34551cd7f251ac53e3f76e67732ddbc857088005cfaa9fee8a7bc0a9b9d41814

Analysis

max time kernel
892s
max time network
788s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
23/07/2024, 16:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Forza-Mods-AIO
Size

165KB
MD5

a612da9b3b295269e5b1ef53190e8371
SHA1

5149111019fa2edac4c0e698a276d945b55b4426
SHA256

34551cd7f251ac53e3f76e67732ddbc857088005cfaa9fee8a7bc0a9b9d41814
SHA512

0b94b039d43ebd180c28a90e9fe2213d756e68a2be00d5f9762f9f1350d71e968e20b8a14f721752290f5c926db9265eda31f12956566a2e8e1c61e699cd9dff
SSDEEP

3072:QK3Lya4KM82VinYucbok8ValLPfkghqSaCAJcKEWV+vut/1Nt0MM0ehjjjQ4lO3t:i/o1ZREc4kuX96h1LBJz086v642E97vk

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation	Forza-Mods-AIO.exe
Key value queried	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation	Forza-Mods-AIO.exe
Key value queried	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation	Forza-Mods-AIO.exe

Executes dropped EXE 3 IoCs

pid	Process
1824	Forza-Mods-AIO.exe
2340	Forza-Mods-AIO.exe
4560	Forza-Mods-AIO.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
117	camo.githubusercontent.com
129	camo.githubusercontent.com
130	camo.githubusercontent.com

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Crashpad\metadata	setup.exe
File opened for modification	C:\Program Files\Crashpad\settings.dat	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133662281467229266"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings	taskmgr.exe
Key created	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1284	chrome.exe
1284	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1824	Forza-Mods-AIO.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3988	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe
4128	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe
Token: SeShutdownPrivilege	1284	chrome.exe
Token: SeCreatePagefilePrivilege	1284	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
1284	chrome.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe
3988	taskmgr.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1824	Forza-Mods-AIO.exe
1824	Forza-Mods-AIO.exe
2340	Forza-Mods-AIO.exe
2340	Forza-Mods-AIO.exe
4560	Forza-Mods-AIO.exe
4560	Forza-Mods-AIO.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1284 wrote to memory of 416	1284	chrome.exe	112
PID 1284 wrote to memory of 416	1284	chrome.exe	112
PID 1284 wrote to memory of 2368	1284	chrome.exe	113
PID 1284 wrote to memory of 2368	1284	chrome.exe	113
PID 1284 wrote to memory of 2368	1284	chrome.exe	113
PID 1284 wrote to memory of 2368	1284	chrome.exe	113
PID 1284 wrote to memory of 2368	1284	chrome.exe	113
PID 1284 wrote to memory of 2368	1284	chrome.exe	113
PID 1284 wrote to memory of 2368	1284	chrome.exe	113
PID 1284 wrote to memory of 2368	1284	chrome.exe	113
PID 1284 wrote to memory of 2368	1284	chrome.exe	113
PID 1284 wrote to memory of 2368	1284	chrome.exe	113
PID 1284 wrote to memory of 2368	1284	chrome.exe	113
PID 1284 wrote to memory of 2368	1284	chrome.exe	113
PID 1284 wrote to memory of 2368	1284	chrome.exe	113
PID 1284 wrote to memory of 2368	1284	chrome.exe	113
PID 1284 wrote to memory of 2368	1284	chrome.exe	113
PID 1284 wrote to memory of 2368	1284	chrome.exe	113
PID 1284 wrote to memory of 2368	1284	chrome.exe	113
PID 1284 wrote to memory of 2368	1284	chrome.exe	113
PID 1284 wrote to memory of 2368	1284	chrome.exe	113
PID 1284 wrote to memory of 2368	1284	chrome.exe	113
PID 1284 wrote to memory of 2368	1284	chrome.exe	113
PID 1284 wrote to memory of 2368	1284	chrome.exe	113
PID 1284 wrote to memory of 2368	1284	chrome.exe	113
PID 1284 wrote to memory of 2368	1284	chrome.exe	113
PID 1284 wrote to memory of 2368	1284	chrome.exe	113
PID 1284 wrote to memory of 2368	1284	chrome.exe	113
PID 1284 wrote to memory of 2368	1284	chrome.exe	113
PID 1284 wrote to memory of 2368	1284	chrome.exe	113
PID 1284 wrote to memory of 2368	1284	chrome.exe	113
PID 1284 wrote to memory of 2368	1284	chrome.exe	113
PID 1284 wrote to memory of 2640	1284	chrome.exe	114
PID 1284 wrote to memory of 2640	1284	chrome.exe	114
PID 1284 wrote to memory of 4544	1284	chrome.exe	115
PID 1284 wrote to memory of 4544	1284	chrome.exe	115
PID 1284 wrote to memory of 4544	1284	chrome.exe	115
PID 1284 wrote to memory of 4544	1284	chrome.exe	115
PID 1284 wrote to memory of 4544	1284	chrome.exe	115
PID 1284 wrote to memory of 4544	1284	chrome.exe	115
PID 1284 wrote to memory of 4544	1284	chrome.exe	115
PID 1284 wrote to memory of 4544	1284	chrome.exe	115
PID 1284 wrote to memory of 4544	1284	chrome.exe	115
PID 1284 wrote to memory of 4544	1284	chrome.exe	115
PID 1284 wrote to memory of 4544	1284	chrome.exe	115
PID 1284 wrote to memory of 4544	1284	chrome.exe	115
PID 1284 wrote to memory of 4544	1284	chrome.exe	115
PID 1284 wrote to memory of 4544	1284	chrome.exe	115
PID 1284 wrote to memory of 4544	1284	chrome.exe	115
PID 1284 wrote to memory of 4544	1284	chrome.exe	115
PID 1284 wrote to memory of 4544	1284	chrome.exe	115
PID 1284 wrote to memory of 4544	1284	chrome.exe	115
PID 1284 wrote to memory of 4544	1284	chrome.exe	115
PID 1284 wrote to memory of 4544	1284	chrome.exe	115
PID 1284 wrote to memory of 4544	1284	chrome.exe	115
PID 1284 wrote to memory of 4544	1284	chrome.exe	115
PID 1284 wrote to memory of 4544	1284	chrome.exe	115
PID 1284 wrote to memory of 4544	1284	chrome.exe	115
PID 1284 wrote to memory of 4544	1284	chrome.exe	115
PID 1284 wrote to memory of 4544	1284	chrome.exe	115
PID 1284 wrote to memory of 4544	1284	chrome.exe	115
PID 1284 wrote to memory of 4544	1284	chrome.exe	115
PID 1284 wrote to memory of 4544	1284	chrome.exe	115
PID 1284 wrote to memory of 4544	1284	chrome.exe	115

