kinsing | hxxp://apps[.]identrust[.]com/roots/dstrootcax3[.]p7c

Analysis

max time kernel
177s
max time network
185s
platform
windows10-2004_x64
resource
win10v2004-20231215-es
resource tags

arch:x64arch:x86image:win10v2004-20231215-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
25-01-2024 15:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://apps.identrust.com/roots/dstrootcax3.p7c

Score

10^/10

kinsing loader

Malware Config

Signatures

Kinsing
Kinsing is a loader written in Golang.
loader kinsing

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133506715951686252"	chrome.exe

Modifies registry class 56 IoCs

Processes:

chrome.exechrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\NodeSlot = "2"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e8005398e082303024b98265d99428e115f0000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000_Classes\Local Settings	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe100000001760d7bc492fda01a4f24d315b2fda01dcdd54b9a64fda0114000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exe

pid process

2864 chrome.exe
2864 chrome.exe
2864 chrome.exe
2864 chrome.exe
3356 chrome.exe
3356 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

chrome.exe

pid process

2864 chrome.exe
2864 chrome.exe
2864 chrome.exe
2864 chrome.exe
2864 chrome.exe
2864 chrome.exe
2864 chrome.exe
2864 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeCreatePagefilePrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeCreatePagefilePrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeCreatePagefilePrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeCreatePagefilePrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeCreatePagefilePrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeCreatePagefilePrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeCreatePagefilePrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeCreatePagefilePrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeCreatePagefilePrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeCreatePagefilePrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeCreatePagefilePrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeCreatePagefilePrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeCreatePagefilePrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeCreatePagefilePrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeCreatePagefilePrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeCreatePagefilePrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeCreatePagefilePrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeCreatePagefilePrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeCreatePagefilePrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeCreatePagefilePrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeCreatePagefilePrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeCreatePagefilePrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeCreatePagefilePrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeCreatePagefilePrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeCreatePagefilePrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeCreatePagefilePrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeCreatePagefilePrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeCreatePagefilePrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeCreatePagefilePrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeCreatePagefilePrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeCreatePagefilePrivilege	2864	chrome.exe
Token: SeShutdownPrivilege	2864	chrome.exe
Token: SeCreatePagefilePrivilege	2864	chrome.exe

Suspicious use of FindShellTrayWindow 33 IoCs

Processes:

chrome.exe

pid	process
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe
2864	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

chrome.exe

pid process

456 chrome.exe

pid	process
456	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2864 wrote to memory of 4696	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 4696	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 4012	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 4012	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 4012	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 4012	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 4012	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 4012	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 4012	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 4012	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 4012	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 4012	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 4012	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 4012	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 4012	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 4012	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 4012	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 4012	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 4012	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 4012	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 4012	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 4012	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 4012	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 4012	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 4012	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 4012	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 4012	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 4012	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 4012	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 4012	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 4012	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 4012	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 4012	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 4012	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 4012	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 4012	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 4012	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 4012	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 4012	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 4012	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 2920	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 2920	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 2500	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 2500	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 2500	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 2500	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 2500	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 2500	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 2500	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 2500	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 2500	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 2500	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 2500	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 2500	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 2500	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 2500	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 2500	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 2500	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 2500	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 2500	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 2500	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 2500	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 2500	2864	chrome.exe	chrome.exe
PID 2864 wrote to memory of 2500	2864	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://apps.identrust.com/roots/dstrootcax3.p7c
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2864

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeec749758,0x7ffeec749768,0x7ffeec749778
2⤵
PID:4696

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1744 --field-trial-handle=1912,i,8379505509344312712,11472803690389467077,131072 /prefetch:2
2⤵
PID:4012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1912,i,8379505509344312712,11472803690389467077,131072 /prefetch:8
2⤵
PID:2920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2092 --field-trial-handle=1912,i,8379505509344312712,11472803690389467077,131072 /prefetch:8
2⤵
PID:2500

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3056 --field-trial-handle=1912,i,8379505509344312712,11472803690389467077,131072 /prefetch:1
2⤵
PID:1216

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3076 --field-trial-handle=1912,i,8379505509344312712,11472803690389467077,131072 /prefetch:1
2⤵
PID:3160

