hxxps://cdn[.]discordapp[.]com/attachments/1206199382462955540/1223192984791552110/RDR2_FamilyMenu_1_2_4[.]zip?ex=667e79bd&is=667d283d&hm=69b5e9ec50483375f9236a993252d8e438d2141dccfd89ee92e6bd59e229652b&

Analysis

max time kernel
209s
max time network
202s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
27/06/2024, 13:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.discordapp.com/attachments/1206199382462955540/1223192984791552110/RDR2_FamilyMenu_1_2_4.zip?ex=667e79bd&is=667d283d&hm=69b5e9ec50483375f9236a993252d8e438d2141dccfd89ee92e6bd59e229652b&

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133639692951460696"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3169499791-3545231813-3156325206-1000\{9EEC8940-3A38-478B-85BE-D166E2471C71}	chrome.exe

Suspicious behavior: EnumeratesProcesses 17 IoCs

pid	Process
4272	msedge.exe
4272	msedge.exe
540	msedge.exe
540	msedge.exe
2412	identity_helper.exe
2412	identity_helper.exe
2932	msedge.exe
2932	msedge.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
1940	msedge.exe
1940	msedge.exe
6128	msedge.exe
6128	msedge.exe
4796	chrome.exe
4796	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe
Token: SeShutdownPrivilege	3388	chrome.exe
Token: SeCreatePagefilePrivilege	3388	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
540	msedge.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
3388	chrome.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe
6128	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 540 wrote to memory of 3672	540	msedge.exe	83
PID 540 wrote to memory of 3672	540	msedge.exe	83
PID 540 wrote to memory of 4008	540	msedge.exe	84
PID 540 wrote to memory of 4008	540	msedge.exe	84
PID 540 wrote to memory of 4008	540	msedge.exe	84
PID 540 wrote to memory of 4008	540	msedge.exe	84
PID 540 wrote to memory of 4008	540	msedge.exe	84
PID 540 wrote to memory of 4008	540	msedge.exe	84
PID 540 wrote to memory of 4008	540	msedge.exe	84
PID 540 wrote to memory of 4008	540	msedge.exe	84
PID 540 wrote to memory of 4008	540	msedge.exe	84
PID 540 wrote to memory of 4008	540	msedge.exe	84
PID 540 wrote to memory of 4008	540	msedge.exe	84
PID 540 wrote to memory of 4008	540	msedge.exe	84
PID 540 wrote to memory of 4008	540	msedge.exe	84
PID 540 wrote to memory of 4008	540	msedge.exe	84
PID 540 wrote to memory of 4008	540	msedge.exe	84
PID 540 wrote to memory of 4008	540	msedge.exe	84
PID 540 wrote to memory of 4008	540	msedge.exe	84
PID 540 wrote to memory of 4008	540	msedge.exe	84
PID 540 wrote to memory of 4008	540	msedge.exe	84
PID 540 wrote to memory of 4008	540	msedge.exe	84
PID 540 wrote to memory of 4008	540	msedge.exe	84
PID 540 wrote to memory of 4008	540	msedge.exe	84
PID 540 wrote to memory of 4008	540	msedge.exe	84
PID 540 wrote to memory of 4008	540	msedge.exe	84
PID 540 wrote to memory of 4008	540	msedge.exe	84
PID 540 wrote to memory of 4008	540	msedge.exe	84
PID 540 wrote to memory of 4008	540	msedge.exe	84
PID 540 wrote to memory of 4008	540	msedge.exe	84
PID 540 wrote to memory of 4008	540	msedge.exe	84
PID 540 wrote to memory of 4008	540	msedge.exe	84
PID 540 wrote to memory of 4008	540	msedge.exe	84
PID 540 wrote to memory of 4008	540	msedge.exe	84
PID 540 wrote to memory of 4008	540	msedge.exe	84
PID 540 wrote to memory of 4008	540	msedge.exe	84
PID 540 wrote to memory of 4008	540	msedge.exe	84
PID 540 wrote to memory of 4008	540	msedge.exe	84
PID 540 wrote to memory of 4008	540	msedge.exe	84
PID 540 wrote to memory of 4008	540	msedge.exe	84
PID 540 wrote to memory of 4008	540	msedge.exe	84
PID 540 wrote to memory of 4008	540	msedge.exe	84
PID 540 wrote to memory of 4272	540	msedge.exe	85
PID 540 wrote to memory of 4272	540	msedge.exe	85
PID 540 wrote to memory of 1996	540	msedge.exe	86
PID 540 wrote to memory of 1996	540	msedge.exe	86
PID 540 wrote to memory of 1996	540	msedge.exe	86
PID 540 wrote to memory of 1996	540	msedge.exe	86
PID 540 wrote to memory of 1996	540	msedge.exe	86
PID 540 wrote to memory of 1996	540	msedge.exe	86
PID 540 wrote to memory of 1996	540	msedge.exe	86
PID 540 wrote to memory of 1996	540	msedge.exe	86
PID 540 wrote to memory of 1996	540	msedge.exe	86
PID 540 wrote to memory of 1996	540	msedge.exe	86
PID 540 wrote to memory of 1996	540	msedge.exe	86
PID 540 wrote to memory of 1996	540	msedge.exe	86
PID 540 wrote to memory of 1996	540	msedge.exe	86
PID 540 wrote to memory of 1996	540	msedge.exe	86
PID 540 wrote to memory of 1996	540	msedge.exe	86
PID 540 wrote to memory of 1996	540	msedge.exe	86
PID 540 wrote to memory of 1996	540	msedge.exe	86
PID 540 wrote to memory of 1996	540	msedge.exe	86
PID 540 wrote to memory of 1996	540	msedge.exe	86
PID 540 wrote to memory of 1996	540	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/1206199382462955540/1223192984791552110/RDR2_FamilyMenu_1_2_4.zip?ex=667e79bd&is=667d283d&hm=69b5e9ec50483375f9236a993252d8e438d2141dccfd89ee92e6bd59e229652b&
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaa3f246f8,0x7ffaa3f24708,0x7ffaa3f24718
  2⤵
  PID:3672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1844,5956264842563390625,12903432382039975490,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
  2⤵
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1844,5956264842563390625,12903432382039975490,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1844,5956264842563390625,12903432382039975490,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2608 /prefetch:8
  2⤵
  PID:1996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,5956264842563390625,12903432382039975490,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,5956264842563390625,12903432382039975490,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1844,5956264842563390625,12903432382039975490,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 /prefetch:8
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1844,5956264842563390625,12903432382039975490,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,5956264842563390625,12903432382039975490,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1844,5956264842563390625,12903432382039975490,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5140 /prefetch:8
  2⤵
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,5956264842563390625,12903432382039975490,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:3752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1844,5956264842563390625,12903432382039975490,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5700 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,5956264842563390625,12903432382039975490,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:1
  2⤵
  PID:368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,5956264842563390625,12903432382039975490,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6156 /prefetch:1
  2⤵
  PID:4396