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Forza-Mods-AIO
1⤵
PID:5000

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffe9088cc40,0x7ffe9088cc4c,0x7ffe9088cc58
  2⤵
  PID:416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1908,i,11421133387808222521,153607187635517033,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1892 /prefetch:2
  2⤵
  PID:2368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2176,i,11421133387808222521,153607187635517033,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  PID:2640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2272,i,11421133387808222521,153607187635517033,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2500 /prefetch:8
  2⤵
  PID:4544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3172,i,11421133387808222521,153607187635517033,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:2304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3428,i,11421133387808222521,153607187635517033,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:4024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4532,i,11421133387808222521,153607187635517033,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4564 /prefetch:1
  2⤵
  PID:3468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4872,i,11421133387808222521,153607187635517033,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4884 /prefetch:8
  2⤵
  PID:2584
- C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Program Files directory
  PID:1972
- - C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x284,0x288,0x28c,0x260,0x290,0x7ff6ba864698,0x7ff6ba8646a4,0x7ff6ba8646b0
    3⤵
    - Drops file in Program Files directory
    PID:4076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4412,i,11421133387808222521,153607187635517033,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4692 /prefetch:8
  2⤵
  PID:1196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5284,i,11421133387808222521,153607187635517033,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:1868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4972,i,11421133387808222521,153607187635517033,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:4452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5684,i,11421133387808222521,153607187635517033,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:2648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5716,i,11421133387808222521,153607187635517033,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:3676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5312,i,11421133387808222521,153607187635517033,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4928 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:1552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=2208,i,11421133387808222521,153607187635517033,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:1096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=1524,i,11421133387808222521,153607187635517033,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:2236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5412,i,11421133387808222521,153607187635517033,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5372 /prefetch:8
  2⤵
  PID:1404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6032,i,11421133387808222521,153607187635517033,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3420 /prefetch:8
  2⤵
  PID:3984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2832,i,11421133387808222521,153607187635517033,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5984 /prefetch:8
  2⤵
  PID:4588

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:3024

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4344

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:620

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4956

C:\Users\Admin\Downloads\Forza-Mods-AIO.exe
"C:\Users\Admin\Downloads\Forza-Mods-AIO.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1824
- C:\Windows\explorer.exe
  "explorer.exe" "https://github.com/forzamods/forza-mods-aio"
  2⤵
  PID:740

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3988

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/forzamods/forza-mods-aio
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  PID:4128
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe972a46f8,0x7ffe972a4708,0x7ffe972a4718
    3⤵
    PID:3652
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,7896995223363074610,13465723411570301751,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
    3⤵
    PID:1784
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,7896995223363074610,13465723411570301751,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
    3⤵
    PID:1640
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,7896995223363074610,13465723411570301751,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8
    3⤵
    PID:3544
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,7896995223363074610,13465723411570301751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
    3⤵
    PID:3624
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,7896995223363074610,13465723411570301751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
    3⤵
    PID:3172
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,7896995223363074610,13465723411570301751,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 /prefetch:8
    3⤵
    PID:4824
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,7896995223363074610,13465723411570301751,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 /prefetch:8
    3⤵
    PID:4836
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,7896995223363074610,13465723411570301751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
    3⤵
    PID:2004
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,7896995223363074610,13465723411570301751,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
    3⤵
    PID:2176
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,7896995223363074610,13465723411570301751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
    3⤵
    PID:3564
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,7896995223363074610,13465723411570301751,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:1
    3⤵
    PID:2140

