ad81b12f41f7e2c3debb925ab6d8dbabf0a168e4eba840f6abc4da332a508231

Analysis

max time kernel
446s
max time network
449s
platform
windows11-21h2_x64
resource
win11-20240730-en
resource tags

arch:x64arch:x86image:win11-20240730-enlocale:en-usos:windows11-21h2-x64system
submitted
02/08/2024, 09:03

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

wz_trace.bat
Size

1KB
MD5

848685e5c891c390714e051d145f7d07
SHA1

7d6cea65b9e80cbd66ae80e64f9b9e52c46a8f4e
SHA256

ad81b12f41f7e2c3debb925ab6d8dbabf0a168e4eba840f6abc4da332a508231
SHA512

80bd301a00efbe5a18dfbf75504eb835f258ec8639039f3214330744cdb7db1e5ce610db816e900f79567b5b8d2c5681e2d70a197d053ffac077e4dc39a3ada0

Score

8^/10

discovery persistence

Malware Config

Signatures

Sets service image path in registry 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\vsock\ImagePath = "\\??\\C:\\Windows\\vsock.sys"	mapper.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Capcom\ImagePath = "\\??\\C:\\Windows\\Capcom.sys"	mapper.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\vsock\ImagePath = "\\??\\C:\\Windows\\vsock.sys"	mapper.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Capcom\ImagePath = "\\??\\C:\\Windows\\Capcom.sys"	mapper.exe

Drops file in Windows directory 6 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File created	C:\Windows\vsock.sys	mapper.exe
File created	C:\Windows\Capcom.sys	mapper.exe
File opened for modification	C:\Windows\vsock.sys	mapper.exe
File opened for modification	C:\Windows\Capcom.sys	mapper.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Kills process with taskkill 2 IoCs

evasion

pid	Process
4052	taskkill.exe
2308	taskkill.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133670634293629379"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2629259545-4196337482-2684730723-1000_Classes\Local Settings	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Spoofer-master.zip:Zone.Identifier	msedge.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
2948	msedge.exe
2948	msedge.exe
2260	msedge.exe
2260	msedge.exe
4640	msedge.exe
4640	msedge.exe
4120	msedge.exe
4120	msedge.exe
1144	msedge.exe
1144	msedge.exe
2776	msedge.exe
2776	msedge.exe
568	identity_helper.exe
568	identity_helper.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
1328	chrome.exe
1328	chrome.exe
2168	chrome.exe
2168	chrome.exe

