hxxps://covid[.]itea[.]org[.]mx/ap/

Analysis

max time kernel
2699s
max time network
2699s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
20-05-2024 16:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://covid.itea.org.mx/ap/

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 6 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133606964571335978"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 4b797e49d1aada01	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage\ProcessingFlag = 90753a5dd1aada01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = f084c785d3aada01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Revision = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CacheLimit = "256000"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingDelete\C:\Users\Admin\AppData\Local\Pack = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\NextUpdateDate = "423003449"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\bing.com\ = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "804"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\CRLs	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 619ed44ed1aada01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\ClearBrowsingHistoryOnStart = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Extensible Cache	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\NextPromptBuild = "15063"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\www.bing.com	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$MediaWiki	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B7216 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DeviceId = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = ad00a749d1aada01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\InProgressFlags = "262144"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "23"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\OneTimeCleanup = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CacheLimit = "1"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\FileVersion = "2016061511"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DXFeatureLevel = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$vBulletin 3	MicrosoftEdge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2800	chrome.exe
2800	chrome.exe
4780	chrome.exe
4780	chrome.exe
1852	chrome.exe
1852	chrome.exe

Suspicious behavior: MapViewOfSection 8 IoCs

pid	Process
1464	MicrosoftEdgeCP.exe
1464	MicrosoftEdgeCP.exe
1464	MicrosoftEdgeCP.exe
1464	MicrosoftEdgeCP.exe
1464	MicrosoftEdgeCP.exe
1464	MicrosoftEdgeCP.exe
1464	MicrosoftEdgeCP.exe
1464	MicrosoftEdgeCP.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 26 IoCs

pid	Process
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4256	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4256	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4256	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4256	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3408	MicrosoftEdge.exe
Token: SeDebugPrivilege	3408	MicrosoftEdge.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe
Token: SeShutdownPrivilege	2800	chrome.exe
Token: SeCreatePagefilePrivilege	2800	chrome.exe

Suspicious use of FindShellTrayWindow 57 IoCs

pid	Process
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
4320	firefox.exe
4320	firefox.exe
4320	firefox.exe
4320	firefox.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe

Suspicious use of SendNotifyMessage 51 IoCs

pid	Process
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
2800	chrome.exe
4320	firefox.exe
4320	firefox.exe
4320	firefox.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe
4780	chrome.exe

Suspicious use of SetWindowsHookEx 13 IoCs

pid	Process
3408	MicrosoftEdge.exe
1464	MicrosoftEdgeCP.exe
4256	MicrosoftEdgeCP.exe
1464	MicrosoftEdgeCP.exe
4128	MicrosoftEdgeCP.exe
4128	MicrosoftEdgeCP.exe
4320	firefox.exe
4320	firefox.exe
4320	firefox.exe
4320	firefox.exe
4320	firefox.exe
4320	firefox.exe
4320	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1464 wrote to memory of 4268	1464	MicrosoftEdgeCP.exe	77
PID 1464 wrote to memory of 4268	1464	MicrosoftEdgeCP.exe	77
PID 1464 wrote to memory of 4268	1464	MicrosoftEdgeCP.exe	77
PID 1464 wrote to memory of 4268	1464	MicrosoftEdgeCP.exe	77
PID 1464 wrote to memory of 4268	1464	MicrosoftEdgeCP.exe	77
PID 1464 wrote to memory of 4268	1464	MicrosoftEdgeCP.exe	77
PID 1464 wrote to memory of 4268	1464	MicrosoftEdgeCP.exe	77
PID 1464 wrote to memory of 4268	1464	MicrosoftEdgeCP.exe	77
PID 1464 wrote to memory of 4268	1464	MicrosoftEdgeCP.exe	77
PID 1464 wrote to memory of 4268	1464	MicrosoftEdgeCP.exe	77
PID 1464 wrote to memory of 4268	1464	MicrosoftEdgeCP.exe	77
PID 1464 wrote to memory of 4268	1464	MicrosoftEdgeCP.exe	77
PID 1464 wrote to memory of 4268	1464	MicrosoftEdgeCP.exe	77
PID 1464 wrote to memory of 4268	1464	MicrosoftEdgeCP.exe	77
PID 1464 wrote to memory of 4268	1464	MicrosoftEdgeCP.exe	77
PID 1464 wrote to memory of 4268	1464	MicrosoftEdgeCP.exe	77
PID 1464 wrote to memory of 4268	1464	MicrosoftEdgeCP.exe	77
PID 1464 wrote to memory of 4268	1464	MicrosoftEdgeCP.exe	77
PID 1464 wrote to memory of 4268	1464	MicrosoftEdgeCP.exe	77
PID 1464 wrote to memory of 4268	1464	MicrosoftEdgeCP.exe	77
PID 1464 wrote to memory of 4268	1464	MicrosoftEdgeCP.exe	77
PID 1464 wrote to memory of 4268	1464	MicrosoftEdgeCP.exe	77
PID 2800 wrote to memory of 2652	2800	chrome.exe	86
PID 2800 wrote to memory of 2652	2800	chrome.exe	86
PID 2800 wrote to memory of 2472	2800	chrome.exe	88
PID 2800 wrote to memory of 2472	2800	chrome.exe	88
PID 2800 wrote to memory of 2472	2800	chrome.exe	88
PID 2800 wrote to memory of 2472	2800	chrome.exe	88
PID 2800 wrote to memory of 2472	2800	chrome.exe	88
PID 2800 wrote to memory of 2472	2800	chrome.exe	88
PID 2800 wrote to memory of 2472	2800	chrome.exe	88
PID 2800 wrote to memory of 2472	2800	chrome.exe	88
PID 2800 wrote to memory of 2472	2800	chrome.exe	88
PID 2800 wrote to memory of 2472	2800	chrome.exe	88
PID 2800 wrote to memory of 2472	2800	chrome.exe	88
PID 2800 wrote to memory of 2472	2800	chrome.exe	88
PID 2800 wrote to memory of 2472	2800	chrome.exe	88
PID 2800 wrote to memory of 2472	2800	chrome.exe	88
PID 2800 wrote to memory of 2472	2800	chrome.exe	88
PID 2800 wrote to memory of 2472	2800	chrome.exe	88
PID 2800 wrote to memory of 2472	2800	chrome.exe	88
PID 2800 wrote to memory of 2472	2800	chrome.exe	88
PID 2800 wrote to memory of 2472	2800	chrome.exe	88
PID 2800 wrote to memory of 2472	2800	chrome.exe	88
PID 2800 wrote to memory of 2472	2800	chrome.exe	88
PID 2800 wrote to memory of 2472	2800	chrome.exe	88
PID 2800 wrote to memory of 2472	2800	chrome.exe	88
PID 2800 wrote to memory of 2472	2800	chrome.exe	88
PID 2800 wrote to memory of 2472	2800	chrome.exe	88
PID 2800 wrote to memory of 2472	2800	chrome.exe	88
PID 2800 wrote to memory of 2472	2800	chrome.exe	88
PID 2800 wrote to memory of 2472	2800	chrome.exe	88
PID 2800 wrote to memory of 2472	2800	chrome.exe	88
PID 2800 wrote to memory of 2472	2800	chrome.exe	88
PID 2800 wrote to memory of 2472	2800	chrome.exe	88
PID 2800 wrote to memory of 2472	2800	chrome.exe	88
PID 2800 wrote to memory of 2472	2800	chrome.exe	88
PID 2800 wrote to memory of 2472	2800	chrome.exe	88
PID 2800 wrote to memory of 2472	2800	chrome.exe	88
PID 2800 wrote to memory of 2472	2800	chrome.exe	88
PID 2800 wrote to memory of 2472	2800	chrome.exe	88
PID 2800 wrote to memory of 2472	2800	chrome.exe	88
PID 2800 wrote to memory of 1720	2800	chrome.exe	89
PID 2800 wrote to memory of 1720	2800	chrome.exe	89

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "https://covid.itea.org.mx/ap/"
1⤵
PID:1104

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3408

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:196

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1464

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4256

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4268

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:4540

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:3936

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4128

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xd0,0xd4,0xd8,0xac,0xdc,0x7ffaa44d9758,0x7ffaa44d9768,0x7ffaa44d9778
  2⤵
  PID:2652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1604 --field-trial-handle=1860,i,13741893109154840774,4983264651778712111,131072 /prefetch:2
  2⤵
  PID:2472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1804 --field-trial-handle=1860,i,13741893109154840774,4983264651778712111,131072 /prefetch:8
  2⤵
  PID:1720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2116 --field-trial-handle=1860,i,13741893109154840774,4983264651778712111,131072 /prefetch:8
  2⤵
  PID:3864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2956 --field-trial-handle=1860,i,13741893109154840774,4983264651778712111,131072 /prefetch:1
  2⤵
  PID:1812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2988 --field-trial-handle=1860,i,13741893109154840774,4983264651778712111,131072 /prefetch:1
  2⤵
  PID:1852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3632 --field-trial-handle=1860,i,13741893109154840774,4983264651778712111,131072 /prefetch:1
  2⤵
  PID:2828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4604 --field-trial-handle=1860,i,13741893109154840774,4983264651778712111,131072 /prefetch:8
  2⤵
  PID:1656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4640 --field-trial-handle=1860,i,13741893109154840774,4983264651778712111,131072 /prefetch:8
  2⤵
  PID:2280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4972 --field-trial-handle=1860,i,13741893109154840774,4983264651778712111,131072 /prefetch:8
  2⤵
  PID:812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4712 --field-trial-handle=1860,i,13741893109154840774,4983264651778712111,131072 /prefetch:8
  2⤵
  PID:4884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5064 --field-trial-handle=1860,i,13741893109154840774,4983264651778712111,131072 /prefetch:8
  2⤵
  PID:240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3812 --field-trial-handle=1860,i,13741893109154840774,4983264651778712111,131072 /prefetch:1
  2⤵
  PID:692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4704 --field-trial-handle=1860,i,13741893109154840774,4983264651778712111,131072 /prefetch:1
  2⤵
  PID:1460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3684 --field-trial-handle=1860,i,13741893109154840774,4983264651778712111,131072 /prefetch:8
  2⤵
  PID:1856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4576 --field-trial-handle=1860,i,13741893109154840774,4983264651778712111,131072 /prefetch:8
  2⤵
  PID:4604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4552 --field-trial-handle=1860,i,13741893109154840774,4983264651778712111,131072 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4512 --field-trial-handle=1860,i,13741893109154840774,4983264651778712111,131072 /prefetch:1
  2⤵
  PID:3148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5676 --field-trial-handle=1860,i,13741893109154840774,4983264651778712111,131072 /prefetch:1
  2⤵
  PID:1628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4704 --field-trial-handle=1860,i,13741893109154840774,4983264651778712111,131072 /prefetch:1
  2⤵
  PID:724

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3924

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:3896
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:4320
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4320.0.1520365706\1998573394" -parentBuildID 20221007134813 -prefsHandle 1744 -prefMapHandle 1736 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a1b85348-e068-4bfc-9a87-20a87e8117d6} 4320 "\\.\pipe\gecko-crash-server-pipe.4320" 1828 17b7fce1858 gpu
    3⤵
    PID:4628
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4320.1.1806740598\435435964" -parentBuildID 20221007134813 -prefsHandle 2156 -prefMapHandle 2152 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4654e013-e391-4c8a-b070-ee29d4267bf9} 4320 "\\.\pipe\gecko-crash-server-pipe.4320" 2184 17b00d0a158 socket
    3⤵
    - Checks processor information in registry
    PID:2972
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4320.2.1795339988\416306622" -childID 1 -isForBrowser -prefsHandle 2920 -prefMapHandle 2616 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a485572f-9d20-4fa6-a0a7-baf7d59ea88e} 4320 "\\.\pipe\gecko-crash-server-pipe.4320" 3044 17b03bc8558 tab
    3⤵
    PID:316
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4320.3.2064254886\1178157459" -childID 2 -isForBrowser -prefsHandle 3436 -prefMapHandle 3432 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1bb9bfa7-ec19-4ad3-b686-2870a78131a0} 4320 "\\.\pipe\gecko-crash-server-pipe.4320" 3472 17b02537058 tab
    3⤵
    PID:1348
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4320.4.1068408258\651405742" -childID 3 -isForBrowser -prefsHandle 4028 -prefMapHandle 4024 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {19f77e44-d56f-4c4f-9fbb-dbbd82747e87} 4320 "\\.\pipe\gecko-crash-server-pipe.4320" 4040 17b05c1d058 tab
    3⤵
    PID:3480
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4320.5.187179387\1247018266" -childID 4 -isForBrowser -prefsHandle 4884 -prefMapHandle 4876 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {74d0212d-a6a9-4f2d-ac97-af3eae901c9f} 4320 "\\.\pipe\gecko-crash-server-pipe.4320" 4896 17b05c1bb58 tab
    3⤵
    PID:4256
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4320.6.1861286824\797689579" -childID 5 -isForBrowser -prefsHandle 5056 -prefMapHandle 5060 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {627d020b-11f8-4b1e-8508-7158fd4f0f3d} 4320 "\\.\pipe\gecko-crash-server-pipe.4320" 5016 17b061e6a58 tab
    3⤵
    PID:4544
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4320.7.690686997\2094906046" -childID 6 -isForBrowser -prefsHandle 5232 -prefMapHandle 5236 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {badcd3c8-8a78-4883-ac55-1216009453d6} 4320 "\\.\pipe\gecko-crash-server-pipe.4320" 5224 17b061e7658 tab
    3⤵
    PID:3176
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4320.8.1137237215\1250586685" -childID 7 -isForBrowser -prefsHandle 4228 -prefMapHandle 5624 -prefsLen 27611 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {069425e6-b5c2-4fbf-8e92-bedbc024c90a} 4320 "\\.\pipe\gecko-crash-server-pipe.4320" 1496 17b0953f858 tab
    3⤵
    PID:2040
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4320.9.809548559\1182935243" -childID 8 -isForBrowser -prefsHandle 5852 -prefMapHandle 3772 -prefsLen 28237 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b77167e-7eae-48e5-b5f6-20cbd5274a09} 4320 "\\.\pipe\gecko-crash-server-pipe.4320" 5804 17b0f7f7558 tab
    3⤵
    PID:968
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4320.10.1483931522\962182201" -childID 9 -isForBrowser -prefsHandle 4688 -prefMapHandle 3448 -prefsLen 28237 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a9b4808d-aebb-40b0-908c-ebd0fedecaf0} 4320 "\\.\pipe\gecko-crash-server-pipe.4320" 5848 17b0f8e8558 tab
    3⤵
    PID:2384
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4320.11.1151346922\1165254377" -childID 10 -isForBrowser -prefsHandle 5216 -prefMapHandle 5292 -prefsLen 28237 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1ba308e5-a5b8-4f40-a163-bb8543c72e21} 4320 "\\.\pipe\gecko-crash-server-pipe.4320" 5308 17b05fa1258 tab
    3⤵
    PID:596

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffaa44d9758,0x7ffaa44d9768,0x7ffaa44d9778
  2⤵
  PID:1396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=1800,i,5499361938550619190,3973540559538033781,131072 /prefetch:2
  2⤵
  PID:96
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1936 --field-trial-handle=1800,i,5499361938550619190,3973540559538033781,131072 /prefetch:8
  2⤵
  PID:868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2064 --field-trial-handle=1800,i,5499361938550619190,3973540559538033781,131072 /prefetch:8
  2⤵
  PID:1100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2988 --field-trial-handle=1800,i,5499361938550619190,3973540559538033781,131072 /prefetch:1
  2⤵
  PID:1660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3240 --field-trial-handle=1800,i,5499361938550619190,3973540559538033781,131072 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4452 --field-trial-handle=1800,i,5499361938550619190,3973540559538033781,131072 /prefetch:1
  2⤵
  PID:3600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4472 --field-trial-handle=1800,i,5499361938550619190,3973540559538033781,131072 /prefetch:8
  2⤵
  PID:3300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4784 --field-trial-handle=1800,i,5499361938550619190,3973540559538033781,131072 /prefetch:8
  2⤵
  PID:4468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4804 --field-trial-handle=1800,i,5499361938550619190,3973540559538033781,131072 /prefetch:1
  2⤵
  PID:4084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4860 --field-trial-handle=1800,i,5499361938550619190,3973540559538033781,131072 /prefetch:1
  2⤵
  PID:3940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4544 --field-trial-handle=1800,i,5499361938550619190,3973540559538033781,131072 /prefetch:8
  2⤵
  PID:4672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5312 --field-trial-handle=1800,i,5499361938550619190,3973540559538033781,131072 /prefetch:8
  2⤵
  PID:3212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5372 --field-trial-handle=1800,i,5499361938550619190,3973540559538033781,131072 /prefetch:8
  2⤵
  PID:4152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 --field-trial-handle=1800,i,5499361938550619190,3973540559538033781,131072 /prefetch:8
  2⤵
  PID:424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5532 --field-trial-handle=1800,i,5499361938550619190,3973540559538033781,131072 /prefetch:1
  2⤵
  PID:4016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5448 --field-trial-handle=1800,i,5499361938550619190,3973540559538033781,131072 /prefetch:1
  2⤵
  PID:1724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3340 --field-trial-handle=1800,i,5499361938550619190,3973540559538033781,131072 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=964 --field-trial-handle=1800,i,5499361938550619190,3973540559538033781,131072 /prefetch:1
  2⤵
  PID:2204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5684 --field-trial-handle=1800,i,5499361938550619190,3973540559538033781,131072 /prefetch:1
  2⤵
  PID:4104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6056 --field-trial-handle=1800,i,5499361938550619190,3973540559538033781,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=988 --field-trial-handle=1800,i,5499361938550619190,3973540559538033781,131072 /prefetch:1
  2⤵
  PID:1216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3380 --field-trial-handle=1800,i,5499361938550619190,3973540559538033781,131072 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4628 --field-trial-handle=1800,i,5499361938550619190,3973540559538033781,131072 /prefetch:8
  2⤵
  PID:3584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=984 --field-trial-handle=1800,i,5499361938550619190,3973540559538033781,131072 /prefetch:8
  2⤵
  PID:408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5764 --field-trial-handle=1800,i,5499361938550619190,3973540559538033781,131072 /prefetch:8
  2⤵
  PID:1644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5096 --field-trial-handle=1800,i,5499361938550619190,3973540559538033781,131072 /prefetch:1
  2⤵
  PID:3624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6136 --field-trial-handle=1800,i,5499361938550619190,3973540559538033781,131072 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=4992 --field-trial-handle=1800,i,5499361938550619190,3973540559538033781,131072 /prefetch:1
  2⤵
  PID:396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=4740 --field-trial-handle=1800,i,5499361938550619190,3973540559538033781,131072 /prefetch:1
  2⤵
  PID:4252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=5484 --field-trial-handle=1800,i,5499361938550619190,3973540559538033781,131072 /prefetch:1
  2⤵
  PID:2492

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2828

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

Filesize
4KB

MD5
1bfe591a4fe3d91b03cdf26eaacd8f89

SHA1
719c37c320f518ac168c86723724891950911cea

SHA256
9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

SHA512
02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
8f3843a9da63a7c396a894b5865b2f67

SHA1
2e7f9776d1ba8b15aea00d84eff977929ed70022

SHA256
76841dc7ebcb954ee1442bff5ef2356159574207e77f9b74b5303d298980b26a

SHA512
06c417f3f8a5010105ced178e9d478c82253cc2ffb08135827ea8a5b905101b684d532d7f6cd776adce49200d4e719242bf44b88311c5d3f7ccdb6bbcba200ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
1207d2111e5d671e81af7265fdf0f742

SHA1
03955ff15c253cc65ac13afb17b489493b4dee15

SHA256
ff7f480ecc2ebb8032f0a0032dfc53da9e7109cf7ce951226e0232c7fb30804f

SHA512
af01c945ba3e3d6849107ee043a2f2d9cdf3f67c8d640f7ffe8f355837116e1f83fbae8d0b5b69cfb2acf5aa9fbae2d0f66b8bc62a2ba0be1978e81c6283b22f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
356e0d1129c64fe2564e457a38372c87

SHA1
e034d1297e2bd34a8237ff09641287cfed6d13ff

SHA256
eabdc9482bc3ad25d0cba44c76df570852a295cfab513b8a5158ff90065b22c3

SHA512
ec1dec8b0b899f817723306f453517c4fc655cb33e0e4c896b15a957ba626fed5b8e951a271aa5c2303b8b46cf15a0ce4e5885e7da7860e1e8e50db2c22da0a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
3bc1b4a079b216368aa2b7fb621a8975

SHA1
d73a557dd9d6169bb09900c18c021af8466e3ac7

SHA256
7cdf1c511a0c0c64fb94bedd5624bcb5b86c267b04237fc264e0d96a3dd4e3de

SHA512
8b0be8d9fdf47001bed6e7850443f6b9e676b5fa7de674180b5837b17556af17e39cd35cde652f275260aaa3d54837fd3d265e72ecdfce59b786e8e64a373aa3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
59KB

MD5
4fcb5d51c31760c835a1d4fe56d2bc9d

SHA1
2feed203e6e3fc7b95bcca811406447ee130615e

SHA256
d43dfd1393d972d0a3e8857b325281f8af76107ccbe1131efcd5afed0b0f98d3

SHA512
1948104832d86ac4f9bd5a773ee10f682600e8c2634c3128d68058bd99060c95a78a3833aac4118698bdc69ec6cc18c197e6d7b16b6a504e87affe5ea094660b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

Filesize
40KB

MD5
5ce7bdeeea547dc5e395554f1de0b179

SHA1
3dba53fa4da7c828a468d17abc09b265b664078a

SHA256
675cd5fdfe3c14504b7af2d1012c921ab0b5af2ab93bf4dfbfe6505cae8b79a9

SHA512
0bf3e39c11cfefbd4de7ec60f2adaacfba14eac0a4bf8e4d2bc80c4cf1e9d173035c068d8488436c4cf9840ae5c7cfccbefddf9d184e60cab78d1043dc3b9c4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

Filesize
34KB

MD5
b5f33af5975233bc007f09c92fe3b664

SHA1
9f96627ed6eb0cb7dac21c98e2e47f8e24e4905d

SHA256
3fdc343bf10e5f7270d56e0b14e3155cad4b1e6de229be5a91511486fb2dd8b0

SHA512
b3187088d308db9af1e7f28d50d40fe5926ab9f8305cc06c2c00e250e3382763b855518730324df1f47e2a191238eb351ec9ed75beaaff2a6b9a6326357d3cd3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
28KB

MD5
6fb1cb1aede44e4705f5693135f1843b

SHA1
9368d1907fcc65f0c52d522cd6780d9b692593df

SHA256
fba0a4903acef9e3016732be677b5b4c9240301f4f550fea6ca0378cd8fcfb10

SHA512
c4a150118ca8975a348745139e868c2fc7d610b844ab6530e581e674198524e5ed056ae84f2e7e82f567189e4225827a29d063f645dfce2bbbfa1b078c4e128a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
01374c15bf6751d523f15faad16daca9

SHA1
55545acd326c83e454144c6bd0f1bb94ac2f6ae4

SHA256
9da21444ccb7fee71ef2d2ae6a0d5ffbf859466de257e80caf525b9099f1b544

SHA512
3c74ab3a1ced6464d71c6fd067e2ccf4efb2e036db6fa346c6590a9d0fcc5ab39c90a57525bedca1363193223fe6d12672fad93030eb3a10189c36ac390fd164

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
92025d6f48d2d2ed2f218f0679d9389b

SHA1
89618e6cdae78464fd12f4ebf1b99e34c31bb434

SHA256
a35ddb5fd697d589d5a438b0ebf06ad2b196c85f4b676f7e445d9502a2ddaf40

SHA512
ae51653da41e7c65db678dc1ff7286500a182521e67cc8e75263e9ee5c43b785898a0288349b87eaa3c06b48e2e5edbd2af494042da5e77f3f6860f8ff8bc6f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
b4f41bd6240c14083581db91686ccbfc

SHA1
963def58f2491f8d1d4419f55078f5bb72569553

SHA256
2a66c7f9a5245016bcf0507fa3ff4e6ca5d0c8bd417af5c137495a7354119c00

SHA512
9d4cc506c0cb07bb13193550ccd50e733baed5c30810878cffcd8ae9bde639c8229612febe9b8ec5790451f5eff507d8bb5d5f3c442fad81b440b6cd3b1ab0f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
641783b809011665488a5b256c69e9ba

SHA1
746ebcbc05e75383247265fd1737aee9b6558604

SHA256
9c20b540517d8e2a5b8f2bcbb996aaec8efabbee5485790b0a4e7d91799f8c1c

SHA512
a1aca32b30628725a89006a18d157ab75169d108ea50ddb78720fcccadd18070000c385d07c94f41f630a8b0d25eb315dbe1073935f8b3d68f617684add899a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
317B

MD5
6f32c4e49d744256a4ab1fc697e6242e

SHA1
661a56df20fee01b83d2e03aabc178a1aacbba61

SHA256
3e882a6983f1be1cb5612f21d151dd56c2bce5043708ffbeed943bb82405708a

SHA512
2f853a564d800c8c657e317106594cd7da76d2dc1b032bb9a9a04979f79a0e19dd8eaafbbf1bb0b3036b3cd3718a2d07e3d7c00cc2190d276db83ecfed188b9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
75655873a11fdba584f1a013a6983a6f

SHA1
cb5c22badfee5b1bb5089a18f8cc225ccc3712e0

SHA256
3e7278814df60cd18611a7ad1e99c9eddeab4fd05a1d78413d418d8bf448f6f0

SHA512
7e528b32d014a0dd47f2cf216237fc9a17966744e51d349ca2390a339adbc93642eac9866dde617d97e8bfcdff44acca104d5c9beb65b280c3b84803fda44b0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
332B

MD5
7d7e1bbf13b917b78d6cb3549103dcf3

SHA1
bad6ae85edaef1c597b7de9c37c463ee2d84ae9c

SHA256
d7fc28d2f996c4cf121891a6e150652a90541baa23216d0abf36d321cbe361f4

SHA512
34d6ac80e20eab73e6aa705ef522c53c66601b242fb3745116b3ef3bc9542b8b128bf51bbe4723533c77064102ac14e61ab5a06383c96f287fd824fea961e732

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Filesize
20KB

MD5
375187df5f80b9cd1053127cc87b3682

SHA1
e2651741ddacafac3c9c8cdfbbbd3eaaf4c99fc1

SHA256
0caa87a7c8f71bb12a646e81e1af22a6db54cc8b388d8b6c20cd5dc0dc6aa2d1

SHA512
3cb78cfc92592940e0d47132e404a07a25a735243b07bbb9ba2b2fa00a816043b88a11b3873c8ab12baa398f0f43e03aecb412240239f983fd0a6d84010e78d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
2a7adc3a1fdae4f393f9c020ef76ba64

SHA1
84a9fa6c9bd82f2017e0a085205df366bee38218

SHA256
082fb4470a4e5cc7f4855194172c0915a8313b09a07b3707f2ecc154febd9025

SHA512
741b4dcf43c2209d063bacb4d542518db11cee2da657546cdc3a6b2c607f19a529e27dd8bc1f10ee9639ddb680ea8773fb44649d34bcf8783a9e35272ebe74ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
a2ce2c954594520e738b30e36e5da026

SHA1
496330aceec63271842bf2b58c04a3f6b6c0cbc4

SHA256
830dbea10f88110f67b85181da9d8479fbe60be143a6b4b778e3ca8869d5cc4a

SHA512
b34ebdc32cc38bc874f69539076c1c7e3c88745f928a88caa50978da9bafda6716d3ad91253d7998a7af14c42f29a157bc089a43362a535348efaeddd071e081

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
286694a967a96187d5aa9a7a650bea91

SHA1
c6d575499ec70715d50a92e2d4bf43edf1ea58cb

SHA256
473fb864295584801b5c777d2f656942bdbe7088a7b50732e199353f3469322b

SHA512
6d66765b5a5f2f33c8c9181509c1da518aaf8de3d73c535563f3dfaf0d0f50b3fd1b334ad120eb96eee49d81af0a8e2bc6b7aeab40540045b5bf59227716e0e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
28d155ef4a0917f8dfee8990c28a7da5

SHA1
1c226d04f602d27fec9d2d656bcf8ad2f22d0fdc

SHA256
03012dc3e0278a3055fa81678d34fbbdeaa5cfd4e0e611919bd76ca15beaf605

SHA512
c4a0890627578aef9b0f7ceeb6f53d2e8d9bf91cc9d27eadfea398b82c9fdd93c44b4a4ef8b12c57b80b593e2c73d8eb1fc0a7e2c29c0568e7304a8b96efa0ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
cbbea310c068c5fd483708e3236c8ed0

SHA1
a2bdfe8b2e5a137132d27fe5a1be0dfa746ca76c

SHA256
7522a43aafadb6be1981cbacdf08b0b0a253a0564c6cd27177eee3617e10657e

SHA512
e7f318c1ef2105b820cb3fe5373688223af8c7aefa271c18f76a73254476935b433ee38e1529f835962655f95c0ad03cf690929d6f0f778a922e05d5df43512c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
94bb0e39a595c2918ddd55f4a2456a2d

SHA1
91e2dbf1343a6e59bda7291de8f03eb10b829163

SHA256
eb60ad1e9ed332e69f32c127936cd7e1780fc707dff250a545ff486f34991a6a

SHA512
61fd47d3da1b7449d4e9886987187697ec685320da5c20bb56675faa8aa1ec6023db4ba571995a2f2e96c3f35a2a682baf2c22a75fb460df77931936403d447b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL

Filesize
36KB

MD5
64d5b8c13856321d8667b7da98594ff5

SHA1
40457b9d28a9e569b02663684d62d2caf148aef6

SHA256
a551cbdca7599d495bb6d72b10c795f66d0a38f7c5cf71ac4d497804c1afb77b

SHA512
1aa218fc4b46541ecc3a31408eae26e00abdf83abb98be8b054c3142f82622df6240a2be6953296b05d423c1e80df78f9e807de30ab41e5a1bd9ec726e6e3094

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
0206cc4c9e795efb404bc5c27fcf5506

SHA1
2394a50d301aaf29a4b6bb0a3f899dc24f8fff52

SHA256
838f74dad76ec8169e87c60f1c7a89ec4aedb83c8af12fab8ab210355b716e32

SHA512
e8a5e610a4343ae31d51e4bb0c9a4bbc3f1abcd8d60415096feadc1b7daefffdc7701df694230ecb8879bbc39d456efa142b517526ca75be74e9c9bba0453da1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
537B

MD5
c676f1a81e65e7989081e7d5776ca6b3

SHA1
b6e76f72b2f8afad648b763aa89c16c686919be7

SHA256
4ed2fee0ee42a2bd892fcd998e035782ef02394a4dfbdac4c5866d23630803be

SHA512
9c87936fa85e4324b437a46460da0f109444b249b45788b24e3413bc97c74ccbf8ef2a606c4b721ab26dd66616c55be6bbf9edb358f423be7085a9daf16f328c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
705B

MD5
9147df765e937e06c2380291b9876958

SHA1
cba215fe5edc240a5e970d4dd043587a46d66baf

SHA256
532eee66409d5b0d2612dd3fd72f7490cdc37dc1e2f245a2af3e09ec62619b7e

SHA512
d386f276989c06fad27c2e8801bc57fcdc901174762b3b88efe3d31c38856dc04d3fd1a2409b1f7c752364e755a98dee37e4dfd7a927c61f6ca267eede48281a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
690923eaa88980794cc6b44d916ce1b4

SHA1
467f1512dd01c6353fc4cb1a94d80aa7469e4ea8

SHA256
04ff074775f1efa32f0934b71606d08bb1f7f8f4e838d51bc102e8c367f8dd3d

SHA512
59ccba1db5938e3e97d8a6cc2edd6a833876d7e90374b7e10114f247a4f6a95b405f6b0881013b28c554b560f9ebcaff8985531cfbdf6e741ea04eb2c5091f10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
705B

MD5
da606c109bce36aada727165db97fbf9

SHA1
d4cf4c003817403d4c4c377c537be03f8c6e82fe

SHA256
9353e082542fab63a561397d73cd01ee19eb088cfe33c97d96927b2ac9580139

SHA512
f543b9408ade20fbfb32b696eb8906238cdfe648fcf060fad7baea10ccc109a658dcaed2a75434a117c907d44e3a4aaa826b9f08c8fba8775e52be0c1d0ddc0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
870B

MD5
004d65f2e3d4c7c087f076adcd3ce161

SHA1
79dc1f4e37e4c37f8395c46dee578bdcbb4fc70f

SHA256
f48e0582ce5adb751108eff800404c33b366b77d4f2a363c50b2be7cb27896cf

SHA512
f83db20a8e643b8c0a6e2707d6bd01204ee7d99e7ecbb256b38acbc7561bc94abef3e3eb8b55e6ad2c42cd2eea65d6901ef26a391c76aa84a9dda8033049a438

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
2f396e6655420e5b92ee7b95f5b0d473

SHA1
36b7894e8359b984ee40c86a9808693ac9ad028d

SHA256
3c50168bea6773decec2413828a3bffec52d6c2b562527ee0d6590749b7b0bb9

SHA512
a3e9a6882469c97eef6ff2b6e836781835de34e31a0ff6dbebf43a7ea8f3dab9cee466bae73ce045456f9a54f4a7feed1ca8c419fed44e885d14ade690223d73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d203c4558c7f7f50cb4c67ffa9fc136e

SHA1
71674e80c0f60197cfc704e9b19b2e5eb35356ef

SHA256
c36fbb6ef99788349cac6c274b255dfa1e870440d4976f58fb7c529399e4c7fe

SHA512
b819b3e775ed7fdccac79e1de8cbdc5b4a9a1bf95090b6ab59ae3c8c2066704b5545cc75b1e466d16ca7c113073031d1d23692a1ab2aecc6222140965f2af504

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
02f505cb24cf7156543a28ce06f05a61

SHA1
21f3793e6fe093895ddb7617697286e1b997ec0c

SHA256
2ab115f83753b988c2dde3392f6e51a7441ddde2144b3169f0a2832e919d9af4

SHA512
68bda7e13047128fe5461acc963321bb957cb62ac11c016a9ab3b3325a4afb0d0b9ff1ce2034aa2efad0c3ea3093b13ddcd1edd8c88cd89cd2fec5a8c451300f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5b53a0616d7bd9df8862a4dbc0da8d98

SHA1
a9cf062df0befec35841ce2a956caa302db88c03

SHA256
bfdc12cf9ce03c6c53e63828d24fc5deb129a4cc5c95154d6c40246bb231428c

SHA512
bcdc3da9697a234fe2ccae6127aac530c76e0b5fc078e368850178a5b636afc347d1427fff2acee9048651643cac5e32157aa0c1c30bf1bd45acaa2b01521827

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
676b7a59056025cbd3071d8124085807

SHA1
6ffdf1f03fcc476addd33bff9577c3c88f9e77a8

SHA256
42ce15e2425ba73dc05259340b4010f36a3495d38cb3d7438f71d4cc5b000267

SHA512
a7cd655d1d060abe813b2d7a819753bcf6eba3934a158477fba48c0f6891b89b64f30df1788946def7c75bc3eeda612feea86c789cfa265777f04b29d4a51c60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
3e570c635dc99db48a26e755a1e1877e

SHA1
f019e615b960d114fb37a4e08c090a39d572c0cc

SHA256
548d7a7ec89e5878717195f5f336497406e1bda19d74ad07386860e0d3bc26cc

SHA512
473c39f4ed053691ad68c2fb53c80b68fbd17a411ea3bb70bd3fdd5dc11028528bf2f49889612c1530d347a6a8251d4e8c2e900388d5c4b7a8c704e1efb67054

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
6ee7faccb964a39cf5558a1cfc977663

SHA1
6de7bfedb0cfbffc5ecbc9f5cf51e6a11f92ba2e

SHA256
4f2cb220770b24608978a0016d63371ab05613fa7bfb240711030bea0c4062ad

SHA512
c351463a8db1878d02fc128dc4278e359ed1f0eacd50a90fb4822ddbae276496145f20dfe81d10969d5cc2bb1ff15c6ee4db06dde51311a5731aca5dde713362

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
72c5111a3a8886dd9749b110bdf92432

SHA1
7566e1d55dac9fceadf31cb061af7bf74ac95e60

SHA256
f29ca4692c51e6077c64160bc681630a3f849d42d3f3fbc57a218220640550f9

SHA512
31c3765ff249a36364604e6a57521985bd7dfbc501c35e384f495866b25827ef97f851314c0112b02f4faa538e33ca10259020aace2e51be006ca7d7a0542313

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
8e8dc34275fe0d5dfabe07c793f5a2d7

SHA1
1a8e8b09f88bda37a0fd0eda6e54b9a82341ce36

SHA256
690f6da0a362888d3eee104af4017833bcb1845d0c4ba6c47bd701e891f5274a

SHA512
4c6e4973e673904a0b8e4a9819f5803bae94fe5456bbc0f54de1faa3200dc20b01f57c1bfb39f872aace35bf207014e5e6faf973b8802fbb0a1df2e15e3f03da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b084f45d07a9650825ea34a6c4881630

SHA1
a3fd0ab6337e7f1eee60af87f0967c180c97c945

SHA256
dc739110acda35c1d05f880687110b02b306af9456ffb31b80796fd8afb8449c

SHA512
3dbcf82884ae5a3901e96d82cfead83f22c257347b65231b80500a37763ca2d99f86cc195856a61f0af5debb2f043358704dd21b65a47a97ab13cc92103038e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e580a7e040325adb954b57d25423bbbe

SHA1
f99fbde872e588ceb2afa8dc87aea731a2011e39

SHA256
6de8d8cdfffa9d319d91158b2326fd648292ca66c23748ed27f2d513b78aa849

SHA512
7dc6346adc4a7819f927c0dea7caacc5425c75885bcac68655291357d56e4a0364b58ce82c114d5c9a642bd968588e8f6a6f9f3d558ff99fdfd96fdcb2f40dc6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6515ee57aac6ace72ded4707f0cdc9f9

SHA1
ac1dcdc82ed0db3e0156064b0a10ecb06df3f2a8

SHA256
653a72559b2a61da539507ef346829dffbcdb8b29054a4d72dbb7786a2b1b485

SHA512
4fbc6fc64d2d7a312edd901935edca59015eacdfbb8b34b43d0b14588170391aad0ff9f666f451bfee9d98020de720f221838d887fcadf994215646db3eb1b54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
f42614fef5258dc391b60e8531936bc6

SHA1
a40c946e7e761c2510e044061f564a0bfc3fd3e3

SHA256
7864d0bbe5fbdf381698a97595e3be545c4f422721e9af382d42e8aa51f2c863

SHA512
d9ce0919af5e4e0a4d2434c612ef345db53d5a03adff5bbc6ecc392f2dd703a4bc30820e90581c8f867ad8d6299e6c810ab550e7b0418fc3c4b7be3822c9896d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log

Filesize
636B

MD5
8362e17ee15f94cbed88369c3e3d02e1

SHA1
1a80329dcd422afa0fdaf0fc9c5a8daa26cc08f7

SHA256
63a304b0df93bcce72ec145175cbe499a97d37056a999f6fe3c7b20ca4410de0

SHA512
c9a5b03ee7a00d97e8322a81d79eb2bc4e87f455b5d3c2c4f984c06192e7cc856594c2ba7cdbbdfc751b4ece61a4b0632c5e92be0141ae19386edc5298493af6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
320B

MD5
89c9a69ee586f761dde7f8b4f4bd8576

SHA1
21e170cde6757bfb8e5d2643ce7de8f317c6818c

SHA256
cae17b0db2bdeaf1e428ce527201911ca28e0da6725c0714971a054c96aa44f8

SHA512
26a7ed21436b5a98b3eb6bc6da7c972f19642be0125b7a165cc261433384456b35fce2e2fb18547a70a61a080225f5933d07f69246779446f0472d5b5769ba6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13360696456482318

Filesize
4KB

MD5
e6327de7e0eb4ad469b9b0afabc86665

SHA1
2ebf2617ecd17365ee4e3409212e502f40cd0fcc

SHA256
8c3510ececf12ea43684def05585fa3dab385b454396aa71bd26920fa23a6d9d

SHA512
dab52e8f68561d261ede4c67f042a0646bcfd86764aa2931eef1f6464b75faa806807ea711842ddbb7a65d7d5f66944c9ada3828b0e6310c0d6f4db345c78968

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
345B

MD5
1782ca55716fba638881779f83c6020e

SHA1
fa4782807be1746b7d8bb3fa78f775b40d7aff03

SHA256
926ec3ea11d551ba3d595b7df3ef05efce301e556f612b4f7c63dde94458bca4

SHA512
344c5a29254e6105f24d2f287d1e99cf14de5b22d47122988e5867735f525789bd826399fd33e9a0b6528bd2acdf63774626c02376f385d251c1383ddd8a342b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log

Filesize
8KB

MD5
14d55aec15afd3ddaed8def480618921

SHA1
b2227f98544e47cc9d2ef3e9bdc14e1811274e39

SHA256
6ea3ce634cf81f355823162ef083a980cfd608cdfd666cbc537ef3663d3ab956

SHA512
3accbf553c31a321ef5728e03f4258dab483da267d342bc2604961209d8e00c63bb1e2448a56cd209e6757af4a633410c2a654aced9f1f4740196c48e124be77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
5a6bfe1f8e4a83dc4ec59cf9e450266e

SHA1
9178a3fea43d1b117e1de471e86a104981b290f4

SHA256
d021dc39953a6f874f7dd99f179e17adfcd7ee421382629eb216a614e9bc9f74

SHA512
7e475a764c62b5c6a359d1b6da6127291fb61c067c11541926d17d86142ceb02de11ae5f35ccc81a5fc21d517c69aa0b67e69ea626c1cd3e4a11aac8b971ca1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\a13bfca4-57e6-489a-bd21-4eef2b3deff4.tmp

Filesize
7KB

MD5
d5122a2984dfc38dddc87b3509726d3b

SHA1
921f93377c0452cb549df778f4beb395fb5d4900

SHA256
f24acf36b95c4184ea97ba35bf657bcd9587eb66d4c7bfa8adc189699d3b83cc

SHA512
734f8fd1d016f887102646587ac35a8549b8982364b51e78cd2e6ebdaf68e809b2bca261d9ba12e549deacf8aba67351bc5a412181929fcab8cf7c140e36ca4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log

Filesize
1KB

MD5
6808346e7412ac7ca5472facb14c3798

SHA1
83d287827d5d30aea1f59dd91db0edf51c92cf09

SHA256
9366cb83c223394d3b329796f0f357e00bd109b11ce66ee68b4389e3430714b1

SHA512
5f32ae261f9992be4a73425da3c5beda1e0c3b659ddc3aed77f32030c9ce415eb45b7897a17c8b50544cd869aba2ff42d262f6fa11fbe7c188fdfc1339cfabb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
317B

MD5
f3e7d9ba6ed50818ea53b1f02a294e57

SHA1
0918296ae133851f78236ebcb611c60d432f6dd4

SHA256
f4323777412ce2f61a414a848b3d80a3bcafa22c2d54cc3b6979ef8d0ae6b50e

SHA512
be7a376e4bc14af586de7b2edd0f1561625cc9ab3b3283d46fd123e9da8e1673e5110af0a1fc7c2a6715957eefeb33d32972fd3028c3c337c405e5dee18224b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
889B

MD5
e00309344d5f9eb2f86d72f117c1c5f1

SHA1
1ef9709f16ac19e597a96020547a3798a15e553f

SHA256
d0bc9470f1d53be34a76ed1440bad187c97449038ee4a62b893c41e4c4db0a77

SHA512
b7b687b5ad9d9c566290c2b1afd621a70db104c996b286be31332a3727411dfcd4e9ba7617b725bdb601745e61cb8d3f64254bcc0ced5affe8650692bad20761

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
335B

MD5
e8f1aeb4daf2b8b1dd61e610f2d78414

SHA1
c26850c36072c81d239e4c904413692c8faa5abb

SHA256
7173d04d4855b714e81567546a7088a4b698644675124a8c57750eace9ae2616

SHA512
656daa1921b9f321ef0cbf5211042c224681eccb99c0f9eec50865abc845c4ddf4720420eca2b9724a8f75c4ab2fae2a82da80fdfde9b4e6dee80ceb4788c573

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0

Filesize
44KB

MD5
16626c7a4b6cb0946044c7e3d0c7ecf5

SHA1
761d948f91578e01f7051b7e5b87ba41e63a0da9

SHA256
0c8b1363d861dee447d522eb0985bd01d678ea6ba90452ac9e7e33c9dc967040

SHA512
be9f1f1c85de54d40bd28fa324a13f4edbfcf5bcefe0aa16bde2213c6370b74af12678638d20907cb3b99e3d2a2d765e5e777974edc93a3a38f8a80c4105ab99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
577a6a27698a23f41e514311955128ad

SHA1
edb73ab9806ec559d6f8181713207bd73eb27842

SHA256
55f95ad618fed9eea3fd49e1c614040197626f31a1a4f287661015eb3f6d15a8

SHA512
2fc9d30c70f24a7d4dc7349e14a4ddd50795f24c76cdaecc77a17fc2a1db62b37f1273a3f0b58eedadcb096ecc9e5214a183909537e3ceeb96f58d41dee51670

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3

Filesize
4.0MB

MD5
ff6e62f9525c7f6a69a761fc78991472

SHA1
cd725bd6ddc2fdd7c9d3840ac9839e9405ce455b

SHA256
2e2b224ec42a3b525d5e2adebc7679f24a77890b341c42112df0ef94af74e395

SHA512
3b1944de527f128c6d767d194753e6768bf58ead02972de3c0b8e0efd12adf5fc5f8f60449950a8be9d1e408390e4fce17e782a98cfd6cd38c42ce4305e15acc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
277KB

MD5
2e40b4d8cd47204830ca398c098d4197

SHA1
29202924c9a4dc5bc9f1e910e87c7e039389279a

SHA256
bc725bdff2acf8094626f2fa9da7bbc71e1f6a23fdadf3617b8baae992de9c01

SHA512
7fe88caa4827792cc60c5b06909ba4de44066c40552c8ccd8b200bba81ba45ccc161b7e04131df692ab4847f43c573019fda15bbea40dcfa3742c0bdbe82f9cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
277KB

MD5
82eaee86ee3292f5b9fcd843dd3130a6

SHA1
9ae9c0179ad91b6fbd72b9246e777bdb3cea8016

SHA256
b0c4a5e624f9ff51af1568a6c1ae1e3a56f88250f740e1730e5070ee7bcea97c

SHA512
fd228762234b7dd992db7e966b246fb1b43b1a0b6bb711dfe94a55f0fa1807edb2cf8c52d4ff2c8bcc27b7328b3655ec1952b4b6b1d5d77e7f07318a0605f2a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
277KB

MD5
2242bfe7ccb7728bd5751bbb8bbfad5f

SHA1
0dcd24261f149d542f05dd45b147d3cc2bb48cf8

SHA256
7f25071b4c93b0fa186e4d6c5ddc857015f0a8026acca5ba7e37ce992dc01dc8

SHA512
9574021e7405ddfe9c643080e68fb10ac7c39e3b08a71edeed6d80e1cfb40b7c53859cc4b2a2e3d9d7a5278e4057732c340963786181c42e29ed7259c16f69a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
668b4dbe3ef0c43630648f25c312ac8e

SHA1
92e9d4a21c51db6d839c068f869304f7332290ab

SHA256
3c2490148b33906a664016bace167193aa4786adc304c7d9f2b5a858376f3b21

SHA512
5d3510a8ab01b58585ed0a0a70fd7d93ad0498f4fc0d52bcaf3ca72a941f65f840c504c25ca24300cc754a568dd5022ab7800e8acb33e2c6ae384f8e5ac637c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
93cc6da82416ae680766a43becd71020

SHA1
6b24b81b8882fd032c7520ade8b90719926010c4

SHA256
ae045df528973412811774760d54b1d74563529a411fd9f4058287f04a5bea12

SHA512
7607a908ddbd95f9002e41d1c4b2a719c2b4a0c7fff4ef8ccd58c3251e1cf57b1d3110852d311b3032f80d7b5fb76f2662b9770522bda2ea429b44a2572fbf1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
c6d700e6893c02703954b530044cab46

SHA1
869c2beb8afd672f8a333008edbf988d568ad36d

SHA256
f8a81eeb675b47c3363402a85f9d6f7c50c5400521902e0298debef74b901c2a

SHA512
d6c5384a997f3f7c7abd17c7e0b9f8c5d04ad2b6d2e5da3d9ee86fce74dac8d5f69ba2703a2d19ee83a73df7659ce61855ee21be7d9ca6140d2574bbc7641eb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
19a3008530de42f0030e5cb3990d6fc3

SHA1
ab8ea0d5e3996bc98818127da98375337254103f

SHA256
e6c0dbb131bfba1819ae3931ddd121b1e7e87e16d6e3f0888faf373ce48a4ad0

SHA512
8638daa8a967c035374fe79fc5e51d458abd753f4d0b16feb3cbee0268350fa0c4d8728b1849c2019b7f8ebbaf2bd590e03268353d1509bc9e634a1cd2394272

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
97KB

MD5
63bf060e34ec90ecbd80d4146a3156f6

SHA1
dbf5da6bf7dae7a4e1fba3cccba0ae6843f397d2

SHA256
a357fb7fd71b8a578087477feb97faaaa7ec9cf3ed5c797bf504e74a7a11305d

SHA512
5d7b94efb6fc95a3c2f31b02f8a6fced8dd218c170102033a67e01fbd1b63bbb3a68d9c7e607a2ea6c421ae08e733b87bf5b6596562808f987f23529b34a5b40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
98KB

MD5
bf39df93116997d81c628673055d7881

SHA1
5db4ebea5e581f5b1b726b6ec30d9183305071f5

SHA256
a42df10eadaa4501b16e7b17c4119cb7523dc38d6f833677fde23011ffad6d22

SHA512
53a421cdc3a88f54b4249de7296ad2b0744ba0dc0a9aade4e6e66226fba6d0ed6bc5ed8d9feeccbb68525b9830641c2946398c8f209167481395a84a5edc5403

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
96KB

MD5
d93d8cb252f635cf98c087a57c647a1b

SHA1
23d260c374d7e082925157d45273fd9f6e20f55d

SHA256
27826767d10b0c2b76b608c7d284a4350fde2a17cf797ad765a61bd1e9e4b491

SHA512
43c3ffa9c78739d13c8f9cd2ed1a374a9e97fd489fb8f824782a23d2565d46750255a358f43dd9db699ab5b14d483dfc6646eafb2cd4079ae6888374a8e734f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe75c2a2.TMP

Filesize
92KB

MD5
91421a021e883c667f7927a3d722d250

SHA1
ac9b876da7f33084b73be43a8f44f35013685fec

SHA256
a8fccb7c6a964deb909301decddb77692d4063cef81278f0ad8a8a9cee89500d

SHA512
8c8348912e83aad9bb23517018b2a4ba1378f706e9d4aaaf4ee19ca536a3c413794e220cbb6257badf45b8f65b0b11dab53f80d65d759b680c3f579625f655e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
61f5058bd16b7f0edb20c6b8cddb9297

SHA1
bf0ac560e2e7dde359b44e990e1acc407e9dfe6d

SHA256
a9ed4b1a06f4776714169c52066156ee4178360d53d72397cf4c7dce404da970

SHA512
b5e804b62355d60c9f876a2e177e71b48c7d89566353dd95dbe0ebc4381fd39e1f2dcef462f54d52db70765a4463d81308cd31f38c6692c50c14e62f7fb2dfcf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\b7dd6da4-dc73-4a13-9dbd-10b486befe55.tmp

Filesize
144KB

MD5
afa6abded161181c3c2c046e4f83d48f

SHA1
ea36f43eb8bd777437f69df5a2efde47eae8fbca

SHA256
2f0736c9c9936ec91e2270e360e61415744082a83a2e8222cc9c30db4c8c9030

SHA512
b35103849fd6f946d26ebfb2fcd33bac9b76e52a6c40aca40c8bccdf490a759b3d4f6a9a921d0bcf8e7b01690ce0e9952e78d15424b5a20b4e8fee2e6753c88f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VSH5XF98\edgecompatviewlist[1].xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\4010B8FEB60F5568F6285AEAA67B8DD51AD2F912

Filesize
95KB

MD5
4c87dc04e913ac4a20b821853f449f64

SHA1
bcd94c91d0488019174f5c3955e0951182638de5

SHA256
036f41005d7008fde284679bf7f222ceacc9ae4bf8846e561265c36d0832960c

SHA512
d162f85bc5921ebb7819cd4db6f99daff9494f1a6850fe88fe1e0b5e4987d20186c79f5dfed5210170bf9a35091819d7d800252b58577251bc2c4789539156f5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\8EA58CBE8B5C0E36E70005F7732A1F27E5948843

Filesize
69KB

MD5
5e65aad9d6d98b8d16c0f9b8ce4ff4c7

SHA1
d97b3874a7f99638e490a76be10b5134567e22be

SHA256
3722ebb0915adf44adb376692230f5436f1be93ec7001075645b429cfa2212ac

SHA512
c3d56c7d757da8d50146adb4ca33520759835ecd87838e84d16340937850e3fdd017562d026e338a5ed100d6ddb6b623eda049d2e48fb68efb98292c84909cf8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\AE6AD55E3413799CD28C189E21F3EAF490D7C7D4

Filesize
12KB

MD5
25f46649fd8385cf24c2ff24d6eca4a0

SHA1
1a4c897b80558e4350f81326212ad19a30fc6b6f

SHA256
f04aec461f844dfb0af80081a04dd847fd33f125756d13639a63b7f6e88ed476

SHA512
5bd2b607b9378734f4480dbb283850d5cc643a93141c6601799000fed82dff7ff05a6bbbb7b81ae5437f97d23b82bc0ceb06b58559a9b69a4f3854e54d786e5c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\FD484F24BC2A4A283932341F863311C68F683F19

Filesize
196KB

MD5
3831438e5396d887f113f7332a8dc2f4

SHA1
359af5ca439307435899657cd211d08397f71d68

SHA256
c31a170d82692ffde5435288cbac1e16aacdafe0d20d9f95f692f4fd526d5093

SHA512
5a339c675727867693ee980512f90def1e271add3cab4e2e1803846a694b4507b8d2c7b2a51dd002e3743784a2f56213f0f023f58b91a41f4b75fe768044d32b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\MJLJTKK0\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\VXF1XLAP\fx-favicon[1].ico

Filesize
5KB

MD5
a53129769d15f251d4e5c5cb966765b4

SHA1
043d6a7b9cca5d05aba04fc0a3f4527e3ad075e0

SHA256
eab1b9a0ef942d84e3a8ed8c3e3996acb7a46af9a0b9f914ced662bcbe0e54be

SHA512
149e9ecc344fc864c4f772acdbb6e00bdfc5399301922b58f137c14ac042f1c57775213dc6335c8d9cd39b7e9ef7982acfda29f2be794a8c0923ab4e6735792c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF3014EE1502400108.TMP

Filesize
36KB

MD5
f835afaa6515fcc0325a50fbdd8441eb

SHA1
69fc86bd3069cd1764edfe4e3c68c0a9bf6c500d

SHA256
d1bdd7603f529d77028f2a385605b5b402c894a7187a837f63d72e4269e3354b

SHA512
d6348c95526d71de534e01f73f250fd56d972f8045b0703def114765de881fff28a203671af2e5b931b53f1138980fad660f0ac05e82c574528a405c4ac0e469

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
7KB

MD5
427e8be6323d69d6a6360fe831d687e4

SHA1
a379adb38c8228f49387e63439536871eaf558c1

SHA256
2499ddbd1f250f99fd653d425cf0f0d6f752cab458f83763061ec6282fdf0a8e

SHA512
856ef1b37a208924a6115ace91adaf4925b1b1b3ccfc26af2e42b16e42c7899e938a5a45a5a47c954d292cfe2a415fa8f5c617a3134544dda043b305f1bbe0c9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
8KB

MD5
8a434bf605b716fba332ef12f8e73614

SHA1
44f077318a60aacce034ddf9171c584764e5c4f9

SHA256
e51401cf2f85ebb2f3c47f817359de372b51257b11f054a9f0a29557715087f5

SHA512
fa40fc9029406a1d501e05ef94cbdac652c983b9c9c8d5150102bdbd12968971d4a5d8f1db4cee2e824870f34af539f0c8df47aa0446dec607373c1c45478255

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
7KB

MD5
9ec5e2f89a830b0ac46fb9d5fedc26f7

SHA1
a35baee6d3bacbb30aa741adf8ccf152290c1f8e

SHA256
26a78874d1f89b482c2d205446436439f05bad6d6cf8d245fd4774c45d9bbbdb

SHA512
00d3d0c411fcdc4b3f399007188b43951d9586c915e00cf45f9c35fbb6e36122b1cb73da551d911ee857ccb9236be9fe53b17a06dde776259ed5d740b99f59a3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
ce80bf87c3c79210a61b625fecb8065e

SHA1
dc920d3036a22d7da8fb9dc5ae6c84a61891533e

SHA256
2e6785ad7fd9f87e50416bd4430843a6e4b47508fe2a1a9fe4e4baae1e4a7fac

SHA512
c1a47c521f21bb9b0864a9f85383048838a137d1063050d1e7a0974ec2da4a3ca8d62b6f8017878897d6071d3ea11757a1d7644b8c17e54e06c0179c2b0172b1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\50df1bf6-1111-43f3-b70b-2092f8ab00e2

Filesize
773B

MD5
2519f925842bf509b0498a5b0b4573ce

SHA1
199b5b5744770b22730443936cc86e81904f9b5f

SHA256
171c3c77e3178cc99150dfcc3717eb4a88880ee31d9ac1a3301c942c28c8e862

SHA512
e6d6ff5c3f7e7791adeb2c162dee59dd58d8750a757da8e824235304bc924712e212c38844f4d81f051be101302338fe476ed28cf2b58d9bc11dff501d85a22a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\53ce39f1-38c2-40b3-bd9e-f14c88a1f2ed

Filesize
10KB

MD5
01dac493c1d3ac3db133837ba8301833

SHA1
f991330649e43312e107ab6aab6462623fdb5ee9

SHA256
1fbd53fb14c3c21248664ceb13da1fd56b21b9a958069930884a1212fe1c57c0

SHA512
cc871b50b864c88cd7e23d4b19d9a5fa59643a002ea7e262bbdd70339bc0c9f6cd3fd1374469a9978dc9e3f8e72e7031bf6a904eefe2196c5e33060495146580

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\5f3cb50e-8ba3-41a4-9e65-57e9bef19f8c

Filesize
855B

MD5
6c9db5df9509566eee077a281a5f2390

SHA1
0a1d447acd5d5cb605daa8347095f7e08941afb3

SHA256
afa0f2a14329861971c37aee64d649a4d0fd77a6ddaddd0636c43108208510fa

SHA512
d20f34614637cb846219e1fbc32266d2938900a4116bc2168ca9cc93b5f5111331c685428641114b4a118feb868dd434641191353b7435ec1ca35860635318f3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\605deab1-ab49-4a5b-9b6a-8ba3e5587951

Filesize
768B

MD5
feaedc154c1b7c904937fdf0c2974381

SHA1
fce73c6bc0149f2d1c31e107d98d749dea29fa69

SHA256
9b5daf0c65dd94abb2b772b91b3884636ef89437d0001b57e10fdd12f4e83973

SHA512
24c18e35ffdca179f18e04bc2dcf03d2947699f59b37d3008722f8feabfe4aae0093a7ee4042c39e362e4be14d914e41b3de209204373da525cb3533a6ec67f6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\73da2990-74c3-4485-b51e-e44eb431ee6f

Filesize
746B

MD5
99fbd5e7d95d74c15933bcf000e9543b

SHA1
a4056c104bd7095d66c287f7532607935a906f9d

SHA256
54d3bed5a54e0c21a9a5216f89f4fc2917fe999f16af27ce9d9b281bd63314c9

SHA512
187ed0eea18bba260f12d2976c79ff9cb864e5bd403a745d860d7b9f1b3952ce30b95ac3740a94a7036291ccc282ff0b054cc8d9862a0a2826dde84a0b3ba3ba

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\a51f098e-b78e-45fc-90f5-ae8fb98cb9b6

Filesize
840B

MD5
653aeaedd522359fa407d3cd34b04c94

SHA1
2a43285bbd0e0abc807b34ddbcc07a6ff38b2521

SHA256
e8509ace30cd19b1b1f23fbe753fa81c67b21be18835feae23b524b6a49b67a3

SHA512
93ed631b1e8d4bdc33c2f4a2a73a45c4e46654712c8a61e4b13917a7dcdf4eda536b65856850b6fab34f2f84b8d3ee2854f82c06777a349bd341f0ca97046e83

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
7KB

MD5
6fc0d94d0663e11063b9ac850c2e43b3

SHA1
2e409f42393e3ab7e151f68e2430bb442a4fd1c6

SHA256
1224b83e2f0da6503ec9e250cbf92bf579812d0503d0747f01c6a863e29060a9

SHA512
9d7ebce1ca2249c9395d65ad92a141044d6da19a813836a65130bc3a84db0a280e8cc522c27cd3f6cab4b03eec9d1a809580518a1860b2708328ef357cde5080

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
7KB

MD5
3c9285e7947a0fa3197825ef11fc516c

SHA1
a03551ccf9267d5cbbffafb9f493fe9997107bbe

SHA256
104e7e8b9dc2c657db986e0e5ce69127ed280e1834d8e228248b5276ad334cb4

SHA512
f19bbcc86fc037ad595e4fde800e5565a772b2d2e433513f79ee95c3997318a057cd83f17b5d4547c6b7d444acf196dd07d1cb635e0b142c02b0a397d8974fe1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
8KB

MD5
5a033edc23f404105d43d703f763085b

SHA1
cde2a913fd954186e154d5544ef7758c1813ea98

SHA256
2ffee616c0f975c1430de56ca77dc0bb7e236405c097d715a1f62ffbb045dc9c

SHA512
a08f44c84127c52c372e6d6b1bdaea52fe3a1ea49fffbb3246188b87048794ef04c537702c221a9efff85aa9016a0f40fb66ccc651f489f64f3336d651d6b639

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
8KB

MD5
1653c0ce97ca9c827748a8aa74c4a551

SHA1
fecd5ea41b94f8da477b34e6ba0ddf6b83d1891f

SHA256
1e5c5999a3de2c01e87d710d34e1bf1463ededd11e7016704fc9e2f70f8fe32e

SHA512
f09f261988ffe6291a53a0b4dd0135fd101654198a07e659b1ebca4c5bbba4fbc15724430275f15ace96c9bb4b6760c618f67571ab18c85d228bf8f228dc4458

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
6KB

MD5
cbbfc83af56315d712cfc63ffd72f6f0

SHA1
3e2ccb2a0d52f45efedd0300885db9f5f30ec105

SHA256
db6649abbdf484ea007195958a898e07640d6c70c6bf63bb6390eb956eaa14fe

SHA512
ee90c1c536036d07357f3215726ae4f46695ef1ac83ca2e91d0b20883d5609602bc1bf192767989902bdf554a6fe71cdfda521ef7c5915b56435c6458100099b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
8KB

MD5
60a0927b7614b8afa1fa793d288cbfaf

SHA1
f7d2dc1e6d6476fe6323ab75d15e2b8e8cc0eb9c

SHA256
0bd2dd422fed2874e122af04a7fb2d881c0ab81df02dd2a2c18dfc84d1fa7a97

SHA512
22092f3e911bb7513ff8df5c4b185b22ed12ff26d04fa80b1c71581c391897728143f2c73373922751656ddc034cdbc77b0fd47acbc9ba02f5b3ff0554785c24

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
8KB

MD5
16616793489ad6eeaf57c70203765eb3

SHA1
a34cd63646ba6e5d2d0154c2c463571e85228764

SHA256
df74d84ab67a9da6211b9c7468e2544155ddffc4bdd05dc55a9a185f6d781e5c

SHA512
51eeadb2a9e7e4daa7aeb3e587368a5d690fbb750f977a978f93115b45e4dae26eafd60d2f7c4012ef906d511d95ecdb2f88d82deb2fae1f11b9d7b796d0dc1e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
7KB

MD5
e64dba7ee4ffaabef267a8ee2e9d9a2c

SHA1
f1d9494499f8ce62e04b6db04bc7ca3da30ff22b

SHA256
5cf85f0549b3c153d0bb5333e2205c0db60bfdc686bfcdc05ffe8a1f0cb471d8

SHA512
1bb439a913d1d44e8cefcaf38dc104354060741b770511a0272b759cd455534b421430ab44edfa3eac782904c92e0eb1b694716c388842a0c497f4cbbe4ee871

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
7KB

MD5
365b72db471fb8d48c66257634678673

SHA1
3e8ab633f1fa14f55711ba1c54f125e2fbc2dbf2

SHA256
e10e8bf9886b97f705daf7f21a7109d2960b1daba8f494d8249d36907388cb73

SHA512
1c044bce78d2b392d0a7c1b112d30bd3722051d867a215a7d50ef0f990202c435c04d8bd2d672be635cbdb0b1f5fa34b0d24a61210541b60455cdf1ddb7e0e99

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json.tmp

Filesize
288B

MD5
362985746d24dbb2b166089f30cd1bb7

SHA1
6520fc33381879a120165ede6a0f8aadf9013d3b

SHA256
b779351c8c6b04cf1d260c5e76fb4ecf4b74454cc6215a43ea15a223bf5bdd7e

SHA512
0e85cd132c895b3bffce653aeac0b5645e9d1200eb21e23f4e574b079821a44514c1d4b036d29a7d2ea500065c7131aef81cfc38ff1750dbb0e8e0c57fdc2a61

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
0e2d1c43462772dce1ba104e059af1e7

SHA1
08c8c8e3b293d5b057353612fa6d83635d5b12d0

SHA256
81ea4226c77a94d2eb4b8775bbad02df75413c226bac83d97270fa0cb9143dfd

SHA512
603237a728e12f349b4a6a6fab2719a425f04c079aeaba9e5469f15805a295ff93c208fa957547221f3c200d3d922c2ca8c94944cb4e301de55c76b68dcdb5c1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
0f1cb727a1ba4c7900f9863177a662e1

SHA1
1f62f7f69bda93f487a07f1f07cfd62e87f9e602

SHA256
a90139c55a06a0084c52d36cfe9ade8900774abf90ff78764cffc831a71a2d57

SHA512
de5c7268db1afc881093bc4cb602fc6ffe4eebc80c1a9d93efc28694505df2042b3aaab7ef462140db37ee1271c99bb76c826908cdb6b24552d87389e0ce9137

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
94cc15bbd3738988ac8266c76455b99f

SHA1
7432dc3dd6c5331dfb72a6f7e27ffbfa8da9f94d

SHA256
6b646399fe2a06962764edf63b9d7039e70d1904fae03f4fd5b810e6871277db

SHA512
f24083b8dce51be8e80800a01dfcbdaa8867cdf4b264fad0c1f8c6b1dc057d1a8bbadfe54dddb128301eb5842abad2c36736c95d0a4ab2850d871fc1c9e97c23

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
b6e26e6a32dc0218bfa7072d2ebdac82

SHA1
0f48b05f5354ddec5b819e8f9f5d94ab890a79a5

SHA256
64b7d5974077a86fd62280d61eb710efa82355aada7772649d0eb7cf605c3ff5

SHA512
7881d14825eec19e33ce6735cfb420f5e1a17e72169ef5e417be3f94a6270c3908c13ab5cdc72d205656629041aa1b5b03ed0b306d183492af19e9c6f9db74f9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
0ba63e9d59aed4a2283b860f220445ea

SHA1
957be5946ff7721fde5a0fa56e49789e57740d53

SHA256
55ab0e31f58346b244d056787562a8353385e0d6499af63dac5c1366303f76ab

SHA512
e7134e985920237bcf7bdeab9b16100cec0ace96fe31aab2e7766b55f7c96d23e9daa1987d3e0929448b33f01368097636726b2a7079bfd1ac586c0822da81c7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
9ab371f2d01a0dbb61d1a99f5f3daa6a

SHA1
d45b0f6b60ea81048e6ff431a978b6406f284e13

SHA256
f6389332642f088c681c2b96ac2dce80ac4db5194bf25dda85cfcb97223f992b

SHA512
3d4668e3915e9ae0433e88bb19a708cbed273066291ccecd30257bf6e59e1b15ebdefa81de1c4f176b420f3d14f7d0a2f1fddd4079c464fd44ef583f7f655c8d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
42ac258d76028886cbceb38ed16737f7

SHA1
8d59af0a90a69603172b316dd380400421fb3c47

SHA256
fcbe04f576c8830dec149855ceb9bdb5cc4e11a78552d24b5620659315fbfbde

SHA512
395093b91652bfbf6baeb1a442e734f253fabe229bf2bd237d49b602be75b0eb5b016340e299bd17a588e0e70c36211a9f6e222177f3da975b6ed46ad77d5305

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
d4a2e97bc8e5d014ca020a0081ded147

SHA1
4ed1c9296be5e29ead8991c0f334e77cdb43849a

SHA256
972dc056f04c8a500b920777b37c28b0bf0976f7580254b3d2d47e9da5b8e86c

SHA512
5f3364a7fa194b6369a949e61041d364ecddeb8ad278d531c4e894e08fde4868f59c764355fa34dbc862be9b191c5593d818eb28ce814a9b10e6fa2320ad8259

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore.jsonlz4

Filesize
3KB

MD5
5937c4de22c6a32a3abdac7e32d88fa7

SHA1
200df1caca34f59dd85821861f530323843b2358

SHA256
2ba737c98324fcc80c7b4816d6834c07f84ca6a582e458f89ee61394fefda61b

SHA512
fa03d0de87f076e67019d2d795d1dac777989d591c7e3c4182ca7c8092cdcb8dc777dd0060819e4421eb4da055b7da3460172fc0dcbc0a63a4fa62d201395adc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
e7d901ad03d22078f4c42ecc83c3bd45

SHA1
13ffe2ced2026e6b99c39a96d006c7832a72ba17

SHA256
fddee54013f830a84e74dce5679f6e4c3c71b4c5c51ecdf58bcef7e27eba4f17

SHA512
8e7373116183db845f03c74e28effbe85b53c6c109f0a1a867fc4daa2944c099846644c5b6ecfa6408091d097a08b3f1b8cedcbeffbdcfaa14147f6b76663ec9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
192KB

MD5
93eb7124f711edd46c37de4930131d70

SHA1
aa8510c36e8e97fabb5c86784c86993078ef5b83

SHA256
8b36aa927aa2a73daaf375c846f872782a38f6d7878057543cb7910b6f622a9b

SHA512
3b6565440ef5a7b7353c08c915c3245cd56bef168a0380a904188f2acb2d171637be09cf993f07481cc07f4f2453111b726a382568021cb677adef7d55255efc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\indexeddb+++fx-devtools\idb\478967115deegvatroootlss--cans.sqlite

Filesize
48KB

MD5
49f4dd7d823d48e8368cdf264034ef92

SHA1
6ed322194d536db2f2ef0b16c9164348df666d97

SHA256
47673d99a9beb38b6d0385d4d1e41f4c9d072aebc01511c5e63b2f9c3a81a129

SHA512
7dce9834fb5973cb71e40fedc1584ed8a3fc11592b91e80aab3e09a17564996935303439c01acf5f8a9a86a3e6c48d8d6fc7bbf44ef0efb44cf837a661fb0703

Download Submit
memory/3408-136-0x0000021AD02F0000-0x0000021AD02F1000-memory.dmp

Filesize
4KB

Download
memory/3408-16-0x0000021AC9720000-0x0000021AC9730000-memory.dmp

Filesize
64KB

Download
memory/3408-0-0x0000021AC9620000-0x0000021AC9630000-memory.dmp

Filesize
64KB

Download
memory/3408-35-0x0000021AC88E0000-0x0000021AC88E2000-memory.dmp

Filesize
8KB

Download
memory/3408-137-0x0000021AD0700000-0x0000021AD0701000-memory.dmp

Filesize
4KB

Download
memory/4128-242-0x0000021B8D700000-0x0000021B8D800000-memory.dmp

Filesize
1024KB

Download
memory/4128-204-0x0000021B8D500000-0x0000021B8D600000-memory.dmp

Filesize
1024KB

Download
memory/4256-45-0x000001D1C1000000-0x000001D1C1100000-memory.dmp

Filesize
1024KB

Download
memory/4268-103-0x0000018B784D0000-0x0000018B784D2000-memory.dmp

Filesize
8KB

Download
memory/4268-125-0x0000018B78920000-0x0000018B78940000-memory.dmp

Filesize
128KB

Download
memory/4268-66-0x0000018B770E0000-0x0000018B770E2000-memory.dmp

Filesize
8KB

Download
memory/4268-101-0x0000018B784B0000-0x0000018B784B2000-memory.dmp

Filesize
8KB

Download
memory/4268-105-0x0000018B784E0000-0x0000018B784E2000-memory.dmp

Filesize
8KB

Download
memory/4268-107-0x0000018B784F0000-0x0000018B784F2000-memory.dmp

Filesize
8KB

Download
memory/4268-109-0x0000018B78610000-0x0000018B78612000-memory.dmp

Filesize
8KB

Download
memory/4268-64-0x0000018B770C0000-0x0000018B770C2000-memory.dmp

Filesize
8KB

Download
memory/4268-61-0x0000018B77090000-0x0000018B77092000-memory.dmp

Filesize
8KB

Download
memory/4268-192-0x0000018B78680000-0x0000018B78682000-memory.dmp

Filesize
8KB

Download
memory/4268-99-0x0000018B78490000-0x0000018B78492000-memory.dmp

Filesize
8KB

Download
memory/4268-190-0x0000018B78670000-0x0000018B78672000-memory.dmp

Filesize
8KB

Download
memory/4268-97-0x0000018B78470000-0x0000018B78472000-memory.dmp

Filesize
8KB

Download
memory/4268-95-0x0000018B78410000-0x0000018B78412000-memory.dmp

Filesize
8KB

Download
memory/4268-93-0x0000018B77AF0000-0x0000018B77AF2000-memory.dmp

Filesize
8KB

Download