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5116

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2968

C:\Users\Admin\Downloads\Forza-Mods-AIO.exe
"C:\Users\Admin\Downloads\Forza-Mods-AIO.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2340

C:\Users\Admin\Downloads\Forza-Mods-AIO.exe
"C:\Users\Admin\Downloads\Forza-Mods-AIO.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4560

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
PID:3916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
793ceb49298c932f82a051ca1f9db1de

SHA1
1e6bb958e17368a06987856a54d0cf44f52a7b84

SHA256
8257ac63d830d272fe552bcc45c5cd7e36abfa6e8320f249e9f34d00f1e217cc

SHA512
61fd2f9e8756d7eb205f5f8f495198b85b0aab9bbcebf0c9fdabaf333c7817925661bd04835eb24bc2522f63a8894d9bb0a711ca1519db39cca27a62f1df8c0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
4ff9f753c4325325d65af949ac0e5341

SHA1
6f961a64811f53adb6df3ca916e02fba9dff72f3

SHA256
2bd7473f53506df75745b8b31a986450f2b92a4b030907103540d02e19ee905d

SHA512
71f27b3fec4fb263e4913f055035516c5c9c0b5d6e014be8660902005d55d134aaa6423238011e943c2a33bb54d262b0f17499a7ff59979f54c2f6883ced21d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
0db9559be1ee6212840810112de278dd

SHA1
5995b9cef42cdc53d0d50bedd777b9c5f01372cd

SHA256
727c898a4b4846cbf98766f50e4b326328979f924422399dfa84988ae4ccbdc5

SHA512
f7fffafd585559ef9abee1db13b52ccabd3f8575999a0024bf78153a64dff707850302099726b240725ad79ba9a879cf9d9fe4ec13d0d84d0693b4137dbfc3e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
0b98eaa86066da4568540bd63c64f259

SHA1
451f3b8b0d78c9bbaee0806caa64d8046ad3b940

SHA256
d6f4f73831cbf469d03013418a2e2c737762ff822f1654a7120727338e9c28e0

SHA512
854e1499e2871c10b0755d66d66fa15603a3b8af3a6cc1b1e3f10f4e8794f9f1a7646da29ef71093b35a12190db84eaaf431d1120c212df01763e77e618db33d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
a9d4770a7ce95ec454ead6a51c1b6d7f

SHA1
1a20b27bcb73c0d70ad6e9579e280acc46d93ff5

SHA256
beae4e7cfeb7227a85bf7549224787188af03f937c7e79d4fe4603f4bdf62932

SHA512
9c5addecf2967c68dc19716b0859b03eb2df6c7a8339630892647ee2f487932982156c8bc2d28c12c23946c437d6cfb4ab9b4150921fe741f46f63d23bf852b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
cb50c4f06a799ed6cf671965b170355f

SHA1
ed348d616b34c2cc208a3be86d8667b9fd0b9447

SHA256
639602a1f5f41e04b3073255f5a9512abff66ed4f0148bea5136b4dbbc3b3621

SHA512
b067d848899bd1e798e190f94efbf094cdab1e97411a5bcdcc1b5cdc91ea720d271e8170c38af9bd610e72d6f34fd3701b4a51f422d8e171053e74581e64a34f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
dff5c29bb885e49668794fe55ecdec01

SHA1
e600dd68c296c745bfec77a82ff39e8027f3be0a

SHA256
9918d2253e0f16197483a01d4a032610fb4b58a64cd02efbbb8581b46b98b4c9

SHA512
e37c45fe8db5c6f604aecab304bc5ea54f0ab42f8014ef863d60aca596566ff610281b3b8e7e7f8ade99e77c84f06b8d3d9b4b88dd947e1d2d81c4dbcc0b7735

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
422fb08469306d292bbd9090daf0143c

SHA1
dc7dbc38c46b5a3913d7f893cc198946fffff215

SHA256
9c0442cc016540feb707856186d96990490d456fdce8f4d9c7fab967be358670

SHA512
f61e83ed377edbff5d69eb70fefe3378db47919647dcad1e1206278cc066eff4a5689cd2b33403d7e29a40592d3ae0590d8c5d649fc406f8ae4bcab4ecf590fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
22ce6a1f5ff7104ef83440799dbec1cb

SHA1
c0cbc78bff07637f71c37dde448f6e59e15de61a

SHA256
be558198e201439f6ba644129d0fd631835a2ac887b4324735ff6c7c7b902686

SHA512
b038675d4c73a0554492c456b025d675001e85f1077a33e0fe224fa349ac92878c7771ba2fc3800b61d2cebab8026c3cb1cddf416deea532dda692a6007db41d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
1996eefb96a18740d01c118dbe2eb354

SHA1
3cdb668a1ce24fb6dfba9747b61322e4cf539448

SHA256
0d461af44c33f064b640bd9af4442de821a62e794be8e3f6f4de05ddd4ddcf50

SHA512
60d79745ed905dde65e4da94db17fd64644f1cafd3dbec024e3666341a6d497b09713e82404d87b4fba3f745841176dc2bd973c35c810cfc687ab7e3bfd27cdf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3432724d2edfb757fff91fda9fff518e

