hxxps://kronixsolutions[.]net/

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
16/06/2024, 20:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://kronixsolutions.net/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 4 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133630431028280167"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1181767204-2009306918-3718769404-1000\{C9D6E118-D180-4150-A7CC-5457D793F045}	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1388	chrome.exe
1388	chrome.exe
4844	chrome.exe
4844	chrome.exe
5344	msedge.exe
5344	msedge.exe
1204	msedge.exe
1204	msedge.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
656	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 32 IoCs

pid	Process
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	1388	chrome.exe
Token: SeCreatePagefilePrivilege	1388	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe

Suspicious use of FindShellTrayWindow 53 IoCs

pid	Process
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
1388	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1388 wrote to memory of 1272	1388	chrome.exe	102
PID 1388 wrote to memory of 1272	1388	chrome.exe	102
PID 1388 wrote to memory of 3572	1388	chrome.exe	103
PID 1388 wrote to memory of 3572	1388	chrome.exe	103
PID 1388 wrote to memory of 3572	1388	chrome.exe	103
PID 1388 wrote to memory of 3572	1388	chrome.exe	103
PID 1388 wrote to memory of 3572	1388	chrome.exe	103
PID 1388 wrote to memory of 3572	1388	chrome.exe	103
PID 1388 wrote to memory of 3572	1388	chrome.exe	103
PID 1388 wrote to memory of 3572	1388	chrome.exe	103
PID 1388 wrote to memory of 3572	1388	chrome.exe	103
PID 1388 wrote to memory of 3572	1388	chrome.exe	103
PID 1388 wrote to memory of 3572	1388	chrome.exe	103
PID 1388 wrote to memory of 3572	1388	chrome.exe	103
PID 1388 wrote to memory of 3572	1388	chrome.exe	103
PID 1388 wrote to memory of 3572	1388	chrome.exe	103
PID 1388 wrote to memory of 3572	1388	chrome.exe	103
PID 1388 wrote to memory of 3572	1388	chrome.exe	103
PID 1388 wrote to memory of 3572	1388	chrome.exe	103
PID 1388 wrote to memory of 3572	1388	chrome.exe	103
PID 1388 wrote to memory of 3572	1388	chrome.exe	103
PID 1388 wrote to memory of 3572	1388	chrome.exe	103
PID 1388 wrote to memory of 3572	1388	chrome.exe	103
PID 1388 wrote to memory of 3572	1388	chrome.exe	103
PID 1388 wrote to memory of 3572	1388	chrome.exe	103
PID 1388 wrote to memory of 3572	1388	chrome.exe	103
PID 1388 wrote to memory of 3572	1388	chrome.exe	103
PID 1388 wrote to memory of 3572	1388	chrome.exe	103
PID 1388 wrote to memory of 3572	1388	chrome.exe	103
PID 1388 wrote to memory of 3572	1388	chrome.exe	103
PID 1388 wrote to memory of 3572	1388	chrome.exe	103
PID 1388 wrote to memory of 3572	1388	chrome.exe	103
PID 1388 wrote to memory of 3572	1388	chrome.exe	103
PID 1388 wrote to memory of 1492	1388	chrome.exe	104
PID 1388 wrote to memory of 1492	1388	chrome.exe	104
PID 1388 wrote to memory of 4100	1388	chrome.exe	105
PID 1388 wrote to memory of 4100	1388	chrome.exe	105
PID 1388 wrote to memory of 4100	1388	chrome.exe	105
PID 1388 wrote to memory of 4100	1388	chrome.exe	105
PID 1388 wrote to memory of 4100	1388	chrome.exe	105
PID 1388 wrote to memory of 4100	1388	chrome.exe	105
PID 1388 wrote to memory of 4100	1388	chrome.exe	105
PID 1388 wrote to memory of 4100	1388	chrome.exe	105
PID 1388 wrote to memory of 4100	1388	chrome.exe	105
PID 1388 wrote to memory of 4100	1388	chrome.exe	105
PID 1388 wrote to memory of 4100	1388	chrome.exe	105
PID 1388 wrote to memory of 4100	1388	chrome.exe	105
PID 1388 wrote to memory of 4100	1388	chrome.exe	105
PID 1388 wrote to memory of 4100	1388	chrome.exe	105
PID 1388 wrote to memory of 4100	1388	chrome.exe	105
PID 1388 wrote to memory of 4100	1388	chrome.exe	105
PID 1388 wrote to memory of 4100	1388	chrome.exe	105
PID 1388 wrote to memory of 4100	1388	chrome.exe	105
PID 1388 wrote to memory of 4100	1388	chrome.exe	105
PID 1388 wrote to memory of 4100	1388	chrome.exe	105
PID 1388 wrote to memory of 4100	1388	chrome.exe	105
PID 1388 wrote to memory of 4100	1388	chrome.exe	105
PID 1388 wrote to memory of 4100	1388	chrome.exe	105
PID 1388 wrote to memory of 4100	1388	chrome.exe	105
PID 1388 wrote to memory of 4100	1388	chrome.exe	105
PID 1388 wrote to memory of 4100	1388	chrome.exe	105
PID 1388 wrote to memory of 4100	1388	chrome.exe	105
PID 1388 wrote to memory of 4100	1388	chrome.exe	105
PID 1388 wrote to memory of 4100	1388	chrome.exe	105