Suspicious behavior: LoadsDriver 4 IoCs

pid	Process
1876	mapper.exe
1876	mapper.exe
5084	mapper.exe
5084	mapper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
1328	chrome.exe
1328	chrome.exe
1328	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4052	taskkill.exe
Token: SeDebugPrivilege	2308	taskkill.exe
Token: SeLoadDriverPrivilege	1876	mapper.exe
Token: SeLoadDriverPrivilege	1876	mapper.exe
Token: SeLoadDriverPrivilege	5084	mapper.exe
Token: SeLoadDriverPrivilege	5084	mapper.exe
Token: SeDebugPrivilege	1380	whoami.exe
Token: SeIncreaseQuotaPrivilege	2112	WMIC.exe
Token: SeSecurityPrivilege	2112	WMIC.exe
Token: SeTakeOwnershipPrivilege	2112	WMIC.exe
Token: SeLoadDriverPrivilege	2112	WMIC.exe
Token: SeSystemProfilePrivilege	2112	WMIC.exe
Token: SeSystemtimePrivilege	2112	WMIC.exe
Token: SeProfSingleProcessPrivilege	2112	WMIC.exe
Token: SeIncBasePriorityPrivilege	2112	WMIC.exe
Token: SeCreatePagefilePrivilege	2112	WMIC.exe
Token: SeBackupPrivilege	2112	WMIC.exe
Token: SeRestorePrivilege	2112	WMIC.exe
Token: SeShutdownPrivilege	2112	WMIC.exe
Token: SeDebugPrivilege	2112	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2112	WMIC.exe
Token: SeRemoteShutdownPrivilege	2112	WMIC.exe
Token: SeUndockPrivilege	2112	WMIC.exe
Token: SeManageVolumePrivilege	2112	WMIC.exe
Token: 33	2112	WMIC.exe
Token: 34	2112	WMIC.exe
Token: 35	2112	WMIC.exe
Token: 36	2112	WMIC.exe
Token: SeIncreaseQuotaPrivilege	4996	WMIC.exe
Token: SeSecurityPrivilege	4996	WMIC.exe
Token: SeTakeOwnershipPrivilege	4996	WMIC.exe
Token: SeLoadDriverPrivilege	4996	WMIC.exe
Token: SeSystemProfilePrivilege	4996	WMIC.exe
Token: SeSystemtimePrivilege	4996	WMIC.exe
Token: SeProfSingleProcessPrivilege	4996	WMIC.exe
Token: SeIncBasePriorityPrivilege	4996	WMIC.exe
Token: SeCreatePagefilePrivilege	4996	WMIC.exe
Token: SeBackupPrivilege	4996	WMIC.exe
Token: SeRestorePrivilege	4996	WMIC.exe
Token: SeShutdownPrivilege	4996	WMIC.exe
Token: SeDebugPrivilege	4996	WMIC.exe
Token: SeSystemEnvironmentPrivilege	4996	WMIC.exe
Token: SeRemoteShutdownPrivilege	4996	WMIC.exe
Token: SeUndockPrivilege	4996	WMIC.exe
Token: SeManageVolumePrivilege	4996	WMIC.exe
Token: 33	4996	WMIC.exe
Token: 34	4996	WMIC.exe
Token: 35	4996	WMIC.exe
Token: 36	4996	WMIC.exe
Token: SeIncreaseQuotaPrivilege	4256	WMIC.exe
Token: SeSecurityPrivilege	4256	WMIC.exe
Token: SeTakeOwnershipPrivilege	4256	WMIC.exe
Token: SeLoadDriverPrivilege	4256	WMIC.exe
Token: SeSystemProfilePrivilege	4256	WMIC.exe
Token: SeSystemtimePrivilege	4256	WMIC.exe
Token: SeProfSingleProcessPrivilege	4256	WMIC.exe
Token: SeIncBasePriorityPrivilege	4256	WMIC.exe
Token: SeCreatePagefilePrivilege	4256	WMIC.exe
Token: SeBackupPrivilege	4256	WMIC.exe
Token: SeRestorePrivilege	4256	WMIC.exe
Token: SeShutdownPrivilege	4256	WMIC.exe
Token: SeDebugPrivilege	4256	WMIC.exe
Token: SeSystemEnvironmentPrivilege	4256	WMIC.exe
Token: SeRemoteShutdownPrivilege	4256	WMIC.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
1328	chrome.exe
1328	chrome.exe
1328	chrome.exe
1328	chrome.exe
1328	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
1328	chrome.exe
1328	chrome.exe
1328	chrome.exe
1328	chrome.exe
1328	chrome.exe
1328	chrome.exe
1328	chrome.exe
1328	chrome.exe
1328	chrome.exe
1328	chrome.exe
1328	chrome.exe
1328	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe
2168	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1392 wrote to memory of 4052	1392	cmd.exe	83
PID 1392 wrote to memory of 4052	1392	cmd.exe	83
PID 1392 wrote to memory of 2308	1392	cmd.exe	85
PID 1392 wrote to memory of 2308	1392	cmd.exe	85
PID 1392 wrote to memory of 4704	1392	cmd.exe	86
PID 1392 wrote to memory of 4704	1392	cmd.exe	86
PID 1392 wrote to memory of 3944	1392	cmd.exe	87
PID 1392 wrote to memory of 3944	1392	cmd.exe	87
PID 1392 wrote to memory of 2372	1392	cmd.exe	88
PID 1392 wrote to memory of 2372	1392	cmd.exe	88
PID 4048 wrote to memory of 2260	4048	cmd.exe	91
PID 4048 wrote to memory of 2260	4048	cmd.exe	91
PID 2260 wrote to memory of 1944	2260	msedge.exe	94
PID 2260 wrote to memory of 1944	2260	msedge.exe	94
PID 2260 wrote to memory of 4368	2260	msedge.exe	95
PID 2260 wrote to memory of 4368	2260	msedge.exe	95
PID 2260 wrote to memory of 4368	2260	msedge.exe	95
PID 2260 wrote to memory of 4368	2260	msedge.exe	95
PID 2260 wrote to memory of 4368	2260	msedge.exe	95
PID 2260 wrote to memory of 4368	2260	msedge.exe	95
PID 2260 wrote to memory of 4368	2260	msedge.exe	95
PID 2260 wrote to memory of 4368	2260	msedge.exe	95
PID 2260 wrote to memory of 4368	2260	msedge.exe	95
PID 2260 wrote to memory of 4368	2260	msedge.exe	95
PID 2260 wrote to memory of 4368	2260	msedge.exe	95
PID 2260 wrote to memory of 4368	2260	msedge.exe	95
PID 2260 wrote to memory of 4368	2260	msedge.exe	95
PID 2260 wrote to memory of 4368	2260	msedge.exe	95
PID 2260 wrote to memory of 4368	2260	msedge.exe	95
PID 2260 wrote to memory of 4368	2260	msedge.exe	95
PID 2260 wrote to memory of 4368	2260	msedge.exe	95
PID 2260 wrote to memory of 4368	2260	msedge.exe	95
PID 2260 wrote to memory of 4368	2260	msedge.exe	95
PID 2260 wrote to memory of 4368	2260	msedge.exe	95
PID 2260 wrote to memory of 4368	2260	msedge.exe	95
PID 2260 wrote to memory of 4368	2260	msedge.exe	95
PID 2260 wrote to memory of 4368	2260	msedge.exe	95
PID 2260 wrote to memory of 4368	2260	msedge.exe	95
PID 2260 wrote to memory of 4368	2260	msedge.exe	95
PID 2260 wrote to memory of 4368	2260	msedge.exe	95
PID 2260 wrote to memory of 4368	2260	msedge.exe	95
PID 2260 wrote to memory of 4368	2260	msedge.exe	95
PID 2260 wrote to memory of 4368	2260	msedge.exe	95
PID 2260 wrote to memory of 4368	2260	msedge.exe	95
PID 2260 wrote to memory of 4368	2260	msedge.exe	95
PID 2260 wrote to memory of 4368	2260	msedge.exe	95
PID 2260 wrote to memory of 4368	2260	msedge.exe	95
PID 2260 wrote to memory of 4368	2260	msedge.exe	95
PID 2260 wrote to memory of 4368	2260	msedge.exe	95
PID 2260 wrote to memory of 4368	2260	msedge.exe	95
PID 2260 wrote to memory of 4368	2260	msedge.exe	95
PID 2260 wrote to memory of 4368	2260	msedge.exe	95
PID 2260 wrote to memory of 4368	2260	msedge.exe	95
PID 2260 wrote to memory of 4368	2260	msedge.exe	95
PID 2260 wrote to memory of 2948	2260	msedge.exe	96
PID 2260 wrote to memory of 2948	2260	msedge.exe	96
PID 2260 wrote to memory of 3700	2260	msedge.exe	97
PID 2260 wrote to memory of 3700	2260	msedge.exe	97
PID 2260 wrote to memory of 3700	2260	msedge.exe	97
PID 2260 wrote to memory of 3700	2260	msedge.exe	97
PID 2260 wrote to memory of 3700	2260	msedge.exe	97
PID 2260 wrote to memory of 3700	2260	msedge.exe	97
PID 2260 wrote to memory of 3700	2260	msedge.exe	97
PID 2260 wrote to memory of 3700	2260	msedge.exe	97

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\wz_trace.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1392
- C:\Windows\system32\taskkill.exe
  taskkill /IM Agent.exe /F
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4052
- C:\Windows\system32\taskkill.exe
  taskkill /IM Battle.net.exe /F
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2308
- C:\Windows\system32\reg.exe
  reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Blizzard Entertainment" /f
  2⤵
  PID:4704
- C:\Windows\system32\reg.exe
  reg delete "HKEY_CURRENT_USER\SOFTWARE\Blizzard Entertainment" /f
  2⤵
  PID:3944
- C:\Windows\system32\reg.exe
  reg delete "HKEY_CURRENT_USER\SOFTWARE\Activision" /f
  2⤵
  PID:2372

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/rwzcvw/spoofer
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2260
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffba1ac3cb8,0x7ffba1ac3cc8,0x7ffba1ac3cd8
    3⤵
    PID:1944
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,7662483781045037658,10812051526869966477,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
    3⤵
    PID:4368
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1888,7662483781045037658,10812051526869966477,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2948
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1888,7662483781045037658,10812051526869966477,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
    3⤵
    PID:3700
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,7662483781045037658,10812051526869966477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
    3⤵
    PID:456
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,7662483781045037658,10812051526869966477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
    3⤵
    PID:3008
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,7662483781045037658,10812051526869966477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
    3⤵
    PID:4680
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,7662483781045037658,10812051526869966477,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
    3⤵
    PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/rcszephyr/spoofer
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:4120
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffba1ac3cb8,0x7ffba1ac3cc8,0x7ffba1ac3cd8
    3⤵
    PID:3396
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,3546331365114337172,8273014051970069950,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2064 /prefetch:2
    3⤵
    PID:3848
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,3546331365114337172,8273014051970069950,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4640
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,3546331365114337172,8273014051970069950,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
    3⤵
    PID:1372
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3546331365114337172,8273014051970069950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
    3⤵
    PID:4744
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3546331365114337172,8273014051970069950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
    3⤵
    PID:2504
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2044,3546331365114337172,8273014051970069950,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4380 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1144
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3546331365114337172,8273014051970069950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
    3⤵
    PID:3124
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2044,3546331365114337172,8273014051970069950,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:8
    3⤵
    - NTFS ADS
    - Suspicious behavior: EnumeratesProcesses
    PID:2776
- - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,3546331365114337172,8273014051970069950,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6060 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:568
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3546331365114337172,8273014051970069950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
    3⤵
    PID:3268
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3546331365114337172,8273014051970069950,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
    3⤵
    PID:1004
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3546331365114337172,8273014051970069950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
    3⤵
    PID:3436
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3546331365114337172,8273014051970069950,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
    3⤵
    PID:764
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,3546331365114337172,8273014051970069950,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1740 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3000

