907c6ca71c465e7a2e7be7c06da4d592b7f77ec93f8f8203143c49df056c634afcd5fa3ecf7094a5d753f8d677564dd48b4cb6b7abfb336532bd4
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir2592_588251565\apps.crxFilesize
12KB
MD56867d60051d20ce9af6e70e446237548
SHA15ee5950d11118220620401e9423278d8ae84bc67
SHA2568be446a55eb96bb216719b1d838610d0a873c7d23eb27f1a785271e592da96c0
SHA51208c598604e984bc8ac8258fac9e69e223b19b6e616200c996d4eb3083889927e0b10f519b34a19e8f35a0736ec19e0d788c51a2e4d1a5ae113e86b82f90dfc64
-
C:\Users\Admin\AppData\Local\Temp\scoped_dir2668_538649471\CRX_INSTALL\manifest.jsonFilesize
772B
MD53e8637f57a571f7f049ddd1560b5a1bc
SHA1d7a40cb7f7ae98e54753db5fe07e59e0442a4c82
SHA25603587f482b61d50825df9727d746a456a5dac48c05a54161a6cbf28ea446012d
SHA512cc9586f6aaabc356bbfa3a066d6b85e12077283d80a4bc1cce0fca6a03fe1f24596cdeb9233d2c5101c3cc4637f0b231501c8bfd2366ab2ce366d27348a3c3e2
-
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Chromnius.lnkFilesize
2KB
MD5601315029c5e2821ffa0a5785832d498
SHA11d7fa2854ccfb82ecc0c4401e86b83a2a4fe683c
SHA256d0fe8559e5eca6f1e0ac0820a36f1833c029d083759e79bb680359db79bae2cf
SHA512d6334d6cc972cb038ee61a3bc4f95e7cf60346414243c9882106a342f26e9dc0033d02b508b793dee699b1fa880e22b8699d752f8cc153e5f302c404d4762ab0
-
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnkFilesize
2KB
MD50abe114ac9e0db503dfa3a897a3d8558
SHA1345251cee12e9fba889aba1e40d807a3893648d6
SHA256a1a4daaa4eb2156013657e98bd42bd41f63a8eb1079181daa5c936aa3689ffeb
SHA512d5f5fa90830276849a4a2ce162bad2b6a5577b092cb06fd39cac7dec2d4920cb136d00eb27bb203129010e6bc350dce52a234fe892de9e58c967ddf487104bef
-
C:\Windows\TEMP\Crashpad\settings.datFilesize
40B
MD579596b80aaddfc8be2fe7b2d05ffea1e
SHA18e24ce30a62ee598b163a9298556fcf9577c8eb1
SHA256ff158fd66100b500e0ba27ade9a842fa9d4fd2d220a6b10effa43353af031bac
SHA51281e0786eacb2fae34062e3f257097fc34a0dc0bd748043a70c71f31f5001f6b9151c7eebb5041c1d5cba147586e68cf651af38ebda4648013b05d7d5c14245a2
-
C:\apps-helper\manifest.jsonFilesize
219B
MD58cb0aca2b1457ccdffe28f9843bed9f5
SHA1dcff694b3f2eac4bca4a6b96f32026d1cad9fb83
SHA25615db2b5b55e74489dd4ad623328fbc10022bde652c6099dd07d93f6263663c62
SHA51207e99c3684c9952d1cd9ad42ba147b934023392b1abd2fd688c585505c197fef9eaa5804f6413d9be8217f6c66cfd3f09e05d1ace57230380c0f9b4ad333e670
-
C:\apps-helper\service.jsFilesize
164B
MD5637b35d87a311e04cd5cd8784f86e0b4
SHA11002135b3306d7f5c7dcf37afe7e0d536cc3e642
SHA256f5cec8e00eda7960d48299c44d4196f9de3a7907c68913585b656759eba82bfc
SHA512990fbf0b42e561af98c481646df327b5a693d327c08c3cb6bf5484e6a446b7844167988bf4aa74c92efb277b05536583bdea0703f7158a8b35405098e53b224b
-
C:\apps.crxFilesize
12KB
MD56867d60051d20ce9af6e70e446237548
SHA15ee5950d11118220620401e9423278d8ae84bc67
SHA2568be446a55eb96bb216719b1d838610d0a873c7d23eb27f1a785271e592da96c0
SHA51208c598604e984bc8ac8258fac9e69e223b19b6e616200c996d4eb3083889927e0b10f519b34a19e8f35a0736ec19e0d788c51a2e4d1a5ae113e86b82f90dfc64