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4788 --field-trial-handle=1912,i,8379505509344312712,11472803690389467077,131072 /prefetch:8
2⤵
PID:864

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 --field-trial-handle=1912,i,8379505509344312712,11472803690389467077,131072 /prefetch:8
2⤵
PID:4568

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4788 --field-trial-handle=1912,i,8379505509344312712,11472803690389467077,131072 /prefetch:8
2⤵
PID:3324

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4800 --field-trial-handle=1912,i,8379505509344312712,11472803690389467077,131072 /prefetch:8
2⤵
PID:4584

C:\Program Files\Windows Mail\wab.exe
"C:\Program Files\Windows Mail\wab.exe" /certificate "C:\Users\Admin\Downloads\dstrootcax3.p7c"
2⤵
PID:3672

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5048 --field-trial-handle=1912,i,8379505509344312712,11472803690389467077,131072 /prefetch:8
2⤵
PID:2684

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4780 --field-trial-handle=1912,i,8379505509344312712,11472803690389467077,131072 /prefetch:8
2⤵
PID:748

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5312 --field-trial-handle=1912,i,8379505509344312712,11472803690389467077,131072 /prefetch:1
2⤵
PID:2264

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5616 --field-trial-handle=1912,i,8379505509344312712,11472803690389467077,131072 /prefetch:1
2⤵
PID:3324

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2344 --field-trial-handle=1912,i,8379505509344312712,11472803690389467077,131072 /prefetch:8
2⤵
PID:4620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2356 --field-trial-handle=1912,i,8379505509344312712,11472803690389467077,131072 /prefetch:8
2⤵
PID:232

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5908 --field-trial-handle=1912,i,8379505509344312712,11472803690389467077,131072 /prefetch:1
2⤵
PID:2100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5560 --field-trial-handle=1912,i,8379505509344312712,11472803690389467077,131072 /prefetch:1
2⤵
PID:2212

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4060 --field-trial-handle=1912,i,8379505509344312712,11472803690389467077,131072 /prefetch:1
2⤵
PID:2200

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3052 --field-trial-handle=1912,i,8379505509344312712,11472803690389467077,131072 /prefetch:1
2⤵
PID:1584

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3844 --field-trial-handle=1912,i,8379505509344312712,11472803690389467077,131072 /prefetch:8
2⤵
PID:2648

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5824 --field-trial-handle=1912,i,8379505509344312712,11472803690389467077,131072 /prefetch:8
2⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:456

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1620 --field-trial-handle=1912,i,8379505509344312712,11472803690389467077,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3356

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1560

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021
Filesize
192KB

MD5
5036f7c363373f5d9cc2b6519806feae

SHA1
3caf2148a2eb7c82f9aff0f3a2f4594ee70327bf

SHA256
715c5d3e3839c1b47c3008e8a89f929e60858ee379724a20775003c692e9fd6c

SHA512
4661cd6fb02dccc48a42fe127b1e88f7e794cd4eb1d8a5a8f5075f772dad63211efa349bab579c5bb81bfb2c4b1be201c6725a56f617f8913a2235e3565fe645

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
a8305e38d0a80d79d656c7dd888a50db

SHA1
db9e3638082d0eb7a8c98ef36162a763ed145a05

SHA256
328887d585a190bfb39b8e5003904a77682859f4e70a608a5d1e53eb1c57f26b

SHA512
a6dd01059401a05968febeba88b910cb3e8338f8401c173a6eba01214d81c44b68811a89c85a7af7e9e9f2de02a1df23cff0768457420dbfd14475460b940636

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
ca3c1d9a5bff55a64c18e414e35d3e59

SHA1
8940319efd4af855e646d81d2c3b0afa2ff193f2

SHA256
bf67dc718a1e64443e754b21cd81c2d7689c68d07e0b30416fc1da626008c966

SHA512
4d2a6766c022c0844aa4fb48539eac2c5c4bfe013005e0987afca2e05415f965ac07de3256a73f23170ca27a79b21ca88601b040ad48b85d5c13a3c9606c13e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
457c1c3a604a85d97cc330aa851452db