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:680

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4744

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2868

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:332

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4248

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Spoofer-master\Spoofer-master\spoof.bat" "
1⤵
PID:2024
- C:\Users\Admin\Downloads\Spoofer-master\Spoofer-master\mapper.exe
  mapper.exe spoofer.sys
  2⤵
  - Sets service image path in registry
  - Drops file in Windows directory
  - Suspicious behavior: LoadsDriver
  - Suspicious use of AdjustPrivilegeToken
  PID:1876

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe"
1⤵
PID:3052
- C:\Users\Admin\Downloads\Spoofer-master\Spoofer-master\mapper.exe
  mapper.exe spoofer.sys
  2⤵
  - Sets service image path in registry
  - Drops file in Windows directory
  - Suspicious behavior: LoadsDriver
  - Suspicious use of AdjustPrivilegeToken
  PID:5084
- C:\Windows\system32\whoami.exe
  whoami
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1380
- C:\Windows\system32\net.exe
  net user
  2⤵
  PID:4308
- - C:\Windows\system32\net1.exe
    C:\Windows\system32\net1 user
    3⤵
    PID:1876
- C:\Windows\System32\Wbem\WMIC.exe
  wmic
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2112
- C:\Windows\System32\Wbem\WMIC.exe
  wmic /?
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:4996
- C:\Windows\System32\Wbem\WMIC.exe
  wmic baseboard
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:4256
- C:\Windows\System32\Wbem\WMIC.exe
  wmic baseboard /?
  2⤵
  PID:4708

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbaf19cc40,0x7ffbaf19cc4c,0x7ffbaf19cc58
  2⤵
  PID:1820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1796,i,7399976785130667592,17424012218101654307,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=1792 /prefetch:2
  2⤵
  PID:640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2052,i,7399976785130667592,17424012218101654307,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=2124 /prefetch:3
  2⤵
  PID:3028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2184,i,7399976785130667592,17424012218101654307,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=2200 /prefetch:8
  2⤵
  PID:4648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,7399976785130667592,17424012218101654307,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:2076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3184,i,7399976785130667592,17424012218101654307,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:3092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4444,i,7399976785130667592,17424012218101654307,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=4480 /prefetch:1
  2⤵
  PID:2372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4752,i,7399976785130667592,17424012218101654307,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=4772 /prefetch:8
  2⤵
  PID:4168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4856,i,7399976785130667592,17424012218101654307,262144 --variations-seed-version=20240730-050116.493000 --mojo-platform-channel-handle=4920 /prefetch:8
  2⤵
  PID:1608

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:2844

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4608

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:2900

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:2168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbaf19cc40,0x7ffbaf19cc4c,0x7ffbaf19cc58
  2⤵
  PID:1928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1844,i,10906466600856728405,14160756621433057639,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1840 /prefetch:2
  2⤵
  PID:5088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2124,i,10906466600856728405,14160756621433057639,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2112 /prefetch:3
  2⤵
  PID:4696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2212,i,10906466600856728405,14160756621433057639,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2228 /prefetch:8
  2⤵
  PID:3076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,10906466600856728405,14160756621433057639,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3264,i,10906466600856728405,14160756621433057639,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:1084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4424,i,10906466600856728405,14160756621433057639,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4340 /prefetch:1
  2⤵
  PID:2748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4752,i,10906466600856728405,14160756621433057639,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4768 /prefetch:8
  2⤵
  PID:1184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4772,i,10906466600856728405,14160756621433057639,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4800 /prefetch:8
  2⤵
  PID:4572

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:4596

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
68b36fabaaf25713943248d9b8b528fc

SHA1
52919e9e198bc3485253b582d91a30a64a12e876

SHA256
44909e3faee3e290982c9d0d90c1ffa62371d223bf00a6d31090dfd7a90ed547

SHA512
c8ba8ae8b95b53b745cc841a7403f38f48233ceacfc5324df029b8caa7f4104df7c70bdf030a6d2d228d5b122130e060ea0fae86c01c58c8821a426c6fb18524

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\7dafc1c7-7dcc-4cde-83c2-726daf3a11ad.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
6f5a46367ea0ccf377d87b8152769d93

SHA1
16471284837421f39ea0fea8cefcea4297917e94

SHA256
eb14bde04fbcd6cf87b9968bf5ca4ba784205235bb4c3237bdbfc534c349332d

SHA512
27d5a3e9ce73ead67031ced3a062beda978e94fb3577ee47ca2cee8925e055b589133aa8dd2969986945366f1a5df98f458fc9314e011c63c51447bb26ff5b56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
36301946c032d8500ca47f2169032e86

SHA1
5dc48d3d4d9881abb0fa519da9dbdbab17c5b739

SHA256
31cbbae1d0ce8e13e5d25b11c1dc1c419b18fed1d1e7b3036128f090ec416d0c

SHA512
e6a40858fc1cc48c1e8d8b02be66c2a3eb2cbfb3334785b2ec98ade879a06906a0cff414a1d660a3333de081fc82f3b7712f70042082c38bcad13fd43aa46800

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
feea6dcd53faff5d9931e33c55e236c6

SHA1
1af6dd8b6f3312a44be33b0b7b7aa284ace8e937

SHA256
b356374bade28c174ca6c58d14f17c506e73abb5a96e76fb4e6e61e0d6211f59

SHA512
46bf5b74a64a8c6e258c011f879a75aea07218fecd4c4b07d8f7e7bdc6aace17a374dc826ce0523f5443efee8fd185bfe1c3e5264604f04469815db8f5f6ca39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
38a07cfa9a6a7045dfbea695db767fbb

SHA1
b5614b8d2ff0bc5007fc919966582b000893dde8

SHA256
07ed2b4ea9f82cf6dccab8ea410ea797680f3d1f476f41fb548643732649c267

SHA512
28c75c00639c188757d5088d00803dd514f21c2b41302410269f9f8233d52481decfae063068465b99cb6001e2b86fb5b0e5a12e5cba3e4233c99a9a64c2b218