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://kronixsolutions.net/
1⤵
PID:3600

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=1304,i,6576818814118437872,11004518367271063231,262144 --variations-seed-version --mojo-platform-channel-handle=3776 /prefetch:1
1⤵
PID:4136

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4116,i,6576818814118437872,11004518367271063231,262144 --variations-seed-version --mojo-platform-channel-handle=4656 /prefetch:1
1⤵
PID:2908

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5276,i,6576818814118437872,11004518367271063231,262144 --variations-seed-version --mojo-platform-channel-handle=5300 /prefetch:1
1⤵
PID:4804

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5136,i,6576818814118437872,11004518367271063231,262144 --variations-seed-version --mojo-platform-channel-handle=5448 /prefetch:8
1⤵
PID:4820

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5452,i,6576818814118437872,11004518367271063231,262144 --variations-seed-version --mojo-platform-channel-handle=5520 /prefetch:8
1⤵
PID:2852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe9c64ab58,0x7ffe9c64ab68,0x7ffe9c64ab78
  2⤵
  PID:1272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1788 --field-trial-handle=1920,i,2832457801828821296,11446014874750150585,131072 /prefetch:2
  2⤵
  PID:3572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 --field-trial-handle=1920,i,2832457801828821296,11446014874750150585,131072 /prefetch:8
  2⤵
  PID:1492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2228 --field-trial-handle=1920,i,2832457801828821296,11446014874750150585,131072 /prefetch:8
  2⤵
  PID:4100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3088 --field-trial-handle=1920,i,2832457801828821296,11446014874750150585,131072 /prefetch:1
  2⤵
  PID:4180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3108 --field-trial-handle=1920,i,2832457801828821296,11446014874750150585,131072 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4296 --field-trial-handle=1920,i,2832457801828821296,11446014874750150585,131072 /prefetch:1
  2⤵
  PID:1632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4640 --field-trial-handle=1920,i,2832457801828821296,11446014874750150585,131072 /prefetch:8
  2⤵
  PID:1848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4776 --field-trial-handle=1920,i,2832457801828821296,11446014874750150585,131072 /prefetch:8
  2⤵
  PID:636
- C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:5176
- - C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x7ff7cde2ae48,0x7ff7cde2ae58,0x7ff7cde2ae68
    3⤵
    PID:5192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4592 --field-trial-handle=1920,i,2832457801828821296,11446014874750150585,131072 /prefetch:1
  2⤵
  PID:6048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5164 --field-trial-handle=1920,i,2832457801828821296,11446014874750150585,131072 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3120 --field-trial-handle=1920,i,2832457801828821296,11446014874750150585,131072 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4780 --field-trial-handle=1920,i,2832457801828821296,11446014874750150585,131072 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3396 --field-trial-handle=1920,i,2832457801828821296,11446014874750150585,131072 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3408 --field-trial-handle=1920,i,2832457801828821296,11446014874750150585,131072 /prefetch:1
  2⤵
  PID:6024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3184 --field-trial-handle=1920,i,2832457801828821296,11446014874750150585,131072 /prefetch:1
  2⤵
  PID:2984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5268 --field-trial-handle=1920,i,2832457801828821296,11446014874750150585,131072 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4336 --field-trial-handle=1920,i,2832457801828821296,11446014874750150585,131072 /prefetch:1
  2⤵
  PID:2532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3436 --field-trial-handle=1920,i,2832457801828821296,11446014874750150585,131072 /prefetch:1
  2⤵
  PID:3148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3612 --field-trial-handle=1920,i,2832457801828821296,11446014874750150585,131072 /prefetch:1
  2⤵
  PID:2524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5220 --field-trial-handle=1920,i,2832457801828821296,11446014874750150585,131072 /prefetch:1
  2⤵
  PID:5624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5332 --field-trial-handle=1920,i,2832457801828821296,11446014874750150585,131072 /prefetch:1
  2⤵
  PID:5824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3088 --field-trial-handle=1920,i,2832457801828821296,11446014874750150585,131072 /prefetch:1
  2⤵
  PID:2244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4636 --field-trial-handle=1920,i,2832457801828821296,11446014874750150585,131072 /prefetch:1
  2⤵
  PID:3384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5276 --field-trial-handle=1920,i,2832457801828821296,11446014874750150585,131072 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=3184 --field-trial-handle=1920,i,2832457801828821296,11446014874750150585,131072 /prefetch:1
  2⤵
  PID:5288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=3124 --field-trial-handle=1920,i,2832457801828821296,11446014874750150585,131072 /prefetch:1
  2⤵
  PID:4120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=3412 --field-trial-handle=1920,i,2832457801828821296,11446014874750150585,131072 /prefetch:1
  2⤵
  PID:4072