SHA1
e02a71deb86c641767b358d756dced7972c4670d

SHA256
b9e770d9a6777bbfc5e0370a102a052be84139b0548d672e66690a5f582bf939

SHA512
77bf7fce7d48332b63e5b5a4593527e781fee6becc3320dcc8dc26a3c716e9a0b394abba474d9a9bad21c81330cde62c003acdf5e0db19ffc88e1bb7b82d4a7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b80130c35482f33a7c3db5941753fd6f

SHA1
2b0226e335af1456563e6f00d279bc42073fd95d

SHA256
32b8dcb8a9f12d44a5f89c4791ee7c876ebb8c90b0c5549da112962f7f53696a

SHA512
900f7dfd2aeb8a61a8da0f8e409beba9bf80f28e860e0f09b1c1d06561e01b08e3c68aeff24d9774a03e0482e1cf1aec7965394b1b62e7178a7de9d9e841afcf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2de343b8358c4f06a98a392679573967

SHA1
c5c2c3081f79683b5c34ac68aa2ecaac32b7c1d8

SHA256
94b96af89d3c70630921f1228cc22335b5cc59a287f784fbc681d5022c255ed1

SHA512
98cc60a7abaf21df200a3251eb87a8e35370f63cf6d5bef017b79f27a6813590dea8f24f2a8638e756d98e59b7ef99ba5e759a645ffe3ee51e5e2913d8d68621

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ac9a81d310707edcd76d3a14127f5344

SHA1
b12b9bf6d8a200acaf7c22b0eda9363376ebc876

SHA256
82d2e4fab2a417d9e5aa93be2d4def84bf86c92c2ab9a05fa80c7e9d85ccacbe

SHA512
180b735815f9533e0ab30aa41be345cef78f678a1dd811937f9612c7c5f244bb0580a648c186e4817303718affd42b58eca977a9633bc8b52303b00b2228968e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
832513930415f1722a5bc938451838a9

SHA1
23141beb12b0feb782eb3163c239293066ea0180

SHA256
edc5240781c455dc83daddb15304b971f83bdaf9cfe341ffba91c38d476bf986

SHA512
9be5b918b0677a3198a53e1f2e3fcc86ad09de88551f03712f3a27dd11c6559803b1d3343115f5a0f23aeedcfd78d02b8e85cbd12fa67d063b51c354df892c72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
dd46f84e45eb6f28b3e8cfa4d8655486

SHA1
7612f13c24d197b6facd94d0f1440c23146127e2

SHA256
0b713d0fad88a7929a4c19f2d49d606e979f336d006c44f46fb4102a2a001d1e

SHA512
a5c171000bb6232172859ad7e834434896ce9a13d3885860e07680200dc89cec4cdf91e900ace05e3b19669d0c3c6c261946f98b92a8c8188801a24262f27989

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1b880579a766f78212317e2192032bb2

SHA1
1cc553a27935daaf655758fd0ad7b6d60d3b2148

SHA256
d8263e39dc6e2886c496d049352b978890e2478d1d5cca3b03ced55d3b026ed4

SHA512
0c77ed466a9f4274361eb3339cfccad19b8d52f3fb7d1afa43a55c63c33b68b9d8957346dfccb8126dea5d3659b00817e52a78167d87acd8d6579c53d64974d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e8efecd9911d375893bc71284c821b68

SHA1
4c9b4f71ab3d00d01683e23d15136d5cfc279496

SHA256
dffd1b15511364a123a8fbc842142115392c4717ee59f6b5ff063d4506809ac6

SHA512
4c54e74de4028078878ba4e42da250af21f27211dd8fc14f635e133dd6d449e2fab13f14518d7c1edd52b173501422bfd11d00e3f6be431be320f58f40a158fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
69911d129f7bf5c482374553c95c3ad7

SHA1
77548cd17ad9f443fbc5a5acfd2dd7d6c6e2f218

SHA256
83cd9408eef51de08021517089e582a95eef100757cf816df571d8dfd9ef6e82

SHA512
57974c9cffde6051b5b31bd528e012bfd5541354fa82bb98fd5f16953eb36c3a50619a5ee9485b35e198b550c18c33933d4f65d4fc014a4b37b5870ac85593bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4c8c6097a5915b3fb42eb5d8e33bd861

SHA1
618d62eb77645a456245d2a6b636a7c0aaf8b01b

SHA256
ad9ca3d6d07e8ae0a01863eea13f552c1acb278cc7bdc6be84738a94c220e8a0

SHA512
d4f39abd137150be1defd8ade11322faaebbc4da41f0a4654108f6f9d5585135d6a4d39e42c6610b77d32516c15f8ae6e8887c242436b9ae18fa2b08fb24a765

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
831add2566581586547932a1b3786f66

SHA1
555ac50e0480ecf0cfbc4a04530f2d0ac1a39dcc

SHA256
5df9699a24d934e96d38cccfd938235a242a7a3d6b1be83e3e6569e411fb4762

SHA512
08be911dcf7d1e6564fe37bb0b4fa1183621d1748d3407438a2e1ba871881234c904c949257b8773b9caf47f1e63766a7495c0c3fee3ade969528c7582b09a8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
8a8cd79dfc5df61e083d90f5a841d4a3