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2960

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2592

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xb4,0x108,0x7ffa91e9ab58,0x7ffa91e9ab68,0x7ffa91e9ab78
  2⤵
  PID:3208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1596 --field-trial-handle=2016,i,11266419288807940759,6315493886062137618,131072 /prefetch:2
  2⤵
  PID:3960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1784 --field-trial-handle=2016,i,11266419288807940759,6315493886062137618,131072 /prefetch:8
  2⤵
  PID:3836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2236 --field-trial-handle=2016,i,11266419288807940759,6315493886062137618,131072 /prefetch:8
  2⤵
  PID:3628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2888 --field-trial-handle=2016,i,11266419288807940759,6315493886062137618,131072 /prefetch:1
  2⤵
  PID:3812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2896 --field-trial-handle=2016,i,11266419288807940759,6315493886062137618,131072 /prefetch:1
  2⤵
  PID:4472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4248 --field-trial-handle=2016,i,11266419288807940759,6315493886062137618,131072 /prefetch:1
  2⤵
  PID:5216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4268 --field-trial-handle=2016,i,11266419288807940759,6315493886062137618,131072 /prefetch:8
  2⤵
  PID:5272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4556 --field-trial-handle=2016,i,11266419288807940759,6315493886062137618,131072 /prefetch:8
  2⤵
  PID:5324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4380 --field-trial-handle=2016,i,11266419288807940759,6315493886062137618,131072 /prefetch:8
  2⤵
  PID:6000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4568 --field-trial-handle=2016,i,11266419288807940759,6315493886062137618,131072 /prefetch:8
  2⤵
  PID:6020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4896 --field-trial-handle=2016,i,11266419288807940759,6315493886062137618,131072 /prefetch:8
  2⤵
  PID:6104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4764 --field-trial-handle=2016,i,11266419288807940759,6315493886062137618,131072 /prefetch:1
  2⤵
  PID:5384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2756 --field-trial-handle=2016,i,11266419288807940759,6315493886062137618,131072 /prefetch:1
  2⤵
  PID:3632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5104 --field-trial-handle=2016,i,11266419288807940759,6315493886062137618,131072 /prefetch:1
  2⤵
  PID:5760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5084 --field-trial-handle=2016,i,11266419288807940759,6315493886062137618,131072 /prefetch:8
  2⤵
  PID:4768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3192 --field-trial-handle=2016,i,11266419288807940759,6315493886062137618,131072 /prefetch:8
  2⤵
  PID:5464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2908 --field-trial-handle=2016,i,11266419288807940759,6315493886062137618,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5300 --field-trial-handle=2016,i,11266419288807940759,6315493886062137618,131072 /prefetch:1
  2⤵
  PID:3160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5376 --field-trial-handle=2016,i,11266419288807940759,6315493886062137618,131072 /prefetch:1
  2⤵
  PID:1944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=848 --field-trial-handle=2016,i,11266419288807940759,6315493886062137618,131072 /prefetch:8
  2⤵
  PID:2340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5676 --field-trial-handle=2016,i,11266419288807940759,6315493886062137618,131072 /prefetch:8
  2⤵
  PID:6048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5740 --field-trial-handle=2016,i,11266419288807940759,6315493886062137618,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4796

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1936

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://java.com/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:6128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0xfc,0x124,0xf8,0x128,0x7ffaa3f246f8,0x7ffaa3f24708,0x7ffaa3f24718
  2⤵
  PID:6012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,9190770621334035754,17294678296338387076,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
  2⤵
  PID:5980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,9190770621334035754,17294678296338387076,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,9190770621334035754,17294678296338387076,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
  2⤵
  PID:5604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9190770621334035754,17294678296338387076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:4224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9190770621334035754,17294678296338387076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:6140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9190770621334035754,17294678296338387076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:1928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9190770621334035754,17294678296338387076,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:1792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9190770621334035754,17294678296338387076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
  2⤵
  PID:5964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9190770621334035754,17294678296338387076,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:1656

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2500

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3000

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x418 0x4c4
1⤵
PID:3424

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
22KB

MD5
bce732e1e76923d0ad8daccd55b078ab

SHA1
39e2e304ec9700b77b1b7e22435b5bfb012455b9

SHA256
430a39106c18b4cf8e9b16e7d5a0823b029cab6f95b6264bab0114340fa84ce3

SHA512
ce7e3e88acaff9aa63edaeb1f90ef346c2c42d55f80128101e85dc511e8c97484982fd7bf5705cae6b768593e83e6502e396f7bccbf1109c23066fea68cbf2d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
19KB

MD5
b68743724f30bab18e5f2556c8770bc0

SHA1
808e1e7387097820d6059c836b3d65b6a4ab61c2

SHA256
5830e4d376959aa39163b70792e4fc2652da57f7e67aaf99d6e0de3397cca7b7

SHA512
8367ec9b732a608ac975fcb6ad2816e92796a015d3fa9290f32ea9a8ac0df491d37d8068cc419806549c8777023d65cfa953a4cb280f983f5830da741dde3fcb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
56ff8229457e9fcf269c5f034193828f