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3240

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:5344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=124.0.6367.118 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=124.0.2478.80 --initial-client-data=0x238,0x23c,0x240,0x234,0x2a8,0x7ffe9330ceb8,0x7ffe9330cec4,0x7ffe9330ced0
  2⤵
  PID:5384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2268,i,11590233752955112830,3506067629337948677,262144 --variations-seed-version --mojo-platform-channel-handle=2264 /prefetch:2
  2⤵
  PID:5584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1772,i,11590233752955112830,3506067629337948677,262144 --variations-seed-version --mojo-platform-channel-handle=2300 /prefetch:3
  2⤵
  PID:5592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2236,i,11590233752955112830,3506067629337948677,262144 --variations-seed-version --mojo-platform-channel-handle=2412 /prefetch:8
  2⤵
  PID:5608
- C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4420,i,11590233752955112830,3506067629337948677,262144 --variations-seed-version --mojo-platform-channel-handle=4444 /prefetch:8
  2⤵
  PID:6080
- C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4420,i,11590233752955112830,3506067629337948677,262144 --variations-seed-version --mojo-platform-channel-handle=4444 /prefetch:8
  2⤵
  PID:6092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4520,i,11590233752955112830,3506067629337948677,262144 --variations-seed-version --mojo-platform-channel-handle=1988 /prefetch:8
  2⤵
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4512,i,11590233752955112830,3506067629337948677,262144 --variations-seed-version --mojo-platform-channel-handle=4504 /prefetch:8
  2⤵
  PID:5968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4640,i,11590233752955112830,3506067629337948677,262144 --variations-seed-version --mojo-platform-channel-handle=4644 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1204

C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\124.0.2478.80\elevation_service.exe"
1⤵
PID:5696