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
a5bd3e3551c7f09b74ddd7b8c263b131

SHA1
b276586542b6cba8c256ddb634a77e07266bb9b5

SHA256
cb32f353e62feefd7a0a373ee718e1e26e722f7790c009e5a476370380f37b3b

SHA512
7025c3652ea16d7f96051e0b7d9eb082b624128d76a99aab9296199084f9bf28d856fe08cee1238c34fd667d73a397ba6815594ebafa11f2591689bb6178e120

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
7a769ad04b2fdea9743bf74a5c296da5

SHA1
87c9f0a5208ab2b9dac9f5140f0c2a200f39454f

SHA256
88bd0101aeead28382fd28dfa12fde7b21fd8e9f5d2e5eab06de62506915a4c2

SHA512
77ba8170e70f54abfec3385a8ead76a9a118f0dc62da2ed7858112f5e699b6868660b4ad6a3f9ea32a34d5c8a92d81ef0ce5ead947c7e820c80adc244a02fcc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
2e3d3d405a7e339376cba11d5244c390

SHA1
fc0cedd3e5c394cd7d40bdd45760ed5edcd85c85

SHA256
5b2565d3961662971635b4b02e185cbe9bb36f71b679ad7bad81cbc36be0aa2f

SHA512
a19e9760b5d53f62ef21e62432551c80d2be9843220c1a6ed137fc45f90086cf197ae4229f5e5258aa8fe879e094ddf726a5e6893c47ce161b234a1ed5cfc89c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
b30b9a9a1d8c933a1d656815f222a686

SHA1
d9fd689d01976482e8b2df0de2c6ab73e09ea7f9

SHA256
aabbf074276b4e3e1c50667dc47c82b913837e61b80d1f4a33fcab198f74f96b

SHA512
e80aae095f1a8d7723141a170b6019c19f9c6907af9ad42e9cc754daa1c99fd9258a64255113c4fb26c13738c9666acd50783928b1fae20297ac48da642bed7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
196KB

MD5
ab79409209c2b96a6684ca87eeac53d8

SHA1
e8f24767320a00f1b8d5350e07cbc44f9d67cc31

SHA256
5fd8f3fc76f1b0b476e696b5e6be7164e4fa11765cf2b0b9292909c4de57d375

SHA512
95d5f284a868392d49b059cbdaffb19fcb85a68bca1ddbb2fc68bbbc90f427d88ee6add6dd70c6f6464a44f40fc0ea0ef4cd113a21191e3e752b6c0ea46956fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
3f1a0440fba95728a7712e80681f1c84

SHA1
af941673676f85b7a429baf1575bbeededdf5765

SHA256
2f83b8b885178a866964ed39e2fb78548e1eaa8c8003be884f303e8c2f8f0b22

SHA512
c3ff406f5edf17ae93d253d9a86c35adfbd2b27111554f3b326a571b9f170b125673248f93db85f8793db8e15e4b72a5ff0ddd6ba3a6aab4c56b0887f12fedd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
196KB

MD5
c416c7c37ca50afa85222d72451eba89

SHA1
c8dcbc92cfed95ba342a542510d11b14e31f91c6

SHA256
d82b8e07ebae49ce10c474ceb39172a441ae43b54dd9ea6991f6fc0bad2e4817

SHA512
c7f2e5adc165c51af367389b06d0413e5992d6b67b8c97f52e2eeb73e8dd6f6effdec24a0d13f243fd1dd341c884689176771307f0f1c4ce1ff05ff8bcc2bd21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\60021c59-e6b8-4f69-8077-0b27c98c0b3c.tmp

Filesize
10KB

MD5
4072f0eff7229a1443a17e09a7bb3288

SHA1
17d8458466f16e4d0788602ed0159d561a1000ab

SHA256
e956f2b0e33e950ce4b71b7c9017dc79fc82569806e995aaa54e80ccca455f54

SHA512
cb2ff358edd53a2e52c1856760b3956509d01a6f131136aa8b915c7a4929e5035ed31b5fca0f1acd11f43ce1c1d7af0f8c51b7395d046afc5259176a00e6b4f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0f7c8f29e855c33ef4092cdfc2ec0a4c

SHA1
db6eb184137c0480fc73d6803e9b71a20f0b2066

SHA256
b01c3d129f1a499fcade8496bd824bda062a0390bc4d04ccfa77696112c89d58

SHA512
1025c240c57325d5bc394f4c593b61a951f35448868f179e8fcaefa00f60e75fa6ef5bc84e768d2526831a4a6070e67e78b159b88d72ca789fb65f55535d2f60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bc8079178b2f48a806c64e229ae52dc7

SHA1
042b5d146e4d92b827b34d1fa856c93973b955c4

SHA256
0c6805a981710f4455083bc606db4c14e9bdd4b26a8adb4e988c3ecac2f37d0f

SHA512
c80ff628545e7470c04cc0da3fc6066d0274874a736286cb451238bf075a5a6aebd6650124fc1482d33ab5d42586abbfc18fc364bf01ec54c7a8d466d84fe06f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6d3f8df50f4e8800dcbd5fd773aa6da8

SHA1
bb98e6a9da020326e7fbde6fe37e330e90d1d546

SHA256
036b439d9115e20ed1f57085fc45f342d4e487718b07fbae2036ff4c2dcf6a9f

SHA512
f6e0d0c564a1adb05457e9179b7b4e82e0449f7dabd08fc2daa4eb11720680d4b2339ca06fd9f6cfabe38714c64bdb95a9c6d4885b70115870fb57d08424d733

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
078a80cc146d8f0f0e56f907dcc36143

SHA1
7acf13d6c572849397ced7cae79ac9cece5f5d69

SHA256
ad6d966a54d0fc611100505e4075ad6bb0dbf3f6a0aa5b6a7b880a2aa0374882

SHA512
539ef7cb8cf429993c9e79848387b56e7f174d6db55d34aa08c17d3ef5d888b947ce0fc43bd65204692e33bf986edad1d34d5451d296e39918e4d94e87cb48bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
b885f92cd9ed861186c7ca4851155bb7

SHA1
5fe7fa1bafd92f663e02062477a9a1b75d5509ac

SHA256
a4df22abd556e3409fd467a69071d2da0f4750746ba1c87102a7971ef16c2bc6

SHA512
971d468b44b57cae85084ab2656c73b9b1f068a5dd62c5ba43e8c02475225413ad953dfb158770e68be7ac946400b6acecc14d167f10e409de8f9c3a85d62874

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
ffccff72d30869830e09ac018dc8ea66