SHA1
98e1da80f519ddfe101ee538fd7f45b7152c20bf

SHA256
8b5b46ed9f9032642fe7d0398991a82d29a3cbc7c3cfecfca9d927d13aebafc8

SHA512
86775456eebefc5636af9918f2271d1e34088ce98b64e52f9914fe7c21e51124819d6d16c5b18cd567e0c8339dfaf8e1d4202d8bcb490f754345473cc5574c5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
73cddc14fbae9b39d50586f2ad8d0249

SHA1
825a412a701ab23c6a96a6c48760a74678efeaab

SHA256
92265aad96fa41d83f0a00816904d1fc1899f1f5ace64213391832ffc370dc6c

SHA512
c77e0087c9bed1798b23076a84f8a9e4717bd99cf1634640979441d1ca313d84d9021bfa30198c85c14fd54243303c3c1bb38b4fd8fe6c84404cc2f860c717fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
83a9ec8cdfae529a4e1b2fba7a4da637

SHA1
25dceed3f7bd1c43b7ada1577e5f54b2b53d7442

SHA256
5f61b0695ca85254dc4ce6a4a1d4693ab42555bdf0eb1a9b77c05be05e848848

SHA512
e9379014d862d60986767c50c095bbb004e02e29fea45d9879909b89ce2ee6b68a0cf1ece434a550c2ab759949e084969a750f035b807149dd9a012b96025fcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5ed19e8bfd515b9c642248c12e96a556

SHA1
1d31875be8f5b5eedfff6eee692dc67e742f0d9a

SHA256
c1cb9292e217bf3b96e3f77714a1dc840a56c3c4fd9c255cd54a928bd9334680

SHA512
d6cf08e095cb7d414ff5eb1dc441209018d359c71909e0b6747e328167c6a11ed86d96f08ac49b8f0053c00f76d36950200a0ed9f9d9faf24f4842d61cc80a34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
dde8a4bd97c023c5e1b6c160ac75d7d9

SHA1
7cab9205c843cd7640091a035248bd3498f94791

SHA256
1515d81d0c8fffdf5af607d0aa8eb2a0d63b793373a8f3dd5b32eda3ced77c3b

SHA512
88d3dab9c85156bc80727fa3339677cc3301762199adbf3bee49411ab980e3cbd2d7eb8185accb3a405322eaeb68ebd11dd958f1730e0ec98d46629e254f09f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
673f651d59f48f9d8d2cc8fe77cfc488

SHA1
1ebd97c6d48792af827e5be41bacc4f145c15b33

SHA256
622040dc9f71f72b750df3e8bc38bd64821b3066b6e229f9edc8b98bb39b9eb1

SHA512
c55d6f6de2fcb54a9cdb56e1d6fd102dbe55285e36dde186843fabe694fd3d2643c030467836ad116721a1565f8e6760371ffe9a71ca6b8df494dca4dc66783c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
2fd4dd7f14f5f034fa1dd4bd47bbc3b6

SHA1
d68acd508994d3d15ce4be51604b9c25c967c2b2

SHA256
118d3e906cc2886685a2c31ce787c5d6823be118730374a878453cde1514cca5

SHA512
64eb06f9b2321d78660fb9621c4988acf59ec75d217b876caa68a78e5d5d67f06fe44a57ba180428ac9fe6e3c2a24ec73201d7068ea442510a14b0279fc6d4b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
76B

MD5
a7a2f6dbe4e14a9267f786d0d5e06097

SHA1
5513aebb0bda58551acacbfc338d903316851a7b

SHA256
dd9045ea2f3beaf0282320db70fdf395854071bf212ad747e8765837ec390cbc

SHA512
aa5d81e7ee3a646afec55aee5435dc84fe06d84d3e7e1c45c934f258292c0c4dc2f2853a13d2f2b37a98fe2f1dcc7639eacf51b09e7dcccb2e29c2cbd3ba1835

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt~RFe60a0a9.TMP

Filesize
140B

MD5
83f989d0258f963a28c0b24d3d7ff4b7

SHA1
087dfe956b53e5c265cfa38fbf7b1647890895db

SHA256
ee45c2f21edf976f93136ced5623d0a48fcda63bb3e04c7bc9e0bae8d6b4d414

SHA512
a5d95b52378233f2719922d5bbefca56be5040e36d49cae685df0bd19cc89d2a7bb21cbfcb87889a62a5a84184d6398dc24277b238cb4a69feb4f29dbbf1287b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
185KB

MD5
ed7c22da92c744363dede7f1bf9e16bc

SHA1
f60c8ec2874edcca6c1c19e0c34c9a5ccb690d86

SHA256
6759c988ea5d169435cc53d10218a25d8a11218343e277ca6c42e89fb0f14554

SHA512
64865749a17eba4203c4a3d90876a579d09d377563d9d95df6806a8e4531fac872f4687a7fa1209e6b310abbbae1c58e01eb91cb1cdfb5a4d13cb2f7f5b79c60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
185KB