SHA1
09a45fd24a36ecd4336e4d56447c83269144ae3c

SHA256
a9ff0313fddf09e7f41a3882d264553707305a04813ae3eef04cbac9f18a0a5c

SHA512
57e9c2edf747c2943f891e4da7320559a8039e55c1f90209366743a4e67bd3b91268de128f11a4ecf3fd1cfab582ff805238fbbd3e7eda4f28abf88a64254d00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a113a8e14a9e97a7b2b6bd03dd1eb906

SHA1
d9811b4c6a6f5bfa99f45a57d92c1a151786a02e

SHA256
69d7185aaaed4216d9f4bc46a2353dc3f718566724e2dd9e2f1c815f049ee329

SHA512
4997d94a4c91d017a9533467cc729bc83671f314e4bae10be8d4f10c963fb563fc6f8e24d21a1200fd9b1671ae7c7d0b014ebe8c1baa8f48cdf3de49832faecb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
39bed01e4616e1cda5266ac7912f5fce

SHA1
dc5dc07e0e3e69d1096485c4157a1d2ac078c947

SHA256
abd4fd89f957139d3bf1abce79ef49e962c002e825f284093916b08f82fd19a1

SHA512
0b5a94871337f0b472e00f2adfbe2333fd8d5e5c1c6fc658a9d6b410948aeb36ffcc02e2982a3ffc79f4b6b5af8d00021ebb3b0a329c96cd321430f6b7d65204

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
8f52c84cc59c7cfee67dcbd0ab166afd

SHA1
ccacfd496030f787f8caacddfc6a4756e5b46fbc

SHA256
32f2926e3aaffd9c6a3cefbe71ed26be68a807f17529bc6c2dfc64c94e5c52ca

SHA512
2252d6e2328e90c4fe31cb1a3b4e8606f20e732189da2866bbfe3e3f6b8b165fd162355396daf8913a1413dcb7b4e4fd51df1ad679ab3e6f9048fdd3fd6c85b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
8ce3f5bcbc84f6e1022d44ba99158de0

SHA1
e241c30cba3d77e4cf4e30fe7a35dcbf5ac42a4c

SHA256
1d59a50216a19f4cc7994242ec81d6ccee39e72127f4dc7658614d890f08cdae

SHA512
7080186440820275590a4a3ecc68f680b748600af01e4592e1f5c2f7ad9bd97898e863cc0519a0dbb34dd692af7e2c88dfbd86f15a6a9a4b8cb411128d28239d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
756a490a1da6df0304801a825c65f6de

SHA1
044685625e665e1288cf7bd9c4fc14645bd77e1e

SHA256
91a42a349f07cd01490426c7d24b319a909f3710fa065690f9ce767ecc57f894

SHA512
f0726ebdc3f8ace88d8d70383279d87be57ed6aacc1ce85ae60a2b6e3332bca632e08502cb4ac9515881fe8311896a686d88075a3bfcb40cd0c531290f799c9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f282b275290ff82bdfeb56900167c5e3

SHA1
63b26e3772f4ea275228d110e94678dfcda0b0e2

SHA256
383d87c41086fc0986191ec0618ffc9805907ee2aec461678a7eae71d2cfae3f

SHA512
88edfd0a44252ec7958e85930e33e400ceccc87ddc5cd602ef3c7364c3751a25d0cbc15e9b65431cdc21b904c8ab07fe41f2f2b876c514ea2c14123168df8a37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
860B

MD5
5fc0be634e7d2b56efc7c5bb228e95ec

SHA1
ba0b9611543ae28bcd28f218ffaec1fb8f9c1dce

SHA256
e05f980fe80fd99dc68bb1acb8c63089756a186920fd4ee08201b25d9a4e6f22

SHA512
5d18b345c01c54f64e08a093468020ea5112629b3d56f144a9a67ba69a5c4ef19dc1519e413a75ae01586f74e479ccc980ef3a0cdcbe8d938a4246150516ff39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
43b9d0de0bce23312159a1ef8074cf5e

SHA1
381220ed6ad3c6c3cfd41529e9278a9a7621994b

SHA256
50a5799a71d9252edf6f0e7e918e897d81a7489067305d25b5eac71a187a1397

SHA512
fd9f85d85a46cac182e68baf5659c1a5c636fa0a674580e0ebdcf6fc159c4e135b075437add93fe4d37e4c912d247b771d726665413a3edca959c37da435c21d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
94921fb74c89cbe1df72dcf47d38a1f4

SHA1
bae38f135869c3f638ac8d9b9ff81260884a10ae

SHA256
5152fb0f89c102317831bcd85c29d146896173410d6955ad68b19a781cbd1bf3

SHA512
83958d8d3efde113e929aac406743012640c3cd79ee2e2857be54cd607cd740712239780f70dc6efeb6b314656b0a64187325794630caf70fae06cf99d0f7f39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
2c84daff430d4340b62122e5a245140d

SHA1
41fedf555bf8432db501bdc482b08d1b02bc8f82

SHA256
619a4c5e6e8753c427b701674196ad8f87f16ebc87170f90794df10fc097f22c

SHA512
37ecb482501ba888dd312045b77301f546853b28f1c503243d70e02fc14db637d5d3d29b4b5f23ff3864a3e0272a212da8ddb2e137398878a13475f546f3f929

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
15f487004ee83e0e06d88fae4640084c

SHA1
87228f5c95e9566c39bd5593c9f424384c879669

SHA256
13edb721b8d9e9af59b01ada18f99c7aded08c16a6c6e33c279578b98a84c502

SHA512
491eebbfcfc64972d0eb1df40203ff08f85b0027854af705a908479aa484fe23b6401a40b55f86be41d89da2a6908b803136e23bb9bed5a04da27b6e9262106f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
761adc2a8b93781448b9cce5da5a0562

SHA1
577f57469734a34e704787e225b9e47c0bfad6af

SHA256
ca5c24b95aa2fc92208694336a7883e3772b74afc2a649d6548581197f2eaafc

SHA512
03435e4e20d0f65d8d37c63855af101c05c56c6539671a63455c722b3c9b179d931e9c819c32e94f2896f312e4b3706160823691f3f0716a3df95d38144e1019

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
cd60b78060f78f6f51ad8e9191f96840