SHA1
c2dd8dfc7e2fba28a3a940739f1b00b74f7cd57c

SHA256
2cb6ba6b392d4b00f8bda759d4e0330272df41e9d50dbbde58481b85eb634db1

SHA512
0113e0ac87c6cade1a72b2a84c13068313eebae349a72dad2f5d196a7c9f2f7ba984639b3603d599973a5b25a0c8ff262a269a01bf8b57d132e3fd44d149f9c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
5451579c0209c828fb504d20e130a270

SHA1
29e6d8bfade552a3d36677c3d39027a451f06605

SHA256
b05658a8617c81a91f8eae0933f1df99841d9c74f963f55c6e52314de1268ad2

SHA512
4c03c4d91a552f77ab29105f5fd8c025d11dc17c8b8c96e368fe4d9da7d5f3ec88a0ac2250c8588dc9e1ff8bd16fe41167f29db8d54bb37e80fea7c71c77f950

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\063162a4b1d7a28d_0

Filesize
223B

MD5
fc129df8ff0ec44da54e7992c9c0c59c

SHA1
3a26f96652340f36ffb370ef67519de2b2f43071

SHA256
a6f39bfd5676037cfcb6f6a6d0e65fd59b997dcaa35eb3ece25fb485e5bcfbb9

SHA512
a31c1733d9e88ada57c05b498527a1d048f641050c016ddae7598c70c196e0b2d265b1b9e34f320ffc7f2a6c1e84e3fc41beb842a1c13fd98772136e903c6964

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1a1642b7e6352f85_0

Filesize
222B

MD5
e6d678d48d7fed79384a95be4c3e5c96

SHA1
78bd0b2ebae81a3c11aff8bca04ca1989a16f638

SHA256
f42679fefb71016af45f1e38aa9896aba18c85f13602148ec9016afd9ff3965f

SHA512
a13c929f4699577ef68f86cf6d29348e4c41094ad488c8c8c31e090afc1ad8863e6c44d1e273c1ef3a4f4b24cd09d8f4c0060858124303cea5f968b4643924b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1b656fe85bc43465_0

Filesize
272B

MD5
1a08d98797c2765efccb0835b1ea19d4

SHA1
c8fe6ad6735ddfc395a221f1348d8757c0082331

SHA256
62976f9130c483924721a998c6f4bf0646f7e4e589febab14d97fa906a575ede

SHA512
0240b94e908445034484e8b6d4246901ea27f6e18ed03f5b93183525ac43dcf4a85a520384de15a1832677b69c8aa8c73946ca13d3aa1c02e46e9599103a6468

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2df2c057a5731c19_0

Filesize
273B

MD5
2f4862c181aa155cfe80879fdfa12823

SHA1
5c728f3eff37e1fa12e83ba3aa780dc38eaf5a07

SHA256
2e6ad339226e684f4edef2ba01253f327d3adb47c47b19d2499e9853d87da003

SHA512
ec3d993163caf471512a03b2a02689b59f8b8bcdac3ee8c517c7d0450b5f0ab1c0c481636dc7140905e6ba98b7be9db67135abe313e3c807c751da914049b6e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45ef484a783af53f_0

Filesize
275B

MD5
d60f3fb7733aa64b43139b11b84c40cf

SHA1
2afb44ad99a10c4960fcbe3e888529ab9633b750

SHA256
128a9035cf55ae210d1f81fc9e3f9446a2fe11e7e0d88deabdf4e6fbf772b38d

SHA512
0c085bc8265dd025e45d4b6a14fc2662f05b6152ae12506dbb03350981fd352803945516d13d88db0f7299fafd26d5cc88dece9b35e8cbaf11f7630d89ccb57f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\552e9cab9e32a74c_0

Filesize
253B

MD5
e88c2ce9fed1f0e27c1c8c142b44b1c5

SHA1
78508d95d6bcaec6afd109c6187f85703bca0f2a

SHA256
0a5463bebf6fdfcd27a1241838af9c4a045e61635a874eb462ec15f0f486e52c

SHA512
09b7e93353015be875be0a40463bf0d2e49af0645054dedf55b423bd0c9f860db1b83b2e0cafb2fbb2d03b38a75be0a39b7bd52b23a6d8fd08c2b36a6d897d43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\56858010a7af1199_0

Filesize
257B

MD5
803da596c02250eac854a64042f12482

SHA1
2d18af1d0b129a83fb0157552102ac51241b34b0

SHA256
ca27207d017bc660f3d293608b7d4d81f801c1792fd4ec01fbdcc90e84962cde

SHA512
caa162dc546ffa49ab1ef58754f4493cd4824a2389c6359df54e36d6d62a32c4f40d9856ad53499159c8b4cc2cdd3c6a715f52fa6c120a65239c833a7a4f4d0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5df19512b232e76d_0

Filesize
312B

MD5
63aed654d4ce6252a1e1ff6078cc8b6d

SHA1
6c6dd3465e774d5499b1db1764f94d621cc061fd

SHA256
cd0e275d7d4307a15501c04384ebd7e363f77e056c8fabcd40ef5b50fe229db1

SHA512
8205ce234ef1bc4580d796abe877405119198987fbcbed2465886f724b80f8de6d9d40ab2f6ca4a143490a42a7ac47dfc97f5c11071063e77dd01f45878caa6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\823fed6066dbf883_0

Filesize
228B

MD5
6b647a651f4ea70b4f9f2f262412202a

SHA1
0d1a1a32461c9a7052a3fa6be3915405fac52a78

SHA256
f90976511cb8cd7c9c608598f16477adf270ad8d586cc146b99e6dd508330371

SHA512
d0da5b637cb37b3e175a354fbaa9a45f050486e90a0017242a15ccd3b27331f2aaf476dc8285e562dea3d4a77a77ca0f8cc8602e164dfa19c8cb49758bb9e227

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\872f0c19bfc31da1_0

Filesize
227B

MD5
c086103fb51f1220d2332813977977c6

SHA1
aedd3388cd6394fedf1a344f793d25ec199d9ccb

SHA256
bac526ccc1602ff60088e57da7bb609e7294fae6d61b1daf36053dc88ab85ec1

SHA512
0d64cdeb4ffecf811c4190ce1f1d7d2dfdb77a976f375e1fcdb7aa6b3c0e1d45c5082e10a6840c69eb6a946b67914b2ae9f1ff6b4dfb47d57017925143b568b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8cbf2d2de16d7110_0

Filesize
312B

MD5
2d91144542812064042f1a5e29191c59

SHA1
016763809b101b90a9faa326483e733c69836820

SHA256
70e7a7a008b20a0cc565ce4cf9a9d9bea0ee531976c76ae0dc3df7b96304fc6c

SHA512
3086429f98fde192b258a6eb985e681cad88611114d7d751da45a82ba37dd01022d0d325f0b1702996d2d36e88d26e46fb7c43e2003417d40794137cdb04853e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\951674a2601a33d9_0