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffe9c64ab58,0x7ffe9c64ab68,0x7ffe9c64ab78
  2⤵
  PID:3992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1684 --field-trial-handle=2000,i,16203876854413862230,5444173537516630606,131072 /prefetch:2
  2⤵
  PID:3240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1940 --field-trial-handle=2000,i,16203876854413862230,5444173537516630606,131072 /prefetch:8
  2⤵
  PID:6056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2132 --field-trial-handle=2000,i,16203876854413862230,5444173537516630606,131072 /prefetch:8
  2⤵
  PID:1828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3060 --field-trial-handle=2000,i,16203876854413862230,5444173537516630606,131072 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3068 --field-trial-handle=2000,i,16203876854413862230,5444173537516630606,131072 /prefetch:1
  2⤵
  PID:3456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4372 --field-trial-handle=2000,i,16203876854413862230,5444173537516630606,131072 /prefetch:1
  2⤵
  PID:1968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4692 --field-trial-handle=2000,i,16203876854413862230,5444173537516630606,131072 /prefetch:8
  2⤵
  PID:1264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4740 --field-trial-handle=2000,i,16203876854413862230,5444173537516630606,131072 /prefetch:8
  2⤵
  PID:652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4816 --field-trial-handle=2000,i,16203876854413862230,5444173537516630606,131072 /prefetch:1
  2⤵
  PID:1792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5080 --field-trial-handle=2000,i,16203876854413862230,5444173537516630606,131072 /prefetch:1
  2⤵
  PID:1580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4984 --field-trial-handle=2000,i,16203876854413862230,5444173537516630606,131072 /prefetch:1
  2⤵
  PID:400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5964 --field-trial-handle=2000,i,16203876854413862230,5444173537516630606,131072 /prefetch:1
  2⤵
  PID:4524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4424 --field-trial-handle=2000,i,16203876854413862230,5444173537516630606,131072 /prefetch:1
  2⤵
  PID:2012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3952 --field-trial-handle=2000,i,16203876854413862230,5444173537516630606,131072 /prefetch:1
  2⤵
  PID:2680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1172 --field-trial-handle=2000,i,16203876854413862230,5444173537516630606,131072 /prefetch:1
  2⤵
  PID:4552

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:5104

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
e646991f9b7863013f4543e5deea2d49

SHA1
7d3ab1c249b15c5bc5761baef819fa96b043539a

SHA256
0cc277125b5bd55a7c42e32f351b5bce3ca6003f28bc0646db5bc6b9b5135c07

SHA512
8b7b264f086ee2d1c1ec1199307d6511ce964890e84312a1c12c21a0a1fac24d6bf005a2ded820ecae3b51b58229a8ce724e98e40b03e1f93d3914948025a76f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
cf19196d0e085cd8d67471ecf65b7d84

SHA1
95f435a53d7a50be39f2a33cdcb2bb4a606e78fd

SHA256
e6a126eb8636a6d2c8781dab2d4f3cec0abe9f822e2b0d0e5feff6078113dc19

SHA512
09043da578e8b3ed135e919002948e331ad69930678d7c5fa787aae9d235a57618fe06db50998f86061c9d02ded11554d4c8bd0a46015592025dc95802cf518f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
63ccad4f87a1ae33c343e79b99f69e3b

SHA1
024a2fe24ae93dd994fca16aa5ec9d784531afdc

SHA256
ccfe205300ac9594b7a24192081a6d5ecf7c8d72793a0e765466dc0b23c8e1d0

SHA512
2847a31120cb3137649b1d8bd55eed0908cc353475cf593a28dab873db2a9dd7bde8b033e1be0379848a48a0e22577a670c7bd1fdcd967010597b5cf32bf2f47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
317B

MD5
ddc89809f3d5e7f67aafac69c67a5793

SHA1
d7e6cea0b881c1512e0e57dea24e67419d49000e

SHA256
503afbb8edcd7f7cf9b2a7ddef676f7d9a4b67c7611ac8d1dcacd21af67f75f1

SHA512
3f73eaab87cf2d37250b93732d695cf3e08746de18e231c0fe4adea37f768843dc96f61229243ad3e0ba5a8900134d22785f10578d533c3c9cd25f21b3dcc2c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
329B

MD5
094e78c5005a92e27ad53271747856e0

SHA1
da0017e84be9f887c02fed9d92627cbb6f052877

SHA256
0f792152be3f9889a1c565453d9b5c7b68b80347c6675cdf97edc490462d09cb

SHA512
ec1959691372939d1054fbd1c572c4cf2242a57630226f3cf1deb19c79ab204fafa8e5a2540ec7354c841e83a684eb13069064c9e5b25205d15b16f737c21507

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
811B

MD5
f584de382dc8fd194e3c047a8d334c37

SHA1
0dcbc4010f0a69a955284c0f437f5444ca487b7f

SHA256
c8bdbe9ef542365e63f19b1aa441fa3dbd47ab72b05c19ebe595c67b238d3dd1

SHA512
d943822c0497c04523950e2da2ffca387d61f46219a8e513e0b9bde1a8832abb11353f49ed7dff9ca823a3bfeefd7f463e8c49a845305541a807306e1df2bf7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
a8c1370c6c66a8b35900be0a98f7ee4d