SHA1
a14d2fccec85bbc1a4ccaf6663c18ef1de858c15

SHA256
d925dd4669206a7ffcb55a64fc28827f82440c5b76c482071bae6bfd0ecc9ff9

SHA512
4f35acdfeb91074b9af6869a76939f39b2ad043e7bad0ec20015d3db429c360809df537f595474051b21e192129a82cbadbacb5bac4f631404e88906fdb5ec98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\78dfac15-bf2c-4412-8b2a-6feb5913add4\index-dir\temp-index

Filesize
2KB

MD5
accc67d66a15a1f09a5a10222bde94b1

SHA1
7ec398a1ce4ba79bf043adba6238e82bff8bbe8b

SHA256
39c424458303e8260ef425e76065ce4ed42eee35e28c284c7b904dcec73bbf4f

SHA512
836861b7c7797290f67e9addec9fd1912068ba4dc660d0c391f59e558d36235fe357f6d59996f487bcab1a37cc62cfe2f4bb4121cd542b2bbbeec50c96b7ebfe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\78dfac15-bf2c-4412-8b2a-6feb5913add4\index-dir\the-real-index

Filesize
2KB

MD5
4560445cd2e8c2990a0295937a8142ce

SHA1
2a12fa3a20b3bc8a0606369ec308b957cc7cc410

SHA256
1a2be609c2c1f78fb723abfbcebb99fbcee2df78b0ea8880845e0367ffae2771

SHA512
1cc9d5790089c5ece31a2de6902592faeaa99bbceef1d588b7c07ee7d02e90f521dcd15b6cf8a958d692f2caf8bc95477b118bdb348fbd04445221aad111e122

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\78dfac15-bf2c-4412-8b2a-6feb5913add4\index-dir\the-real-index

Filesize
2KB

MD5
a5c6b68a8dea6dada110b8207fa2af3b

SHA1
b862895398158507484b8b31487d17f79748355f

SHA256
bc424e906e17599e973f110a2c5e810fbdff96ba167412085544da2ea3ea0a8f

SHA512
e972c7c3c57f5fdb481eb6c1af483199d32684a23496f648d1df7a5b536ca293e824183027cb19ed66c4bff53b3e4e4111062401d89d1d63d5fec3ee99353c58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\78dfac15-bf2c-4412-8b2a-6feb5913add4\index-dir\the-real-index~RFe5814ac.TMP

Filesize
48B

MD5
cdefd9df29c90be227e95bda250b1aa6

SHA1
12d32cb9f8ec30073a8ab25025df43c5df078a78

SHA256
dbdb26b189fe5989a7834eb9d5633bd1002c6c2f797a89b188881aa50ceb149f

SHA512
26e264e5afaa7bfb4d385740c4dbb4e64d989d2958274b3a06991b227c75cd8865db74e55bc7a61d35e9e7fbb78c3a77f0e5038c49698d0c7e94b1d2bad23990

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ff5f1a08-cf3f-47a7-b9da-5993c97fcbd4\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ff5f1a08-cf3f-47a7-b9da-5993c97fcbd4\index-dir\the-real-index

Filesize
624B

MD5
48e89202bff034e2cfe3816c9b681bf6

SHA1
1b3f4262b10ebc897acd348b28af08a61d38d648

SHA256
aed078cacba50f291378e8aedd4c98d2deae4d958b44cb33be0d16cb557065e0

SHA512
3352e66671086601a107a33618a6c70623be8263d7058810f65760046ad800d1334d4e72dd1192eacbb50e28b857529d2cfc428229ca6003187d7639b2346cc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ff5f1a08-cf3f-47a7-b9da-5993c97fcbd4\index-dir\the-real-index~RFe5871ff.TMP

Filesize
48B

MD5
a4dfc957d11e4b4a2834170d868cb869

SHA1
4653562305bdf9d6d478ec18d9158a9bdafc9de0

SHA256
19a7ce69c4f82d3426ef023f6efb4859ddfc5fdd4d7a36a81a8bf75189b3f070

SHA512
7868c258581385fe88507f1cac73313e73c59261c286a6dc1e008778ac25e69d60d589bf4fd7be4528c945c29bf9aeb749d62a2f584e0cbe1df95d772309f6b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
178B

MD5
cb76b7ef46f21649dcbda4d97c40eba0

SHA1
b4b18e7bcf6881ae9585a0cb82a85d631cdaf70a

SHA256
3df1996a1a9fd93355ea660cba51de7e5bce89f010d593b7852156837992e509

SHA512
2c9d94623cec43fd3a8fa85f6e41d5703d1590aa45c0c9ded12b84c7f32e6a824707b5d53806c4b8413bcf358e639a72a6d21b82c4fb9aba06fc301ce5a01da5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
187B

MD5
b2b107c57d68186b34ff5eb66e8d7ec7

SHA1
9b18758fabb72a50cf371b4c36cd4e4f8dad1c4d

SHA256
d9c49259e346db747de3c709341a4239adee60f1aee976b94d3431fcc824ce82

SHA512
8cec29f334a6501a0b39680c3ff81f07ef12ed3f77fb416fc931f5acd94d96974718c40e14e9b035f7866ed276a9db6a17cbd8c5b36e30f2bfc218a341d3c00b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
8e91fe6e0f3760255f7975076e04d345

SHA1
107fac1119f3d346e6b2c2565702dbc8d187aab0

SHA256
b34f529e605530595556c53c52ff55a5d37a095d6ba18009b3fd27ce1a0f6967

SHA512
49f8c32cc71ecd7f398d02e74f6ea6d1b50b0bca1eaf6b112532e5cf387c782eb8c5644fefbd4bf58f8150f63090cab4e75a2dccd70fab401abac537148581ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
4aa144207b566f4c760c71c1431a08c8

SHA1
12a76cf843a9ca58dc18368534aff88018e8d623

SHA256
a089e51e649576086ac5ac2d6d577d69bc9e9bf654795ae84d613a833a77a709

SHA512
d5ad67ce4aeb17dec89b64546c0ac72791f34ae45a14f91d9c5c93f4c9830d419a3086f3f93f1211c74a87d04feebf1335bba97053226217c8450c741c85624f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
183B