Filesize
312B

MD5
c4621e13a32367f61093bbf81aa287e3

SHA1
667057e5daf9e1b8986fbab527a2d3be5b30681c

SHA256
a0e50d9cc306fcd3a51ba39d28ae7df5725ff419fac54e6a71f8168cdcec5a3e

SHA512
9b075a9b92ad69cf4a80f6106b7d868e2044ddee67e2350b08d781469a9f8a3516e37cae73d8977cb16c710fa1fbdc3e2404bfaa219361e58c1c82c6facd9258

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a3beb452e1663a8d_0

Filesize
275B

MD5
1cf3a9eb0e99b76ea3845ec04779e40b

SHA1
de6b2624c84a284565e9cadf2f9ea913da88954f

SHA256
72cdad24e77fc21e18e6ae127eef72ec6ab3f830488f8baf067a15823a041ba1

SHA512
0e3cf082d2a37ad8107c78cffcf81b91cdd0a2e39a62b5ad3a316fdd45c5d32ba8b69a717659c309d5718e11518667a27c7e6998d935ad1a789005cdfae42631

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b0e13d00b26cece7_0

Filesize
312B

MD5
dde670d643ac3cd6fe4e2924bd13ab8e

SHA1
53c8a4fea6ec519b858fef124cc9fece3667607f

SHA256
2336e34d753831d89cd60d909c99fe3109699d3dba38b3be877ef9bfe534294e

SHA512
475dcab57de4954c42c6bd622ea7fd9087a28ffdc38271e285dbb7dd5bf16098a8a9d78c2db4ae22c8798b2b40e47a4bfe11161a1148afdcba70c1d722119d5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b3af26fdb0a014ec_0

Filesize
312B

MD5
b94d61231e644d866a80888df854332a

SHA1
e85d7a8ba8064ee1b5237e8e65fe20da2fa375b7

SHA256
a960bb3186e2d6bf2bfd9bf4e2cc8ef8cf6753205533499f85ce0fb46117e0c0

SHA512
861a3a3f7fb084d3e0deb42370e1678237a6f88e79554cd0371e208da85ce6bdb2599b246a450e4e8bb7fa4f18a7b824a2fa8292277ab9f6f4ae234e05b399f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ced3ecfa1bb37e1e_0

Filesize
312B

MD5
251b75aa8c53601a9e2b76dc71f03e08

SHA1
51c1ef4958f56e2d1b95c575f265feaa7ce36cf7

SHA256
a6b0f55dcc41ecf295164ecc7d2b029a4392a37bca81c2b588b36cab70014dd4

SHA512
f7b20ab2ace2ddd2c1454af0965ff7f720c8a19463a9014942d1af9ce4dbb6bd631818e470b9be28a475750ddaa82b4bc08c6899af26d56009c74bd56686e0bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cf4436542c566b96_0

Filesize
312B

MD5
63f74511d76659e397c533424cddc7e5

SHA1
fc0ac0bb1eb2644e049e51ad085e0ef05b9606b4

SHA256
37b8516db0aaa68c4cd4f13b44ae1265299faff19e753a0eaaa6300aa9312d9c

SHA512
35cb664cf8b582a110900ca4ec07eaa044ce7c2df9ef6bbf25c177d5e6cedca2fab26f5cad5bf83d164bc83ec46cb692df5d003e38071ad101ab6cc776f5c740

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\db1f63ea8ff750b0_0

Filesize
312B

MD5
fa23794cc7f215c9bf2ff4cb259511c6

SHA1
cf1a840d0cbc7bd6dbf4918e99aea4bdeec08016

SHA256
faf03250f620a00428ccaf73ea63d34cb0d03579e6165ad69ec6d14304e08e06

SHA512
7183019e5b27ac8b122e3c1fa034e76f9628a7828664161a10f9e96d80825a7926e54124a29d9bf06b1a044918e8704480097560c9470b4c9083c2603d421a0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\de04e287beacec7f_0

Filesize
312B

MD5
5c128823c03bee0e0c8ed51b427dd86b

SHA1
ec97715adf24be4cb57c992481c6963aef3a7c86

SHA256
4f918d946190ed382721186d5e5f73ce25364faf94d6c6b73d5e38890119f32a

SHA512
e0410abd504673706c97aae13b31192453bbe316f8f08a8c10d1c75a7a410b4637acfd7da317a596113a5199eb0d84d5cc4cadf5820524127f7d574d6dfa2c60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\df9da550ea6d3003_0

Filesize
275B

MD5
e36a20fec07c20ecd1fe617bbc748563

SHA1
0be5f1f64a51c6ebe04aad187e96dc84854e57c6

SHA256
1b55ee92cccdf0e7099e283e821064ddf8b0e08ebebebe74955def4edac32909

SHA512
8ac589b48fef212b8a0a10f5cc02c3d9cd304d44abe6cac6ee9dd8dd91920935ef0815ec35834ef9d4af5ad51df42516d0901c7f8346b522d59e655d8f6927e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f98a9b53209646ee_0

Filesize
312B

MD5
9ab267c524d326831b7b451efe12a617

SHA1
67993f54769d064e7f102c4cae44210813558e17

SHA256
1d44e2eaa2943cc141be4e01423648523560aef902ccad1d2f22e68f0e230c86

SHA512
70c9c1f73edcff9aa7dae6ef864a22eb2ed948f522576f9f6d7addf3ea68a19b3b79711b82ab73b2391f1710d3748321ef7ab605c9a573b4009be331d20c5ff3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
75ab0a4e4c01b8237e1b8f885f5a4ff8

SHA1
c88366c5c674ac75b01e9671a398b06467db5ce2

SHA256
e01ec6690f94a76a03955f87454b81ac4d667f91e9bee6595eaa2a4a7c5a47ab

SHA512
bf3ad3039ea5e7a09b1d4dcfea20ed5fc2d8b860df17677dfa08c5a7192310ef720486377a9daf22dd038041ac567080571b423e5936256dedc57f16f5a4243f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
e78b566e96bcdee057b3883233adf805

SHA1
f6cb0882d5434ff99e87c665460f4d6b778505d9

SHA256
943e03c34eaabfeb2f8436a8544f8c2a76e895cabb8f937a94d5c9870993d16e

SHA512
e22ec53d8fb11ab8934323d8e69b519002ba0bdda11225e05d6967c83b3ebaa387b6e25e69e0ff7d42f1c6ed0d0ba0d2893edd7eefd1a3cb8fa88e38896775b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
b3cb9ee5fa3933d9668c96964658532e

SHA1
1ce22eb207e5f01574e1f0ba8ef31f3c541c0caf

SHA256
f1251bb480d227bb048faf75ab027d6e8ca721b04944144b061b6fef7e434692

SHA512
3da8300cb408ee6f38c347614ba7f4cd8a63314f70bd84af15e6f31e1116bef844a4f0944356ca771a0e754eb228d4a82d36fe29bfbd6a2206aa3cf0f504fb0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies-journal