MD5
acd058ca6dc1158a674254287703ce75

SHA1
5eda67cad00dbf1b89097567569eb24f6cfe0752

SHA256
aa7fc12d0b14911f17acb91081c03045e87a8e842d16c217296877d2f70d2dee

SHA512
39c24f6a5eb90a642490b7d12158c97cd293c83ef70b208225a98ca042b1f0cd8f36e7039148762b5732601f2de04bd205d107b7f60f7691733cd05af2e376af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
185KB

MD5
ece45151b57f8ae52ed256c618cbff54

SHA1
ab90aabf7bd78dd71d1df2a1b6f7780b0924387e

SHA256
69fb171867401f02e38a0a455fed9bf30d4759ee0e46a62ff2e3dbe796758102

SHA512
0fdf6d980f4ebd9727af7cf02ed5acd19d17ad77b13f34345d716dd1b9c32eeabf5729eb77df2182a4957111d33e2ef103185f05be30033771882db854e45e90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
185KB

MD5
b8ffe14dbd75823482006bb082264bd4

SHA1
bd0c35dfcd7bc477b2aec9fc4e06c8066d4ff7ed

SHA256
6ccd68f74436b0f226586266931ad2197c657e7934e9bc579e7c29e8bd7dc587

SHA512
d0a6b2d2ecb4f9d097a2ac6540be12d51a37ac8ea078410f728636cf91ee386c82eb49a36d170361c8bbc77a0afdda807e2fb567defc950a0e315b7ccf5788d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9622e603d436ca747f3a4407a6ca952e

SHA1
297d9aed5337a8a7290ea436b61458c372b1d497

SHA256
ace0e47e358fba0831b508cd23949a503ae0e6a5c857859e720d1b6479ff2261

SHA512
f774c5c44f0fcdfb45847626f6808076dccabfbcb8a37d00329ec792e2901dc59636ef15c95d84d0080272571542d43b473ce11c2209ac251bee13bd611b200a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
04b60a51907d399f3685e03094b603cb

SHA1
228d18888782f4e66ca207c1a073560e0a4cc6e7

SHA256
87a9d9f1bd99313295b2ce703580b9d37c3a68b9b33026fdda4c2530f562e6a3

SHA512
2a8e3da94eaf0a6c4a2f29da6fec2796ba6a13cad6425bb650349a60eb3204643fc2fd1ab425f0251610cb9cce65e7dba459388b4e00c12ba3434a1798855c91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
21KB

MD5
1d360b4556cb737bc22f87dc83cdec12

SHA1
2401ae1c316e52652ec9a309d5db2e0801ec4bd1

SHA256
5bc8f420585a110767d782fc3bc079c38cbbde4cae27e7c9ee0f4316e2c75805

SHA512
305d885a19fd8fbfbd7b9c13de9461dc07392ecf1a351388c60bdbf51862ed3d7ab995b578f884de4702388d332a5a8b6b8204cf4519ffbf303642b401dd3562

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
37KB

MD5
f9a90d58144602c12373f3a51ae11c3e

SHA1
50930fadc719a0cf689f480f053fe55eaab64817

SHA256
477adbd55274ba5f7057f114fd4c4908fe46d7f486c7cd6dfe452a80ff0b7c82

SHA512
0f06561a943bdafdc0f6355ce4a5dd2a3daa348d621ac8c0d95632d5bf0458b4068803af0f3e9819496ed750299a63e6eea88c53bd2816c757a0e4c721d7e4f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
37KB

MD5
f379276efec34127fed6f06101a024d3

SHA1
279e8e9dc86c622343e5bba17043d893c9224086

SHA256
1f92cc266344c34ab3ba73fd7107c0b7d53de896e47f3683c9e7ea4b1e74b8cf

SHA512
a87e994179341eedf39393fd4b7a57e8ac341f43bcd846c3bc16da9632921c08566be9ccb1b3afc0a1b9a9152c6a1339bff584401aaeb7f1cff7a36af66db5a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
25KB

MD5
6f0d8c2d86b40b21934ff819a3961667

SHA1
2e411280d2191d0f9732fe01ebc522aa87363b34

SHA256
8ef59cad09decea1d3b42a9ddd4a9b25a6c7d7bdac03d0621b4bef1448276c88

SHA512
b9406b8e4f3ca0fb1a45d3ce677d12a84c83c9c1039be109b0002c4a42435d68107cacaec2e07474b7e9d48e6e00df1734e33d1b18d6aac7a604ea6500e01024

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
20KB

MD5
0f3de113dc536643a187f641efae47f4

SHA1
729e48891d13fb7581697f5fee8175f60519615e

SHA256
9bef33945e76bc0012cdbd9941eab34f9472aca8e0ddbbaea52658423dc579f8

SHA512
8332bf7bd97ec1ebfc8e7fcf75132ca3f6dfd820863f2559ab22ac867aa882921f2b208ab76a6deb2e6fa2907bb0244851023af6c9960a77d3ad4101b314797f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
17KB

MD5
d7580dce32412dc9d53e8911beeac7e4

SHA1
fb93b2d7546f30ded645e40c4ad2ae962bced731

SHA256
136b2c40697b50198694dcf1ccae005f9a5dcd15b3d67bb48745df477a49df06

SHA512
2440ddd41e5d17fae4ff5e261d2d4694937f27d94292f1424c398585471f71cd20131f2babdf3332176ca2aa191bde920aeadb15705843fed3d4183fbfbe6e43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
57KB

MD5
10d1c712d94bd7fdb1154fc4c054b44e

SHA1
006b7e10b53fa7cdc880ae3553d1355bbfb741d4

SHA256
683e71764670c897caf75aecd1376f9bffc7755b80eed3ac825a5fc663f63e6b

SHA512
8d33b454df88c8a17d71f9886baf178e3c5225b399813456fa43885fe42851e61fbf4984ec86190a085b7f2822252599052e134265bea36c1a4eb7c706266e75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
19KB

MD5
681b3fc333cae54ab17c3dc34a8cf707

SHA1
071db9942e4b9906a67f1af7541bb039e6816cc0

SHA256
e6b305df0502b1cbc3d021ee9458ae110695004559ddb1604c86ddb5fc8dd8b3

SHA512
0d4609fc0bd421d8ca30847ce83e2b594169226b13e6aac75ab0b31e0268139ffe406eb277c5511f09cb7809d5d848393ada19d57a319c15ed295b7f033fcde9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
53KB

MD5
8fcb818bc23425964d10ac53464bf075

SHA1
396f40d25a7d38eed9730d97177cd0362f5af5d7

SHA256
8b56333cda4211c50ada778d598348b8a846d557ed9117d8b265e004db31e9f7

SHA512
6ec7588257bd1261f9b2876c3aa57fba2b6bdc33a2a68830c8d8d539f449c552cf6923a5e8afb5e665d12cad253a10d68ad665d9eb74ff8250c6daf2f61e6da8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
132KB

MD5
01088b35a7144b96e1c65db9ecf5aeab

SHA1
3d5b4a4fafdc3867adca4a4a640d6296bba06f82

SHA256
66616d0b8be2030b1f40d1da2a80bdf930172335226111b7965a4480bb584f1f

SHA512
bf639e6539792c3ebab0ddb646b795a1cb14e4359fe97726db69ba2e082debdb920c15d5eb96a552613ead61ee4320de0331c02aaba3f14dd83956cc7affba89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
23KB

MD5
96b53c43d6ccc50133654af9e12f3ecc

SHA1
d269378ae11ad0ef1d75a9e264b5da9af0d0df2e

SHA256
40c01f26b194892245a48289362892da66a459c588781dbfc5a269d4e1cfcb4a

SHA512
d15ba1434f1cf354e2b2c1527be86fa3b412f9921a5281eaac78fbee55fc4dce907e6757b2e927def1ad3d3ae6a72ecccf8903d8c9b4512ccb6d051528637603

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
22KB

MD5
791c86797f5a278e60ce33613249647a

SHA1
eca40c80ab2aa1bd8e8fdd23bb577f3b1190cd1b

SHA256
642bc7874c3dc1f2c16ba489a5ff3f67b9b02e6a938f50e53388aa80c8b9f865

SHA512
dc50442eb685a7a94d98b0693f2d7390680f6a5a4193f65d546d495076fe21636264163f28d37a6d9bd43cab348a32f7449c6e38cc63efe18f300eb1516f2f14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
a74099e2fbe797c68005d726cf8f1844

SHA1
08075cd52e36c13dbfed413252bbf10aa8385197

SHA256
01bd219e3aa570da94c30aaf2235e5e6983d6b5a8b4035e2f93a4fdf83578da2

SHA512
ff37746f8da66a3208c643b2e6cd2b62d66e06ce977d47d28201f8692f1b2a91da64cad07632db6b9aecf826c56385e1c24dcbd36be9e417e628047338f6363a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
496B

MD5
30322550d9f9c54f345ea1c71f3b2e8f

SHA1
b5a3cff2995147279c2bbed7c03b2280ecb286e5

SHA256
4e7798d8476361378f8fbfb0442db63c7f6bf7e1830d50808bfdb8a58700d8f9

SHA512
261d1f5bc9c8a369f815eb846c252f54681f70862153bd49959411450870207b3ee240cc9016533c27401922527d561cc1ea7bb23708e4a257f071d010cf55ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fb83233e39aa4144e973fe5ff6bf9e2c

SHA1
e4ceded9aa6dd56b66bd9651e845093571d77e90

SHA256
1b2ff1ed512a8eed498cfc35556d49fc63a5ecc497ca48c91a4bd8ff4d1bf9ad

SHA512
35e0b43cc326f69c164b247984aaa6b0cdfea4c6662624713a71ced93466d42e69edd74618dc505c4a8cb6a05fc803270a97448f8ead8f8a4d80e9361c77af9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4ad4bc6e7112ea823cb5db35f0a075b8

SHA1
b19759625227d09dfaf95f4436110eb026059824

SHA256
9d40c7c8db5fd13c7353e7591475902511df63d8d35e412b2bc8a0be540483a5

SHA512
b2ec20ecccf84867964e6b25e4c56010632bd0bd44b03bfebd208051596beae0d7d54941492831c2ac238804f82ba9c92b37dc18f679b69ef6920576f3456d50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3fba3fe15ec6dba1c43a0ca79c832d19

SHA1
d8b48c722632e3c4a14930a8a1388eec8e0ef2b4

SHA256
19c558606d3fb678c75862f1d152d6e23c5013bc79a552160490dc472fa3d86c

SHA512
38cd79d8edce892c87b938c9fbbd08f2602fff37c6ffc6db914939c087126703432408b59cbcc7c9805496782d2e45f991fee2282a62cc34a41199d63453b647

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
b4cce2c62180cb0161443a755dcf3ca3

SHA1
cd53d1a9f28d8bd0a8c9a0748c0f1d3a3878524e

SHA256
23dd22c9ab22c8bec0ddf0ce59dea73ca6336285f837f48b844eb72c4152fc3e

SHA512
4ce1d42505ff6876b8b1c9118742438e5754f485d1942b2ff4126ebdc3ab47bf21d43dd622087d9fe6fda1718f60e338cb36218b87c716583616866e454c8bea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
3a2cb074f06d97ede43dbcf26052cdff

SHA1
1181db0ea90a792b48383e99e28f90b85b93dea7

SHA256
91c9dbfd368bbf3fc0a5d62134fbf63b62dc5c727ab569a712e03d4985f61568

SHA512
a2105e2c194fe84ed622fdf824984f9369f102d2650541478eb8d91f073d36d8a781bc00148eb74319e40c7b6e5943eebf6bb2af69ef2f372f0fdfc446be2042

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe63a137.TMP

Filesize
874B

MD5
07b236a45c1101e97ce63ac4f3a8e19d

SHA1
d1aba0def28fd0c2929866910a84c948c84626aa

SHA256
e42e92184a54724c23938d4ecae2d467f21a97e78721ee2c44906f5fc9fb9db2

SHA512
04542d6097739250c1801a6e4cdf0302f90e0a1608cbc23c1887c5dbfbc47a1e7cea1ce47c678d91c57e0cb65405a4a441ca13c0ce9fa12101ea4538e84d89cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
63adf256e931b50cdfb13bccc6138f71

SHA1
427a034fb483d9b4e30b8001df872b9e79212ef9

SHA256
210cb6ed8609f8d25a70e7286fa45cc503c91fd354a017f42d12475beee079e1

SHA512
ddab4263165f58192a97b231f051a803a4d44e9266c3359b6f74cec3b1342bf8ffa16ebc26f8fcf4065abe589030dd6547f32dc962a4cf91aac53cbb6706b2f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2fd5693c5ebb1c203d9e29b842df70ff

SHA1
dde5cc09c843a72dc8130ec797535f61fb8dcd01

SHA256
bea62c9ff8914d1348c2a4d96f3f803c70d3938dd885f5a6b78f9d4476f1eac9

SHA512
6f406be2a25bc476440deda36c1132d037be41a956026abdccb7398faf84de4b0430408f376d726b44243a53034dec6b2653e8d63ad8be464bfe5993d17275c2

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 229085.crdownload

Filesize
9.2MB

MD5
195ff40538d94cb4b2fd07eac975af1e

SHA1
8fabef2156ac42d47bec2b45f5708d68bd1127d1

SHA256
16b34533718049f776521fd5eb9e1ac9269022df881182698d213a7b4fbf0d77

SHA512
2da1d8b62bf60c0f62c9947b02088a63153a35d8efa7f3de62059a18a114f8530efe7f6967c040891326595fd16aa3c11a074ae800dc2d8507c56004f3b68207

Download Submit
memory/3988-920-0x000001FD5ADE0000-0x000001FD5ADE1000-memory.dmp

Filesize
4KB

Download
memory/3988-925-0x000001FD5ADE0000-0x000001FD5ADE1000-memory.dmp

Filesize
4KB

Download
memory/3988-926-0x000001FD5ADE0000-0x000001FD5ADE1000-memory.dmp

Filesize
4KB

Download
memory/3988-927-0x000001FD5ADE0000-0x000001FD5ADE1000-memory.dmp

Filesize
4KB

Download
memory/3988-928-0x000001FD5ADE0000-0x000001FD5ADE1000-memory.dmp

Filesize
4KB

Download
memory/3988-929-0x000001FD5ADE0000-0x000001FD5ADE1000-memory.dmp

Filesize
4KB

Download
memory/3988-924-0x000001FD5ADE0000-0x000001FD5ADE1000-memory.dmp

Filesize
4KB

Download
memory/3988-930-0x000001FD5ADE0000-0x000001FD5ADE1000-memory.dmp

Filesize
4KB

Download
memory/3988-918-0x000001FD5ADE0000-0x000001FD5ADE1000-memory.dmp

Filesize
4KB

Download
memory/3988-919-0x000001FD5ADE0000-0x000001FD5ADE1000-memory.dmp

Filesize
4KB

Download