SHA1
bf83c7bd30e8d3f44090ca0be58ff0fc238fd351

SHA256
0a20c33c4da10dfc5d8ca153f36f00641f94f92a802f016dd165a350482ed3bd

SHA512
110329b7bc7a040cda48c6f009a3a9e445003bea3b2c0a3eefb7412925b890104227d5f7a60203ce1bfb07c9566a7ef4d9c9283e09d4bb2b7a544574758da302

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
a109f3e1c77fe94b77746776933eeb89

SHA1
2e7f728e8b8ab4d2645eb6eed1169d3c5bb9b175

SHA256
6296fb006a3a2305f9bafe7c8e2f71a8c5a48846645477eb77072db5bc1cf934

SHA512
a7efb50499cb756b8d0e9020277abdfc2a701cc56882dceb2f039e6b168682fd4475880f474f28b02cd6071593a894c8e0e42d40d2711cd522524c6efc26ecc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
a334cdcaea7ec56e254502fb9ed61fd5

SHA1
c450dad05bc118e45b70f20e6f13524badc37dd7

SHA256
4702fe528e192af4008a3b92efc827ecdb568703449789aaa9cd4a890f4d2785

SHA512
99c3c1ea9a2f2c1e016331804bf52dceaeba20f6985f05bebee199018d415a42705539c83ec4d56e72ec9475ee65162971c9316bd18190a4709f58e2f8f48a74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log

Filesize
232B

MD5
8a30a1fdd0459d9ea8b1e78a8e636856

SHA1
9d7225e97f9cfcfb225cfbfd0b0bba21d4efdd20

SHA256
88fe1d31608930f2738d102d45c75dc77acdf01a1b69bfb7e7c0281575b75e33

SHA512
b529bce870cd8165bf82f3ebf94f07552467bd0993b9d35145182e54e26fb2ae8e7bb167d88267b632757e2146f27dfddf8867db0c66e5dcc306db12ec6b7bef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
317B

MD5
3e3f7737b1be12bd8580e1d389b64db8

SHA1
77216c1ef5622ba1f5bdfcdb693583376b1c4ebb

SHA256
4fe652648988d0bc7b8bc0dd9f2377117afdd3c9fc765638895f76e81c5b433c

SHA512
e4e16ffe6da816b8514304e88d4dd6697891f5469708a48d8569a575a8e95f42ec080ec7f5b10c45517ba25a1e3f9d51af9a1083952c2fe1ee309ca4c102f816

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13363043101877667

Filesize
10KB

MD5
d73394e3439fc4afaf222cb899030dea

SHA1
65255ccc40278c31eb93d102040b21ced7172b37

SHA256
97d8663b71b2c53736c8807c25132a879179b8daf21df1d311b4fca04170e969

SHA512
893edb300ebf568d26496d8100ca62b9a3cbd60ec39ec310d0c9a693997e8bce659513057e0c248efeed9043a0b0417b4eadb1f6942785449c5545d35fe62dd3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13363043126172667

Filesize
2KB

MD5
efed220894d273250e4b3055c4b13c97

SHA1
b578177b5aa7cd9c94eca3177817468c730af398

SHA256
f7b7af01a22c5972a2bd2267052c9e918270eb5928f6a30fff3fbf0ef8d84cb3

SHA512
111af2bca1d8c210fd9448b2d08ffad2d33c29b255037787aa4c52b5e0caea7f8e9129e20f7ab5df3a980558febfd64b8aa9d5345e527de117edddfef2b73682

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
da8c5f008c644293b52fd4df421dda18

SHA1
8ca483fb56c8618d7da33b9ee8971a4f53e10a97

SHA256
3b419b6d48418315fe8d3a70b22848b89594efa9092b3a25b651277cb2c6fdc3

SHA512
e382d1d7480fca63007d540657e35ef8555adb3d2c6752e430847279db488975a06b790ddfe13c2e24bde3de34dc9490a145480a57efcc36200db8fa10404b0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
345B

MD5
16b3f3695220f8c9635d5d088cd953f9

SHA1
e9b2927412af4fae508057e1d1d5a6ddcde17a1a

SHA256
5f1e657b188f126871947f5e081cf86bf7543fe2c37d0c40751679c281a9040c

SHA512
8b07f5c907e84cfbaf7dc975111e1a76c7abdd37ab81d81a199b7159679f5811075c88257fc724057e498ab96a48d10335985b636417c06baf794ea2c68727c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log