Filesize
12KB

MD5
96de0d3b1baa12761e87f2637e31b459

SHA1
2421695f4143ae1cd357e0371be74352d56d2a06

SHA256
d03254b80f926c8f964b480c1c7888a45da304b9fef803c7900c50c6916ac9c7

SHA512
5e3f6d35231842274ac0fa7fcbfd882a42bd1736971ae50800e7590a983126d383e1acd3ba3a35f8379959e043df527cdb7f97e12aa02a3d033fbbe0e4abc5e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
605beddeaef98418991d410bc8b57a40

SHA1
666f28355ad6e3b8a9dd5ea45104fdba83476265

SHA256
d5908cab8f39ba586d0e7f6d7b918e11c6d2c3643a60d57d8a2ddd958b32de46

SHA512
c21c594f4de10813985327acf26486eb894882ad4402b389f478aef2d8f72340c165ba8b70bb24557848ca11c198d92257061238d549efb52c27bf875bf6c722

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
9KB

MD5
a9681ee08d64c35b04d39e761a7335fa

SHA1
b92fa66fa115dc9079a701a2ca6bdebd3c8c5b6d

SHA256
57699a330e5fe10643bc5bba0ef64680873c03ca35cde5c11cc5fb3cef2d2c94

SHA512
22bc37607f679d065a9d85275ce639801863c891bca4c1a22a4071c0dadcf0410160f1b137cbf29bb0fcfef0056dbb1f9cc21a69f29d9f343474dd5498e68591

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
ad834d82558b22f9ddac179e78231576

SHA1
18658dd5b3ba6e455b892cf951e39cdf2df2d05b

SHA256
0c1a12f6ce243f4b9a419407bd70a6bfa95c7991acb91db34ee7dbd8280f3ff3

SHA512
fffb72f2f13e6ba69f384fbd620ec52eba8c46e0ab19f98473e5c8050d90aef7f5918ac383eef654118749da023b8664e9d5ce445708238c66711e544f988cb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
409B

MD5
b12ee6b010e965ed924892682077404b

SHA1
cc06dbdc7cf807fb8aa0f90749f5f07c2fcf55fa

SHA256
fefc13d455791d6cc3d8bee48121ca6d7c21e147fd45c504f236bce95e0ea58d

SHA512
b4178d1bc5b95dbabbc5dd1f902f2601b39904279d56b725a9c4aeacf9c27860c02207b1409298c911976540a30eb194c469f7fea64cb3a117755e57a56c3e1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
573B

MD5
72d8b549c047805a5315df059bb1539a

SHA1
3df3770c14379441be3be79eac28f5a1344cdada

SHA256
beb758c4229b5c555242bde07bb5e88edd0d43be725dd68c8a4f33e6eddf10f6

SHA512
0bee533bd41e2226f9e971c9e4b75dee9d8d8ea545bc8a119d3a3c31bbea9f4c30b0ae3dcb58cfeca103ec4880171d2d63c676ac7a4a71b990e4a5ad376fe4fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
72759461b1f5edffe62c5a26694a5159

SHA1
79ab59cfeb9b6f3856ca68f85e69ba1a404bd7d3

SHA256
1ba6d94554b62795067415759cd9bd9dcedaca28b16d8edac3e2ec7c995e9da5

SHA512
3f7123bb2adc844114d454ca9bfd4b8dc63671a654f3be92783f1c5f1925f8c950bc2b302d9df4b71a6b0808ed10bd1d2873298850058caaf6411933b81d8849

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
25d70aefd46bb6505963ef7b49bc979e

SHA1
adc6a8e7607f01dd68f5827d18a80e3a5d64e0c6

SHA256
6fd8e62d0eb938c2fc9c001bc6b08b5ae200e3ebbcd34478997e591e43cee427

SHA512
2413db839202242fd93df38648ba9ce4a273a46891acd0d501d7985a229d08a4565e583d26e8f60b1e7978ffdfcbdb7c1e6b4956eb1851e61e8d69e499398ccd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3013e9bf9628766eaf793d8fb3b45844

SHA1
2caae388be9f7ed1acdf9c7cd9f59fcbd9a541cb

SHA256
273051e1cc729ef3bda7586dbab4a614f33ebf0f92b7ccbdc76c68f751713ec2

SHA512
1119abc14cebbc9a2a9f4233dcaf49cfb62aba0610051be7d2ca72caa09999a4616563c84baa25c9c78c7c3091eca5d108634db9c793a89c6d5df660f644085a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ec0fafe98d95ffc76878d6138fba4afa

SHA1
12c5da61072a25e6a5531ca7cc9ad00dd98318d4

SHA256
db7866902060905690ccc91ef1f33cbfaab2119762bfb6d18a13e7a9ef25669f

SHA512
b27ecd0470bb44bee4e1a44dc301b32e75e33ea90830c8e98be291a9e2c759c1d84dda63bda9fd6e3b334758c8bc950fba7ab9804aed28f3ffb149ecbf8bd415

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8afdef3ce779e0c62fa50612ff004656

SHA1
4ab6d15b6bb5af21f88b6e2edf156a144238d4af

SHA256
fa510de8068cce61f98272a86eed35b28ae3574a741b1022236e9882a5e666b1

SHA512
01589eaa79be076b6b2dedd3b86069cbf8f2c3cc2282d8c42c8f369d2cad3e2d1be01ae3ad95b85c70b9f50f3184fa05db85134caaf2d87069cf94f0081a2af8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
396B

MD5
51f7611e11060805e712426fe3365569

SHA1
2d53ffbb9c7d1df9b9e231a6c86b98173505adf6

SHA256
fca30bba12992e8d224b5f39c4123da64f04f1ed90326b1b3a506a333df36aa5

SHA512
05076c71a6342251b7cbb6604dc25d4afb0839c08f49eb31cc9900da97d5fcd155a5bd24026a8d9822df08a486d3ef19092d360cd06798eb0ed6b803b8c385e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
192c838abc820e00826dd8e265f80670

SHA1
6f4d2b000611a65359564fd8d4d8c73be53289ca

SHA256
254b1dec4215dd560df43efd175255ac87d0cf857371ac17fc20434d382aeeac

SHA512
4d8fd25fc3f30c6de39f819b060c5b9cc55647550026b5e5c692fd899bce63280a6d1d74bfe6f97a1ce1775ae1236e6b5c35d8b569ca8a37d769c55775252022