SHA1
7e8987bae40c19df96d612b3fb8ae7a5fac0b630

SHA256
fb12e0aab0d45b3c06ab1f28d51e923c8b322cc469b6921abd8d6d2b7f8754b8

SHA512
3beefbb19e0379a1e3421871830da00bf2077c50aa28e98be67ace1e4d9b52556bce1f04525722a53b49e471dbff0e3712acf4279b3d8c44489e43fda424b0b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
371B

MD5
8d80600c5fa5211c0118703877eb18ed

SHA1
098ac41fc687c59508560f21b4cc79738acf3c90

SHA256
63e03d43c9ff947835492eb71b03f4b1e54c3b3a98c16482ba3e0f41dbd9a0eb

SHA512
ce0f35d257a67d02cb4b6a6d29e9c5072d7bd726bc6d810b4ea8ac50ad6c86a9bc5d154b3f65cc740f75420d441848721ef158878f5de129c4a45de479fa3517

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
873B

MD5
949c7363a2f4d266c635c3198325cc3e

SHA1
17633e5ed7e50866f943cb0b778d7e56183709e6

SHA256
f0bc402134f47266664d9d67cc980c0176c1d3a5b890c61ab62de211d5db806d

SHA512
72470ad6722ceec6e2b0381dea7fd8d4c6f61a38b3a3edc2ad70934ac54e3395c196de4cad50c4f039e0bed175a9484fcf02401dde3a93c5300eb32bddc28bdd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
d9a7be4f3b58011a8e853510fd205d2e

SHA1
5e57b92b7ebed8c61b69cbc6656617d013df69d0

SHA256
d710d99e0987a685bc482bbec301ddd17527c6e14e57fdb0657d58d8ae678af8

SHA512
a766abdef8bf8d4f7383b3c286be4b679772b6832b9e3cfb3ad1ae83247c178007f63c69be4936380f255be25a362c98c018bd6f8422ba85bc2a5451f58406ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
a552700c3a694d051052afd3087ee4e3

SHA1
38598359681b5b4de3585e58cd03f5de4adc3811

SHA256
8de71b673760a678958981003d03153c476ed46a1f80eba1a7a400d394b8962f

SHA512
95fbbae9b22600e1f1bc5b409d0a1fba41a884f6e0468bbcde179c34b4f8f43ff513610675bf55eee5467de2cea31a0e9131797151cb658e9c09b1dca56b4e36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
7d006759e2b4f39e09f557cfe8a8cbab

SHA1
08ff62cf570ea2456a0297195da7bfd45ac2a5b3

SHA256
133c4bd8f9f1a806c3406c90fbbfcfa6e4176dfb497a2429e9960f4695c3e8fd

SHA512
2f2ee38bbabad7b2d1bc0c4750dd67d503255c2b00a8cdc7b771ec32698b95be560ea5b2cab2144711a3a58f35727c1fe8c8e1a5f5bb77229f088592a26312d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
72B

MD5
9a973eeaf60d47ad67a4e3a41fdac977

SHA1
e3b60c4fd38f6f3d67b97230690f79940837e432

SHA256
ccd11a4a205cfdde9576aaa6daae3c07e5923f4983bf051ab84cc8fe0f46a17a

SHA512
8876d493a2ccec80f0f2e196766edec9f94893c946b10055bc91439e400de93fd2af7a8e9847b7cc40c98c2ffd7ed0aa9583319052a87519cb1b608c8587f9c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5882b8.TMP
Filesize
48B

MD5
9639f340828a1e5ca3e4c6c29f192b62

SHA1
44d0a6ed86e90ab3b340d66ac6e051eb5fba9014

SHA256
d1354e8aa23d84a21a466a5420fb1b20fe4186d2e843d06499a5b9a6fe6825a3

SHA512
2a482caa3fd8f6dc6fc4dc2966a5ffc624940c7cfe76514c9ce3608acc29b3f2e4a7dcdadf810678a2733a223dc5bdcd694487e7689bca9c5a0a10f0a908a414