MD5
6f62ff68dbe65d1c9508a0114fe2e0f3

SHA1
ebbc1f01efb6eb8ebcdf7a482aed1324ad1283b7

SHA256
42fb80ec5fde070a14286c9e840762f2be9eb807638c98908a339af90d03d64b

SHA512
0d7cce85582c882ec2dbe2b790535fbb9af101467ec6ce80384dfce964bb555ac5ff6dfba4655711871372f4b912434042da98bf35b5839a9597d45d1f362143

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
183B

MD5
f39cf9e2136c10ea7c2c04c63f66ce51

SHA1
c4e181f2f4ed6d549a6e6d556255a4a85dee5073

SHA256
580e2f06ad8a75936f600d90f592dc0f4bab9a3e5fefbba90dc2678ebef5d838

SHA512
ba84fe1952efc7668c5bf872cb1192fa3f47c9bcd0ce0d3ac198549dc21d414edf0051d59a7a234de7ded36e8315d049ae95531d173b2f73d64549377abe390b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
dfe8448c1a2dd0c5c60c25c7efa96693

SHA1
3c2e7c48449baa585336c020a5538aa5fb2ccf3b

SHA256
66e8c25f3c6ae05077dd368aa333f47e49159848b3297e3c31a3b8272c79bb1e

SHA512
3fb1936dd04dbd44191088d253acdbb65a0f5485b962791064cc2f4adfeb9f3580f606892616905da854040aea8b81eb47d213d0ae258be1f2244b7d4a3189ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5805d7.TMP

Filesize
119B

MD5
ef791992d2a0f390a8da5fefcd92aecc

SHA1
8edbc015be269b5d8419e9e64562da009af3654b

SHA256
51c0d38340b9190aea2c8d96c5f0f7ffa16c77f87db8bb539968bbb1ab76644d

SHA512
8b79e19925d0d3c9dc64e34244a8ade65998cf90044cea85f7830793e6930b160f91c84c839972ae6717caffcc51aed545646682cb8e4c5e35c8d230c4757e95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
5122bf8c3de041bb93142eadfcc960af

SHA1
9c4cc159d40186724504148c9f9f508a87da434a

SHA256
2c02eec43e583ecf95a71ead8c22211135f629ef73e5cc9ac7e06f22d8ddf9f1

SHA512
66a6d4d510ee1c1f0994115233ddd0b4876167c814cb9479ba2435815ec4c77c909b2a43db7c8b7bbbde578c12a8cf6718496383a75013eaa4e7bc9f18159081

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir3388_1672625471\Icons Monochrome\16.png

Filesize
216B

MD5
a4fd4f5953721f7f3a5b4bfd58922efe

SHA1
f3abed41d764efbd26bacf84c42bd8098a14c5cb

SHA256
c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3

SHA512
7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir3388_202666550\Shortcuts Menu Icons\1\512.png

Filesize
10KB

MD5
7f57c509f12aaae2c269646db7fde6e8

SHA1
969d8c0e3d9140f843f36ccf2974b112ad7afc07

SHA256
1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f

SHA512
3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir3388_202666550\Shortcuts Menu Icons\Monochrome\0\512.png

Filesize
2KB

MD5
12a429f9782bcff446dc1089b68d44ee

SHA1
e41e5a1a4f2950a7f2da8be77ca26a66da7093b9

SHA256
e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37

SHA512
1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
281KB

MD5
e54cdec2a90a1ee59018332d23a7a3fa

SHA1
5ff9bea8ffe0248f1c4658107e9fde0ffb70b295

SHA256
e4fe934c0d853eb3a85805b4c4d7712f6cdbd5f0eb70e7a4bbb7b787adbc370f

SHA512
a0dc656f7156f6bbbc6ba08ae3e257e45bd8cf68bf75044b400ad592df0bc0eeab5e94908804d085dcb715060fde21c8f4079962429ca6f1610ec01c76584894

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
281KB

MD5
d58abd9db6cbe3a279402a8798512263

SHA1
e8d5f1dd24b67332c8c3b0d95209f7d8a2605a8b

SHA256
3209c0c947a6369fa98853a14957799649e9a45e7c7480fc46e3f2add21ab483

SHA512
210a1f7c58e8df4dae0f0a2b1282cf500a95c23b67a09e4943b651c3eac953c0f142ef73d2176036a5568c6d7f39224fa04d99d2d8b12a4e38349e1564c821c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
281KB

MD5
ec7ae444758c28d4212bf32a27bf8f73

SHA1
11b1f395dffea67318c3d747d308f910ac7b1594

SHA256
f01830cca99b241ff727138ea7515a885f69728179b4bb5aab0c1cd096319a60

SHA512
456aa697edf521c9039182102e9e71eeb06f2a235926dc5e7e13375f582e3754ee97b44aea5a6e72d8cfb595746a6ac04c234280bebb289168c1a63a9898c645

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c5abc082d9d9307e797b7e89a2f755f4

SHA1
54c442690a8727f1d3453b6452198d3ec4ec13df

SHA256
a055d69c6aba59e97e632d118b7960a5fdfbe35cfdfaa0de14f194fc6f874716

SHA512
ad765cddbf89472988de5356db5e0ee254ca3475491c6034fba1897c373702ab7cfa4bd21662ab862eebb48a757c3eb86b1f8ed58629751f71863822a59cd26c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d29aced92ccb404569c51ff5aedf93ac

SHA1
2112d0991e0fbaaf136450e333220c1854d43203

SHA256
3c47d3c2cc5b3c0cfbfb6d636ebdc86e366e6deb5d0d0e14137d2fdb835222f5

SHA512
64e98c86a316f00f962c883cbcce013c6343b2e9c1b752b9b4b96d0e6cf453d47e238d59d84114991c27ca36958ae21d11588198747c2334685c58f752875c24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
99e44010fa3e7534d8ee06bf5788317b

SHA1
4107a1688492aadc6941592dbf50feba639eb050

SHA256
72889bbfa2423f12cef6e3f2e4d5166c3207612b0edde933402950d862352b3c

SHA512
e34a2be9403dbca4caf4042eed1b70546e0b09142e9d68953244a4b340d652ef4ca55d3d2062a1d8fa707f1c2236cb56d25c998328edd555952622f07aba76d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b4a74bc775caf3de7fc9cde3c30ce482