Filesize
15KB

MD5
ad32df993b7dbcfac8241f27b97f1c8f

SHA1
b56278ce3833fdb5bf6d5e5d7b0b5864a8291659

SHA256
b8f303b72152dee89521bc5af157710f65a180d18ce9efe13eb699feb08634ac

SHA512
00617dd8b036e8b57f403d5c95581379d330d8c1e4d52844ccaf10518409d4527850e4bc8ceef65dc4c53c87185f284bbb1c5ed2f9f97b56f10727703420701d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
19a96a6cb56866376bda34a21149873e

SHA1
5b5252a99136427a2463a1ff9239ae02c5d36539

SHA256
54c8ae0a513684eb71086a636225a8863f380a4a07f7b965bcd449b665088510

SHA512
19ababa9aa0449ec759a4ef9580b69bf5a243d8c4ca7d84f81f63da46cd91851f0dfdfd78400a0137db29fe93d34677759548765aec3505e269e0819cc04d92e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log

Filesize
1KB

MD5
ad3a8fd104c890a8460adc657e0d1263

SHA1
3ccd5d0ff6b4eff031369f6c15d497e72ce1c295

SHA256
517e0d32f576037c5009df9a91fda1ed71506f856fa9c6230ba3bd904099c625

SHA512
989eb860e946acf42161b9a7d94939a10612515a4bb1880ccb4d75eabe615f30015cbf1c051bcd13bcd0646d2365e232a56c470f5064066dbb42522378f07dec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
317B

MD5
7733f18a8658dc6bad6e3fde644f2e8a

SHA1
a6061991605f43000d4c4483dc653197fae562a5

SHA256
f1faceaa604e0f2dce2fef188905c6c3d1f34ddd3ac16ff8e5a5f6b0a3488158

SHA512
ad900e61c2009638820a5a587a18c69d0801d146741e8d5e98c103fac159a9f26ef025c6a359af226304fe20bccb9a3cdefa8d0d822030b7b9ed6790fa5705fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
889B

MD5
5204a18c65e33392e3e55d2b05d18d11

SHA1
1e219b31fe9754d5307b30b6d8e29190df3fdcbe

SHA256
340d950fc837f6252f659825d6e161aecfc655c4d2d623538f92c0ab2842aaa9

SHA512
baaac7108f5a026270bb649d9d3fcecf863c381a4280b1cae337e86dbc466579345e6cc184bdf30060296c6f2ed2c997448f000de513877296816e8c3a5f8b44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
335B

MD5
96cf7a68483a898cb565ba4d741b3ade

SHA1
a81b1c88340f74a0b8f7185760ffb5a088d761d5

SHA256
fb83ccf48a545bdb86ccf75afcaae58a3f2e0754e31053e5b6447cd155c0edad

SHA512
2886f73ac1c716af591799ab585d05e695e2e0b8b540e844e3f4a2e3e840da10c72961d7fb6528bfe68ca306f6e03da4552e00a3fb6c25b563744cfac5427683

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0

Filesize
44KB

MD5
d5cfbcbbcc5cc7a69314de8efd42e083

SHA1
ae29307f82d81fa3d4394bbb98ccbe821dcfebf8

SHA256
e09dfec668e1d7fab92040a28bee78b33181fad81e8b80ebfbd33c4bd0d1a332

SHA512
f31ecab2f3d451c1a338bf5eb3e357cdf7f50330fa4fc3f42ee3611d4860a033a203e5277fb575997c5877c4515d9b95b9829ba311975095ae232601ca438d1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
b722d809287c8d26a616343b0567dfcc

SHA1
5bd4a2ad112bf0cdb99e1717a1be5a734880dfbc

SHA256
f8d0c19d11d6cb641031e6d8e19517b0bd08818f5f0729d484d706707feca6d9

SHA512
4f0867249061b57865f7ca1bcf5970dd75d034e81f3356b3bf57677ff07c1cec9ebf1cbc8a4310e248b7018bf08c971f857e695bb040895498fb465eca2db264