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
135KB

MD5
5caad04471d810f1878f203bd677e067

SHA1
e42485b136e3d1b1b8614157d9c16de1a6e1d30d

SHA256
488e999c52e7d1b79ed9af46a1aeb3af7e96ab860bd8429871893528b5f34a4b

SHA512
ad278433914c0b1caa1a2de8ed15592a3bf23fecaec41767fb247c99616e04a92789f3c3b52295cb46535e1fceaa50fc868cbc5c8f7e7130be237e787b1ae358

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
116KB

MD5
a31be371c8221109ad5ccd6ffd6fa715

SHA1
5f829315d0fb562fd934905ee2953f4c94e0786a

SHA256
191a55d0a33d16b6282b93ad12ee07e645b3757072f2973e1ab7021feed6239b

SHA512
425b17d43a19fe8ab45f62fedf31a99701e0eac70f0ad0588d90037034cc5849a29025a225dbe28e5217c432c0be7f9aaf2b7936ccc609d9fa6374cc8e5878b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
115KB

MD5
cb3eff747ac6cc9911b2b5091afe0e4a

SHA1
f88f5359564dbecd57c747ac125ff1164559d133

SHA256
eeb066184d6a90e3a20d90fd4d817af46a820d1f2a08ae6181723355ea5d6475

SHA512
86371f89ebd4092d07788cfb47c7d763b93821232df72122920c7c81517934a8e22ef5118dee591a22fa7d0e6b8dba970436b5d30fd5b978dbc589965812a8f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
111KB

MD5
59ead0d97d3300bbce5130ca54820ab2

SHA1
d451b70fcea7be9570e121bd1d3b3042e99f440a

SHA256
eb5f1d67e20c2d7c8dba61930da4163af299a130a3b2d609527eed91110ea0e4

SHA512
0d38790a29c88cc9ea19847ea02445266287f768fb0eed14e76c5572fb5811d9110d4b44f61ba7df079235734db99a5627f8c0eb48da60ea96082dd48ab2c3b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57d438.TMP
Filesize
104KB

MD5
ff66f091dea3e02da2c4d28415926ec2

SHA1
141fcf840b7a9f3f4fd41d920ec60762510e451f

SHA256
4e866bea8e36cb2b41ec7ee73ed4b2dfc1fe97630e8a83c86af6a47ef4e8961c

SHA512
8716ac3a242734dc3eaecf5b57083916923e172554d934ce7998ca57f0e2721595f57140774c96fd8b43deb4a708f87e96c780ad837425668629fcac6b218a08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\d7e4f23e-8fb9-4873-b7ee-cfa5a494fbac.tmp
Filesize
115KB

MD5
78401d4ac3a356f623819cec9d0125f4

SHA1
d795b64d5c29e067d0547784f58cf6fbdd121fe4

SHA256
9963c1a4dbdfaecb1b6b8cbc814d8a52b8184ad2226c4309fa21f0672feff7fb

SHA512
e26b6390e19ea0d41192c1155520785caebaa889e9b77e0e14fa809fe393e4ade47b38c14dad904dc76b88e4c9a1c61a55c1fdf7122efd5b6c81e50e7dd45747

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\eb71514b-1656-448a-a118-53617bed9061.tmp
Filesize
116KB

MD5
a38eb1b4d6b2ebd7edb9be26edcf4fa8

SHA1
ead4ff27ebce5e5d46f37708a2d6d60f53772f04

SHA256
0fc6f7aee50afbf3893118dcccd9faf4b42ac11f491a5715b90772c95fd5619f

SHA512
5676ad358c6396f997596d9b1b53506d5d51e2a29188a46e46b57717c57371bd3edbbfd301890a9ed96e1ebebf59a2397ff3bf157b5020f9de61f46017d8786a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\dstrootcax3.p7c
Filesize
893B

MD5
d4ae187b4574036c2d76b6df8a8c1a30

SHA1
b06f409fa14bab33cbaf4a37811b8740b624d9e5

SHA256
a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7

SHA512
1f44a360e8bb8ada22bc5bfe001f1babb4e72005a46bc2a94c33c4bd149ff256cce6f35d65ca4f7fc2a5b9e15494155449830d2809c8cf218d0b9196ec646b0c

Download Submit
\??\pipe\crashpad_2864_TVIYVHDJXNPCUBBK
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit