Analysis Overview
Threat Level: No (potentially) malicious behavior was detected
The file https://github.com/xmrig/xmrig/releases/download/v6.21.3/xmrig-6.21.3-msvc-win64.zip was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Modifies data under HKEY_USERS
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-12 14:49
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 14:49
Reported
2024-06-12 15:39
Platform
win10v2004-20240611-en
Max time kernel
2251s
Max time network
2689s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/xmrig/xmrig/releases/download/v6.21.3/xmrig-6.21.3-msvc-win64.zip
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff80afcab58,0x7ff80afcab68,0x7ff80afcab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=1840,i,5505526774553456296,17534880630822231529,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1840,i,5505526774553456296,17534880630822231529,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2220 --field-trial-handle=1840,i,5505526774553456296,17534880630822231529,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3056 --field-trial-handle=1840,i,5505526774553456296,17534880630822231529,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3076 --field-trial-handle=1840,i,5505526774553456296,17534880630822231529,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4444 --field-trial-handle=1840,i,5505526774553456296,17534880630822231529,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4912 --field-trial-handle=1840,i,5505526774553456296,17534880630822231529,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4444 --field-trial-handle=1840,i,5505526774553456296,17534880630822231529,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4816 --field-trial-handle=1840,i,5505526774553456296,17534880630822231529,131072 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffffbe546f8,0x7ffffbe54708,0x7ffffbe54718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,37944191092184525,1902682673638134882,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,37944191092184525,1902682673638134882,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,37944191092184525,1902682673638134882,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,37944191092184525,1902682673638134882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3672 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,37944191092184525,1902682673638134882,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3684 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,37944191092184525,1902682673638134882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3932 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,37944191092184525,1902682673638134882,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,37944191092184525,1902682673638134882,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3672 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,37944191092184525,1902682673638134882,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3672 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,37944191092184525,1902682673638134882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,37944191092184525,1902682673638134882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2096,37944191092184525,1902682673638134882,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5480 /prefetch:8
C:\Users\Admin\Desktop\xmrig-6.21.3\xmrig.exe
xmrig.exe -o pool.hashvault.pro:443 -u 46d7gtNUPbDXfJ8BGdfQjYhaXDU1akbwCGST4hNmj2F4661WXFsZ5myKAm5r46TMZmJ2cFURrAWaiSJh4W9wqzEd5REPnzB -p Linux -k --tls
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaPatchSdbTask
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 185.199.108.133:443 | objects.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| NL | 23.62.61.75:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 75.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | paste.com.tr | udp |
| US | 188.114.96.2:80 | paste.com.tr | tcp |
| US | 188.114.96.2:80 | paste.com.tr | tcp |
| US | 188.114.96.2:443 | paste.com.tr | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 2.96.114.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pool.hashvault.pro | udp |
| DE | 95.179.241.203:443 | pool.hashvault.pro | tcp |
| US | 8.8.8.8:53 | 203.241.179.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.197.17.2.in-addr.arpa | udp |
| US | 52.111.227.11:443 | tcp | |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.33.253.131.in-addr.arpa | udp |
Files
\??\pipe\crashpad_640_ZBNQLXPUQIEFONGC
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\Downloads\xmrig-6.21.3-msvc-win64.zip.crdownload
| MD5 | cef0ae1ab544e40b659261a4e07fe48f |
| SHA1 | e5ff855ce3c7726a50eb50a634ff9f406b3df093 |
| SHA256 | 713263085499ae626a6148fab67932c9a69611b21ac3d04cf52a5e23495f902e |
| SHA512 | 1fb23b385e6cff3653f0b4b397d092c7be4df62899c97e18f675df2024e5f06ef2596fb626b85ae2ef7d7583c5bf54b00dba1a5ad566c2707a669a48d9814ba8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 9301be1a98ffe1ba2f73018b6d471a78 |
| SHA1 | c37bdaf36902c0c422ae37dfa2a39812b771c87b |
| SHA256 | 6aeffd9048987c7a21d5ec857ef07af189ce6a162f0ada678aa275878d5f1e3f |
| SHA512 | ddfe6c3a8ce3d18e0a6d043d44b6ffd96bf8070019012191c00360744ebdbd36a164e05ed7c87f9e124513e5d8073211fe130423a33d859b690335938b629ca6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1fda2b8f57f3c2fed85c528d9837b421 |
| SHA1 | d5571cd248782a3cdb6c729418af4542f2e04a47 |
| SHA256 | ca561483bf35ac7d29c21c7bfb8064c4ed5fb10c1c295c9d1a4ce48ccc582e9b |
| SHA512 | e9d0072b061172a76d56ceb2b80b3c2a1622abdb7342aaffe09fb76fc36530a720af488d66fe18b1900b5c68376a42aaf565ff11f38d95104e959ed46de531c3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 1bbf3c3897dcfaeeb62f0c8c55306e58 |
| SHA1 | b704ae85c14ebf77cd88f5b55424a99721cceb46 |
| SHA256 | 5c0a0ac473f25aaa92fd4b2bb0e4d9ba5b0de80db3f240fce271eb124e807060 |
| SHA512 | 861f626ea659ddc1abf80fed0506195f5324f31060eb58740d256548fa828ec1e4edfed7e7b8c846930922f842517f94ec9db0ac4f0b08920aafd22031723d95 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | f7b689147e5a0c3761a41f1a16f7f2a6 |
| SHA1 | dd7e22b9a61a3e00d357dc1abd325311077b2f64 |
| SHA256 | 46d2a5f7fc1ff6ec73d46badba589ffce4e21deccc24e2f48233024f6b316ce1 |
| SHA512 | 52537e19df956de1476b2eecd5fc566a612e8db2983a69ac854a9363163ea77902d3b894448aaba199d53cd44d4991d5b889d1c765c6f0d560aeb2da103c3da5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 25b5c6a948c72f127285d5ebc3140746 |
| SHA1 | 10bd8743ee7b1a25519423adb4eb7b17896ae276 |
| SHA256 | 61ae2fc0d75fba12b14f210687c0730ba028e88565ad4754586b9f7dfa5f2214 |
| SHA512 | 700c058af9f84b34b3a5d321a2fe07b55863688980e39f64b480da15c31a1ccfdeae801f71c6ec3e818ebb8eea110813659bdc08e200f1a1afaa97d0594672b0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c141e1764e852ac5d497791780acceda |
| SHA1 | d57c5684a3be417c42610d1d8785375d12765d01 |
| SHA256 | 1c4ec887faae898cdcd0139ca5431d557b7be7c2df5e708f741d9afd37a9b881 |
| SHA512 | 6414e432ec02af8a0461db390555714f18b2a657750de01208edd88d270327f7d83f411d9a36f1ddb5defde43326b2ce63b4b8c4e7c0bd2d1ebb85342ecec8e1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | ff1c162800346bd8d15c169dd2242315 |
| SHA1 | f9cfa9a96bc20850f7eb238d9663a1cb106409b9 |
| SHA256 | 644fb4ea2b41a1b88847bc40071a001ba30c666dd7482411846d55351298eb10 |
| SHA512 | b94643f479223f759b17045a89659a78985f04ef201d257da6076eb3c3a59be08a2995833a6bc2019a159dda70e3934ea52e98c1caab441e07c75daa98b6039c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
| MD5 | 5dfc288bd3665b129a70511b5f37ef24 |
| SHA1 | a0c38ee2688d2fb10816c74474f69cf1c95c7d51 |
| SHA256 | 0ba3d84f819614544d2f079ad763b3e3fa2436d91f4ca7847eee887a0d832841 |
| SHA512 | 3b8c02bce5ce8870feb2b09ab38a6de78702cb9f16fec1d1ec3e5e38b472c0499d20052fb249ea0cc8fc5c87cbe6f62e3cc3ce3fed7a5097d072cddf52a8be1e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56067634f68231081c4bd5bdbfcc202f |
| SHA1 | 5582776da6ffc75bb0973840fc3d15598bc09eb1 |
| SHA256 | 8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4 |
| SHA512 | c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 81e892ca5c5683efdf9135fe0f2adb15 |
| SHA1 | 39159b30226d98a465ece1da28dc87088b20ecad |
| SHA256 | 830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17 |
| SHA512 | c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e2b6cf6528a62da7005897a584c521ab |
| SHA1 | a711e25440323ffe5c82634327f13594cb1ebde7 |
| SHA256 | b8d83560573bf32c10370c82f4106ef21b2762016538243b95abf6d8c5b403ab |
| SHA512 | 3855897001c7b16fe4657c211ce9bc69a81c376614a72af17380bbbd031321af5533f431f9953a5d6958f082d7c8f6dc59ac6fda4c5ff0c003a35b5220031c86 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 127fcb393e4c2aee82959e9593769965 |
| SHA1 | 75a111e492291ac30063bdba107e7c8835d314f9 |
| SHA256 | 8491095ca9e5b387f0013d7effc29894fb51c658524f105511fbf99bb01d2857 |
| SHA512 | 32eb00c7b0205755713b59f5a25fcc1bdc761bd0fe73f97d4e7c71d666658781198f0d091f19c98f827774ded5d0e9e08100ddc67ecc15f0bf078a5e3a5b658e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c08a61f76cab130421af0b2a847f7c85 |
| SHA1 | 59671ecd47e0f0fcd7bd853e67f02f12ee178927 |
| SHA256 | 41fb799315bffa6dc45380efbe9697513899c6426fc19278af8a7600c7ee80bd |
| SHA512 | af1eaaa81a77a72dca16b8c6863af18362379bdf4aa5472bf8ec0a23c421d2f3c65a8fabe8ab8e8dfe5f9c5819a3427c71f1761ca6b6dde1de155235c609e40f |
memory/1360-208-0x0000023DEA6D0000-0x0000023DEA6F0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 30d3db21c73e82d4b3a85f5df512caaa |
| SHA1 | 3074a4b70b60c8d6d9dd7ac7c1bc3eeec93d6139 |
| SHA256 | 6a396e620a06810353427248ecc8a72e0e4a5919f55d7c226f25f725dacd156b |
| SHA512 | 8d351d0adef7b8426578eba3d66d7f20603c71e03180d1965784ce1c623fc2c68605be2a535559fa2804bc612c91c9312553a87923c5fbca320865075ca046d0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 48884b866159cf59db08d0efba87250b |
| SHA1 | 0491be5e7b40226c803305e1611a028d426cbf05 |
| SHA256 | 2534ecf370698bb1a0c874117826921d22eb9b82d070c353f0462444140173cc |
| SHA512 | 8f5b88124234810c358fe623af375bea31485a2fde3f7cae697da7ba010248b8cd19a13d51a813a442d6e116a01762776535808e9edc5de50fc519851614910b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b9bf56d96545dfb5a6b1f7b716e928e4 |
| SHA1 | 87e1a46213de59c40c9040289aed6bdd33fd1551 |
| SHA256 | 01a119f32d103e6432daa1e2105c18cf5e209a55de8298dec2d43ee302db95e9 |
| SHA512 | 6241453778d83242104fff80d19dde18c9cf8fd2964fcf011854b2644b76a691c7e8e898965793cc7634ca33a9d1f267e0e1bd43a9336e8a67a14481af57e80d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 8551f7fed51dcdc07fd5534ea089bdb8 |
| SHA1 | 4eb202c57ddd65e6f40b15e645ea31fcb92ecc5a |
| SHA256 | 4c4421f5136c561678d29062af1249a86543a6d89375488b1636fe82d2e9b01d |
| SHA512 | 24070759593a7658becbeda47f4cedb739b26690f796ad47bcff1c14e549b1c831ddd1efb6225ad3d5ca43e699de8af1f17dceab0c4597bf7978f891a54635cf |