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3

Filesize
4.0MB

MD5
283851210cf68e00d2c420d0f8b602a1

SHA1
29decd5cf45d732eef03f96a3775184610a10b25

SHA256
1e8bdb9a0c9e82fd9c6efa68f9386790cc43d20aa089e4ddfac67a97c90ed3b2

SHA512
50c4ea9f555b12bf75f7b3e625faf2efbf843330268b7096b4c598671c9230b23d5ea519ec74b9ad81a26988cdc30c7112684c3b2973e3a8608cc39e2edfa4a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
009b9a2ee7afbf6dd0b9617fc8f8ecba

SHA1
c97ed0652e731fc412e3b7bdfca2994b7cc206a7

SHA256
de607a2c68f52e15a104ead9ecbaa3e6862fdb11eac080e408ba4d69f1f7a915

SHA512
6161dd952ae140a8fb8aa5e33f06bc65fdc15ce3fbfe4c576dc2668c86bce4a1d5c1112caee014e5efa3698547faad3bc80ec253eedb43148e36e1a02ce89910

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
75b7db3c9a4da90f8f8074c49f9cf0bb

SHA1
07e664d8fb4fce117e229979e9a80aaa5029333b

SHA256
485c36b4770d6612f4b18a576fc9b7ee928f0cca3fc54bf2c966de34302a594e

SHA512
42de64e825c894c78e4a3af2e915907cb0689e767a54cc52600fc4f2ee8c2c64ff058df45183bf502c44b348e259364b0d1e6b07592b87b3412764a77850d847

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
4d07318ec8d58f223734eb154caf7589

SHA1
2c2dec5dd676888200b0916666a0e8be9583196a

SHA256
84bf8505e96881168369a8af49751448dde88671b3e5ae71bc09a463d5279162

SHA512
b42e598572333c9cc6358f4b689e076c82c25816791d79155a6f0da3f8d91dfa3a6a4ac746be1bdfa3e54604b1596301b5e201dea439647fe7c7b2400c4fa974

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
de3f44a1a37a56aa40fdb55ad5101404

SHA1
3c4c8d9d87a4dc7150b898078d946fe1cf9f38d0

SHA256
0ddd10d78b17184b5f5df2602bd44f71ea7d48a13860539561fc1af9841f35e5

SHA512
8e4c6049a14d7ef974b8c717c8c75e6b5652f651705d47bb1db50f505b8deb593a96ebf8104656ac355395c7b7299048c0274eaeacb1aa9521b67ee71bb9552b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
90KB

MD5
d43eb620e4646f1d77f03f938459f2e4

SHA1
01c61f9a90bc636767b468e5f08adecfff413324

SHA256
de148cac9dc21866f0e2ab84e4b4139c242d1784a090bf48111ca78f210cc910

SHA512
0398eb804c10e203eb6d0614cc0f0911ea1521ffeed73003768f91c3f73dc4ba5d386da9cb77756ed82b6289ded623299b079c2a3aab6d3c41c6eb59b9cbe7dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8b81c21e-a73c-4518-bd9d-1ebeef0aedd5.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
cf2ae72c016e43646ff09aa2b3f44baf

SHA1
3e4a7738d6e58b1bdaf1f58193e2557ef5dca23d

SHA256
57f004b2db97201978693e8dd9a8a54cc6c422b96ee1323723912ed925d86b9c

SHA512
b74a24d39be0d31e3281d8f48866698c8b5da31a30d5993c10f1618631e1d1ee8816b68b17864c46b5dd13a039053ed0e8b8760b7d2a0e9774870959343b5b16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
48KB

MD5
bf1fe4141c1f85382493c3652a1a388f

SHA1
ad4fc528f166154d7a3a25b7c153a270ee6250d1

SHA256
0f9c1531397db119264a7569644eb6ffac8e779543a9c2c070ff9986f62c2326

SHA512
de1332f72d5a60bf41e0f3ca63277b29452e762c3fc0e654700ff880869425af06a533013161afc533cf40a612dba6465fa3a9338ea602f8d82ad7ac9b98942b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
48KB

MD5
a38ef100e5bdd4f93bf770c2faa77d60

SHA1
5e5ea911efe55451adf8c1b3e9d6d59a7902f1f8

SHA256
42d651015af5f5922adc1ad06a002c77ff588d6c822ea127999696e721d557d5

SHA512
d2b6b49b7fa79653539c6c6c4866c5969b302351017b03408bae2443b18e03b46f6ee10e8f0b050a5880c2f6cd84c72b7236f2fc988c7c4b2790ba025aaa24d4

Download Submit