SHA1
c6ed3161390e5493f71182a6cb98d51c9063775d

SHA256
dfad4e020a946f85523604816a0a9781091ee4669c870db2cabab027f8b6f280

SHA512
55578e254444a645f455ea38480c9e02599ebf9522c32aca50ff37aad33976db30e663d35ebe31ff0ecafb4007362261716f756b3a0d67ac3937ca62ff10e25f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7a353043-7b27-4324-b236-2f338e472b56.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
b9c815bd5aaf58f4fd4c5bb7e4baddec

SHA1
ef187306c3d8b9a140d10769170f72fb3b880184

SHA256
d9690dadfd227e7068c2463567cf1a88194d6ed7739a0834936fefc3a96b4af6

SHA512
8aade6f42e0cbf6e276d77f265a26505c09f3db9945669f14936684188b82065f0dd3850d05cca98034047aafd27842d359599b50fb2c91ec0820be73f455ff3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
2128c06fc6b17373ef69623ed5deb652

SHA1
3f2493afc98a30964103619a993240c2410a3677

SHA256
74a9e436e1044177d10f302c44ed663ba4de322a4d56ffbe10e9e63455f9cd2f

SHA512
bee5fbb43dddc69c372c02ed151375c774b236e97f1fd3af7ff7aedef6a339f03c3c00871f91bbf665b276e8bbe9e09cd5faad62b3f00b1bf5dbeac7bf5b121b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
f5f30e661d421733e72f63ae225d51a7

SHA1
f319941c2573c4563e66c068ea13d4c3c184ea18

SHA256
be454783fea7071cba29d35c3f65732a858f4f851f77362a08ccfd1270ad0202

SHA512
b2bd00268d4ea022ae521310aad1ce2eac9f4b853c9471c8f571111bb2417054aad9f7308faf27d851994a37a54e6a3e2218cac74926354270a40ecf665acb43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
77c99f0998a73a71f66b4c1bdacdffc7

SHA1
f9b5020aa3bcb03e7ff69f9e89081ad28f3a6e07

SHA256
c60553ad2ead779749b463ca0e8579319eacf8da40f9a5a63a625c4fe5a67eba

SHA512
8bf6594e099bbffd738a2f3f41ce13dbcd56bef6b5ee5e40e7a0c619a354d136b6c199815eec998bbfa8e0653a94bcd29da0f88df663317856d209ad435e36f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
350070688db66afb35111f810a7e6433

SHA1
46549d68a57e7a2554bb095d555fba3938033411

SHA256
c4cbb67f29f445af7c9ec6d14aefea3fa49ecdade948d9c32446476120f7698f

SHA512
d34c0ef59b72ec454a1cdc2c83c52a7a33fc96737320b1aee6f979f34babb6ed5655ec2986ebfdcfa626f6e69a2621c3c6b342baeb9c43edc86563193f7cce1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies-journal

Filesize
12KB

MD5
3c27c3eb1b7497b2373751fc5b1d3aec

SHA1
bb7812c7e36cf7041872c1dca1569f3c56638816

SHA256
390950539e9fd865853fdae4990fdf3f408575f07bea8679d53176a1b59e321d

SHA512
b129eebdd562887b3148bfd6f858525e83840d5f3182ef9bf086a2b800f71d5d9492b50510bfdceb620fdffe3b1c895f27003cc8e56464320ba780e37608f4af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
650bf01cb12deda032191c012321875c

SHA1
8bb6f89ce82475a72910c68e80597532ca578625

SHA256
ccfa3b9d8555bdb84809c44ec919d74c65d92ed9bc33d8888047ebcebc5bf6af

SHA512
dfce7da09603d6056126b646feded14ae272f11d965a8361acc1d5cbf45df383135440b7588e8a7308e04cfa2d0fc6df6e1181bf436fa3c207708536194f514c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
d1bd1920889bbb8096be9ed378778a46

SHA1
16aaa6f756854c6cac5d109b9b3d903bd3b8fbdb

SHA256
c5c4aaccbd5223543a25439f2bbbbea0c192a319a2a42af282cacccf612cf8b6

SHA512
dcea4ffed5ddcc30d4bc5906220523489013d3b1882fb47942683e5ee378f2cfa0c27a89cc5d5cf625f5d8deb3e0f5f0082c75f4f2cc38ace992edb5c1acc164

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
28KB

MD5
dd6c9adac2311d2316519500dfb5e5fb

SHA1
00429ad158ee1699be241239dd92e1fccb2c7620

SHA256
cec37b38b12425006c62f00bcae99dc5d817e3dcdafced0289da97d1aa77aa37

SHA512
01ee8888a98d1b492d7e0f1f3b8fa559b145e20daf6667b3606779e941627697fba9cb49fd2becb4a58b13d0a0299b70648de3d4fb8ccca11013a7cf1a1cb253

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
334B

MD5
0ac8ba5359abc42c8aee7d0c19219634

SHA1
0fc9364b2507a432ef79018057996a070b731a23

SHA256
2c9e80669525309d772be24f026c9f89a506caf256b91576e52604d1f278bfcc

SHA512
7568efd60f7d0002fc1706ceb0c695d73e919067c7826142ee9bb0d50127ec5b11d0040dcf5accaad332e5cdd2b285dcb2ff41d3d003369fe231aa307a83f7af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
186B

MD5
094ab275342c45551894b7940ae9ad0d

SHA1
2e7ce26fe2eb9be641ae929d0c9cc0dfa26c018e

SHA256
ef1739b833a1048ee1bd55dcbac5b1397396faca1ad771f4d6c2fe58899495a3

SHA512
19d0c688dc1121569247111e45de732b2ab86c71aecdde34b157cfd1b25c53473ed3ade49a97f8cb2ddc4711be78fa26c9330887094e031e9a71bb5c29080b0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
917B