-
\??\c:\Users\Admin\AppData\Local\Temp\ex4xxhxj\CSC5F86CE44920442D1825E51ADE7DFCDD8.TMPFilesize
652B
MD50fe2d37caf792ae08cd9f6fe6b36d94a
SHA17fdae06006255dffa83580a2ba9a38dbc75234ff
SHA2564c7aa2ea8f4f306f275ca80069811b1ef8978a1671fb29e82b7d4ca6c54722d4
SHA5124a2cc1ccb8f9e49c55d52c4ff6027ac0046fbc98335eb654427c6897edc0564bb3ae5001c4bbabda36822dd2da300855157e48ad9175f461030d44280265399f
-
\??\c:\Users\Admin\AppData\Local\Temp\ex4xxhxj\ex4xxhxj.0.csFilesize
238B
MD5195efe0b63a6dcb726478ffbafd56d56
SHA138ce205f5b69867530e7a4096622753f47213421
SHA2567fe22d45868d415196aa26dd502366719b8c40d8a821877e7064bf0bc042f427
SHA5125188410ef569621e80a0a9a94a5ff33c4c08788e2a0de096ca21d0c1e44e25ee03067599414ab43b2365637ff9f266f47e3e1f99ffea8e5276e0d6da5c3b99c2
-
\??\c:\Users\Admin\AppData\Local\Temp\ex4xxhxj\ex4xxhxj.cmdlineFilesize
369B
MD5b8bd5065fe73f9b8c53061dcddfdcce3
SHA1f673123d6717e3412a00296e76ec19c012e25d50
SHA25667050e682bb9194d024a76daaec1c95f91fd2fdc0efa9dcfee15ff7379d437b9
SHA512e7f1fb2c0dbc755449c8e5a3b5e6dd11ee2fe747e04a2e0f04c8812dcbd66c3dd4c5eaee04aff899313d5aa7424c11354cd7f5c12008a366239116083d00f15f
-
\??\pipe\LOCAL\crashpad_2668_NXMBSYUPIKRLFICCMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
\??\pipe\crashpad_2592_GUKXPUNSSDHPXAGMMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/1192-180-0x0000000000400000-0x0000000000708000-memory.dmpFilesize
3.0MB
-
memory/1192-550-0x0000000000400000-0x0000000000708000-memory.dmpFilesize
3.0MB
-
memory/1192-139-0x0000000000D00000-0x0000000000D01000-memory.dmpFilesize
4KB
-
memory/1192-828-0x0000000000400000-0x0000000000708000-memory.dmpFilesize
3.0MB
-
memory/1192-848-0x0000000000400000-0x0000000000708000-memory.dmpFilesize
3.0MB
-
memory/1220-829-0x000001D254120000-0x000001D254130000-memory.dmpFilesize
64KB
-
memory/1220-831-0x000001D254120000-0x000001D254130000-memory.dmpFilesize
64KB
-
memory/1220-830-0x000001D254120000-0x000001D254130000-memory.dmpFilesize
64KB
-
memory/1480-133-0x0000000000400000-0x00000000004CD000-memory.dmpFilesize
820KB
-
memory/1480-179-0x0000000000400000-0x00000000004CD000-memory.dmpFilesize
820KB
-
memory/1480-850-0x0000000000400000-0x00000000004CD000-memory.dmpFilesize
820KB
-
memory/1752-328-0x000002D093B80000-0x000002D093B90000-memory.dmpFilesize
64KB
-
memory/1752-327-0x000002D093B80000-0x000002D093B90000-memory.dmpFilesize
64KB
-
memory/1752-329-0x000002D093B80000-0x000002D093B90000-memory.dmpFilesize
64KB
-
memory/4100-166-0x000002223E250000-0x000002223E260000-memory.dmpFilesize
64KB
-
memory/4100-184-0x000002223E2D0000-0x000002223E4EC000-memory.dmpFilesize
2.1MB
-
memory/4100-181-0x000002223E250000-0x000002223E260000-memory.dmpFilesize
64KB
-
memory/4100-177-0x000002223E5F0000-0x000002223E612000-memory.dmpFilesize
136KB
-
memory/4100-167-0x000002223E250000-0x000002223E260000-memory.dmpFilesize
64KB