MD5
ce29506fe5f4cd7bb4ab5331b897901c

SHA1
cd1c7db27acf33bcef8f89ac071d16e591ace438

SHA256
f92943f91d0f2e952b0d8fd5d2a1f14e4ead4f95f61e4507f15c6bec143ba03c

SHA512
d763273b277f0e62fa07c5eeb0a69d1f0e41470aafb5d02b8aca13b7779077119e9c57bbf78cfe6f12c841c65888861f7a98e90c3dc5e6863ee80ac25e04e33e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2d441deaf6ef3ebfee3ade95e2a56d3c

SHA1
2061c8adaca9235dc30542b5d740d1a983e3779d

SHA256
85ef242a57d5ef95abc60fe82bb8acf43cd4f1addb95a9450fc876565d48e7f0

SHA512
085db26e8325bcbf869d77cee8295403270388ef8b9a7369819a377d5711e4e64dfdfd1020bdfe0ffd757248ed56a14b9b3abed750a7e253345bad8313a9f1f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f28d73561559be0548fd0ccc40526508

SHA1
74966518be385e569c1d8dd8a0f3a9292e34370e

SHA256
c193ca6427a597817d8daf216a6e59e8354d9344c1fab202538752a30a29460f

SHA512
b9b6b66d0edccf27351666db40376def900fd353e3b723b99d38ccbec253709a509c0104e36cc03faf4015f9ddbc3df146816b32e0401e9518515c94284145df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d420debbae820b5eb272a16d8899e976

SHA1
e00d59070ce427beafc8baca5552138281081daa

SHA256
eb34cf6e2d77b5f290beb90da34a966e88857097c02c39ec7150eb62e83a251a

SHA512
0add8567aa13622dcce9a70e93bdc5d6963f02c755582d548206c8629480f382ba1593a73bb26bac5a2acad4aa343c3169ada9dc80448b9803a7839c43e718b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fe5d6ab650a61fff1824f37bed8fd588

SHA1
b3b8282892992063c8a6186d500ef61c939365d5

SHA256
822391092ff53fa536729883ef09118b97bbbbcf0747cc9505668938b80cd631

SHA512
997d37f8e9d7d992dc97b6ed77df55517b71b419cac95fe1e19da9e5ae23c3f3f614efa9aaf92a26aa70aca93cd40323898e9d5c2bccdbd971dfe21faf680bbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL

Filesize
36KB

MD5
560cc61f13fdf29bcfeb49d7af205527

SHA1
2159a57580cf39074fe93f5f0dc1f753cceff16e

SHA256
20bdab10d97fddc28e69f745ef7e598f0b96e3e21ac3d0d8eb816f7f46063b2d

SHA512
c13aec526a4d88c133aa4845cb1c24b97ab121bf80fef3fead20d9460154b5623149a8e3d51040c530bc8584dfa9313e1a1b123ccd06c2f851002cba10e1c708

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
175B

MD5
6153ae3a389cfba4b2fe34025943ec59

SHA1
c5762dbae34261a19ec867ffea81551757373785

SHA256
93c2b2b9ce1d2a2f28fac5aadc19c713b567df08eaeef4167b6543a1cd094a61

SHA512
f2367664799162966368c4a480df6eb4205522eaae32d861217ba8ed7cfabacbfbb0f7c66433ff6d31ec9638da66e727e04c2239d7c6a0d5fd3356230e09ab6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
322B

MD5
f7a690d3078ff318997737c4d42e9f56

SHA1
42916307150c3e0f26921a8027c9b152c11385ef

SHA256
5eace1be2ed41048e4d145231616066978fdb2f6a8df915c60b7024c09628e46

SHA512
2c23539f4ba3580e48d7332e01784804703c64d35985a9ab994ff9fa51801c2a3484b21e06f54eb38de736d204d781120e52dbc30c315bafd0d8b85a0a3e2ec4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13363969288389374

Filesize
1KB

MD5
b02b898139e362ad2a01d2a7fbe30c67

SHA1
baa3795018b86f417902b558f741a76ecf8f16f1

SHA256
0b7fd3ad5dea7d8bb1d5cb31710fba22b5b337deab8c716a86750ead89c67f1b

SHA512
107cc9c19bc2a46ed8781c65173eff740570c4e955bf2ab3444d7b10041a185dd5457e535c04e805b4d41db1d8004b9a5aad8ca0c9045c8ae11a0bd787c72923

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13363969288589374

Filesize
1KB

MD5
303a64fa93f981e6734f30735331eed5

SHA1
d869537c5242ccb055ed159c87bd3f3b633d18af

SHA256
b820d457d4b39fbaeb39f0d2431a5ba13f159ea0cca9a343d626cb951510ecee

SHA512
6cebaf3c8a2635ca04415923b4bbd2edc330afc40e15d7a28c4105ce2c97822ee29cbb7d2dbf3fea5e4568da33e0f7eaf9df6e83cd8df6e1bf23d2ff6f6ca96e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
b2d9c09cec52879cfb3014b16e6f5e67

SHA1
0c7c17926b9ac301e9a129ebebd1baa38bf6178d

SHA256
1b0c2fb897216242f1e08d9b88e3db66a666eeba22b953032df1fbac821788c1

SHA512
e802be02d6ff3e29c67ccd61fb06c6e1d653783ddc19a2f98e67d069356cf96f708756d6a95e2e919bdb39ff60e2dbdc206e56bc6aa9632b90075336538b1c9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
5159f9c3507900ea31c0c5140cb968cd

SHA1
fef07483a1f926f6394b502efa5364dae1996ae1

SHA256
126e5917e996d04b477a42463bdea28b2f100fe754218ffaff9ee1c038b45949

SHA512
05bbdb47bab04a174d7f0059c47c4f3e4208d76473b4facd334009528ec04ce137207f0e8497561701943abf2d2aaccb1f34a01aa2cd9b4c2898b53d3121c660

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
5b7347fb8d01b8d5e3b400bedddccbfe

SHA1
bcbfbe6ba17eedcd2213a46a5f1630e1526c42ec

SHA256
9d584e08607d9359be98d10191f742333351b5388f7ca783edaf290952244474

SHA512
d7d0f3495a8bd0f95fe27232facda68b4c94949f6da3eff73c687b273e58f192d701c016b26de95e2d61b2f96d7db292649e46715261bc63387a512b05d3699d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
3KB

MD5
6a9e53769c087219b2d11a10ba6b86f0

SHA1
d5757da0e3443d5e71399f6b392b8459c7a56acb

SHA256
bcaa8344c5c984dcc7b72ab116b3a59567000c9938a8b330650a9fc84de9b904

SHA512
fba6958943df7328740a3f9e206cf6509ae655191a4cb59af8fbc506e1a8be9edca1b607ca5d98381f8e0915d882a476c738276621a23eccf40bb2d6df50e0b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
322B

MD5
e5c4d43ec027299a3107a1deae0adbd8

SHA1
2f57f5123ed5a15607c1a733ef3a66c5a3b9e139

SHA256
9550ec61cb237dcb522c60b34f0affc50a44b9adf97edaaa7ece3f52af3f3476

SHA512
7a139caf3d46f2a661e244670d6d44fadb3402f2e4bb2c439767c1d6592b67b4f66f6ee9d5d4571087692eecc7b385d7bb5a220c2c5fd77443f0b26390a21aab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
536B

MD5
aaaa0f16e91290ca5e1d40d38a367f74

SHA1
e8b92be79cb9519eb91c5d62335a4a89ecfbb313

SHA256
6b44f6f4c4a37016e1547d4fd359663466b71cea4321eb370d58b62c9aab4346

SHA512
c86d42dc64ec2a8c72285bc6d36d60a60f361dcb0d3680426db7a7e863ae5d3a67d0c74bc2a0f2f78d29432043899e572cce4e69e4b050b019cfed19f7adfdb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
340B

MD5
bead1f5b9ba5bdebb8d711b08bffeffe

SHA1
0f7ebcf720e2981da2d4424421d7ad764d4feaa0

SHA256
54755e24c143a04c05a61ae9c18c63974cc18e9158bbaeba8c328134fca0cf1f

SHA512
45496417cc82d83a1c942f4ac09d2581041a23bb3d7f54676421f1de166f03f8def033aebb900e4aad337e2e9429fc14f8f3ad4aa42d9b91e1c9b5f4c941ea79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
a01b9b932113b944ba5bea860c7f57e8

SHA1
c1af4281740133e5b5964ec2081ae36609518643

SHA256
1f66621479ada9d4a50314ee7270530ff3051e8c28bfbd0713345d3ac25033fd

SHA512
0b5c42c94e453a7c7b78b01c09e08ec1f838474b4c07d9c76f1101db84a9056423b5380568f430a1acc064f3d8362517b2eaf8f89dd1b58dba54f8c888870d2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
882233baa7d678389b1d718008d6b1d2

SHA1
237d3a2d4b0e1f406790612e6ada96d2142f5e42

SHA256
b35b8cad5d0c0e44168bef8d1300fd86b44274c3a7a52f761b2905c6742598b9

SHA512
965c1da604a8ce7d61c38a0776496578bbcdadb43439b9bda0080388d634525f5d54ab7b59a5779cc825145e059913575218dec436ab7366c22c986ff577b322

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
b6755fa28c6f71e64b7aa575a632855e

SHA1
4e6eb6d1149913314800ba29538fd95cdb8ef11b

SHA256
28e477baa97ad5960f8407e755e8c56e03615e686689248b502e6729c567a948

SHA512
d6afc4f30ded139001e5821bbdde0ea75695682451fb0e30fab29349c5a884f2ae059692b4e679cbfd4094f799b6297b637887e4ad5cbef0a53a9019f3774de5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
22KB

MD5
1ac9e744574f723e217fb139ef1e86a9

SHA1
4194dce485bd10f2a030d2499da5c796dd12630f

SHA256
4564be03e04002c5f6eaeaea0aff16c5d0bbdad45359aef64f4c199cda8b195e

SHA512
b8515fb4b9470a7ce678331bbd59f44da47b627f87ea5a30d92ec1c6d583f1607539cd9318a5bccf0a0c6c2bd2637992e0519bd37acdf876f7a11ed184fb5109

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0a903013cc4216a9aeabb21bf4b63eea

SHA1
1c64459a0d464e66f292866aa326ca80e3eae81e

SHA256
8093de1abde79a60ab13bea0f0065586852a098de379cdbef1f588399b2ff6db

SHA512
41a60881d3a7a49063a4c8ae201add459b75d98e80c056690a1bc7da1abce7335a9e70239aa2741a4df119236a42acb5a28625263d2248cde420ef7e9657e758

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0b9943c49c5b9f6e235b186a99b8849a

SHA1
4c152c0b10b026554906c2085f4ece044a63fe66

SHA256
2cfe0d5c40523ee5f9e186b52ecb0336c99f0356c5f895febb6b7c478286257f

SHA512
0f8e21d83ff4e73f3a06dbb504d36144ef2b8764876e1908533016eaff52c82f6e8b12a6ece42aec80957a643021b201a83776f000fbcc966762a0fc2fb81453

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
5fb115cd60d2af8fa570eacb1b84cfaf

SHA1
32bf176e1bcefced6f0c7c312d8a76e59e4bddda

SHA256
46d11c9d4b9c4141d573dc228d33ab7f3bbdfc167f0497e6d0245f0245ff0512

SHA512
c1c936ca4ad75efb374af3efad92d5e156846c34cdbec9a1cd274f0d99fff482329740883bbf3092d2ce35aaae0a97cf5ccad5b022486df8c8329d8f54f2c813

Download Submit
C:\Users\Admin\Downloads\RDR2_FamilyMenu_1_2_4.zip

Filesize
8.5MB

MD5
81af557456b1d1b00f2f3b494268a315

SHA1
aa4bf88343414874bda82844c6764e3ecc2d4dfd

SHA256
1487ed9563c970cee7cc7ff888468af850b5cb566b4ce0f3697504207fba237a

SHA512
e1841776bc715694ede9405a0d795ccf8aa7ac3e14b35ac556caa9df8ccb291cd08e57e8276d605e492103d414d63539fe8a177f7b0ae37f0d972cbb9cca475f

Download Submit