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13367063062061351

Filesize
2KB

MD5
a65de059b56a153244de3a405aab6af3

SHA1
c6624aa90422ff018f0157ebe96247239edf61bd

SHA256
56057bb1af6ea096acd7b1d562e96295be70d07283d9aaed0edf6c5c5c43cc76

SHA512
0d6d0e36f4a1d9ee5d3ecdb502484c00b74eb18f474907d0c27f62506bf6380a5f4071bd23ab65f1ebd36bb5da56f2e6c81646eb2c36fcdfa027ed7793481f6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
2fe6ff05fe9fdb103ee990d17faa7889

SHA1
e8fc36cbffdfed5aaff8c9ec44fa375322318e20

SHA256
518f05a13e80e8c254cf30c4152da262486e87e2078d026c69b54b0524c0261f

SHA512
542a59da91c238a5a32457f146bffdac45ec833ce71928257d8c9abc56a14ff01e1684709acf340b4216416eda8994e1bbeda13811558aaacf3a2869c24e1c94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
41daf1406d596c1a1df5b6d66ee9c47b

SHA1
17434fa3dd293f373708efb8ecc6315de7e9d701

SHA256
be85e713c9816b373bf5a9d158f71d976d683e1b171ad88a338a9e9a1a801470

SHA512
1eb5bce83e864ba2b73b4c95b584e12180e93351ccd66996fa50683834f761a8c5a023b2869bd047e92c8ee8fbcd704d9a1342ffc4e7fbcd946fab4b472af67e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
6b1a45a995c6512b466d80743b036f71

SHA1
b15868bae59bf95063c8d1ea29de3f4f7a26f24b

SHA256
0d7c55c63a9fc02f5bff5d124cd1dabde710b3fab21db6e32aba823f9b9e8c75

SHA512
15b44efbc68f90736fc2e433cd1bb72e86ba61d105547eb4834401cdbc99de6ebb16254773f07c9f298e5f1652fcbf84547273d3aa9b94e4b0ecf24059364d3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d212a5792c8e6d3ca365f139924953ea

SHA1
d5a4145fc344f2029d47a31ba4c59e8d29b8211a

SHA256
e8f9eaf350287b9e8905f31283fd4dd4758e3dde044c1a9495985458cefa87ed

SHA512
0b24abed382e2b3977cf820413d317458de589ebd69e7cf3b54ceead76c82c175ac9bb9795864f2c88d433e69e6c446efdcae7d85d498484e889d27c7bf83df2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0bb070edf0862f9bd5c713e3bf49f8cc

SHA1
a3624d4c717ed3ba769eba469320bf9b336729ec

SHA256
0f0c85eaf51d2ec45e1213e6737ab47cd89e74f8afb7c240748bfd8b85228bcf

SHA512
4e085540bfe2ce9f72a2039ede541166153ed338ab9eb3b6337c24e88d88d70c858d0bd36b15f1be28cfef7b42a0021d44124de164a93e1cd0571ecdb39b90c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
52KB

MD5
505ceb915f9aed7e5664aec57215f5bc

SHA1
d58d09673d40334214104800912d8b2a889933c7

SHA256
726c5993a384af98085a57d776a2e101899f27490fdf4bfc2320121ccbcca292

SHA512
b5d9a4c43683474683f8644f0798ba935096b475df96c603f9f730adfe154050bc8019ef31fda09515ce2d6c3631a29d21b03efe45bcdafc9c4fce43c0d484b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
787cbc49b6be4347f4786683d02476d4

SHA1
d52ed4818f34fd64362a26a6b89ae7a874a58e7e

SHA256
29e4f2aa1347e66e30c58e2f786835a8a83be5da0114b610e7f4af39de179f2b

SHA512
c1c7f99e6281d4315d8259eff2da8277e746cef1b8dd3ee5aed53e99846abc4e9e77421599c00b5e77479944a506a8804b47499825bf334a2b3bcc52621a17ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
2db039144f01997becb4123e13f6d20d

SHA1
f4bb344d866699ea511b8d84e0eb55c4efa60575

SHA256
0fbabf2bde72c2ee0e528fad853e6fb7af4473e34c66fcfdc0c0c73595a90b08

SHA512
5a44c89b6e3aa31368d2c04356afd977fe5a7b3eee9c74308f9ec0ecd11b799280b62500412c0ca88fb2d6381e96a8c3cf6155e49d47a77c87fb68277224f925

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
56da9cbd93ae1fae59455fa948333eba

SHA1
9af447690a97d62854176bc4e067d4378e39e4a4

SHA256
fc7fc7b3328d4fd64ca73c14c45b53bb5163182c0608a9a9d3fff8047281f18e

SHA512
61c9b03a569782137d11e566acb45a49130c61f7bc76a619036a819b3e8f0aa1e77bac9daedb11c2439dd3e580aa324cfd1f074b2023486e018377db54520a47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
a74fd4a540cde8bc963a126b205f971a

SHA1
f7e2a46954ec34a2da78534d031bf05322c50573

SHA256
c22c9d1e58da9f396699c17de34ee63529863f62c571ceb4ef7b83a1b86ac23f

SHA512
fe224ab75ef90211ada5517a12463fc42484025b56aff0ab11f51af4fef38f40fe99fef438154814a3a7833069fb87dd48d21e1bd50a23fca58d8871f3226bba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
5c145299945b095f0bd28a2438dbdceb

SHA1
6543926e8ffa2ef2e927c0982fcf1dfcd5fa3621

SHA256
f8c73404bebaacfed39e743c7113e36a593f44eef4f95a90e7ae839902b297b6

SHA512
6ff1d55044593151c7666201c6876fbb740eb0ab5b976151b3aab635e8866d953d30783e456989789c240e0b1f5477c6b62426b9c61aa37a29a157cbaa61b022

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
20KB

MD5
7e86d5c1bf2ff36b15bfbd8fcf748b16

SHA1
59a1515ddff8caec85c4f27ffb17b69a42ec6226

SHA256
82f03e141e82546b261c1a24cd9ae3cfd4b19a7b4f343a296428deeda88cf856

SHA512
943fdf966d2ca4bfb35e01431e7bae1611e86d4bbf9c27524ba4502a9a93b8c0bb39e7760a8ee76993c4099da1ff49febe0b48468f134d4121f22a0ffb41bf2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002

Filesize
20KB

MD5
2a029687e73114ebcb4fad10c0114e8a

SHA1
f09cbbed46b9f8c731568bdcee13024e89bda397

SHA256
fe6e92a5b020858bbdd8089533c6f22703bc5927e22f689c384164096705b11b

SHA512
211dc45e2bb5739bcf863c44ca8132f92e895b3c95d074929aa4338698d53c6ccb3a8e2f23180260d9226073f4f5cd21a200010a7a224de7c8ac2e1cc853730d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ee1fa4752a111d1992bd6d34f86189fa

SHA1
06121ed067642470facd23e225f03e81ad479219

SHA256
826aeec98e61d77484124645ee7745e952bc57cbfd9e7e72d2cff504b8b4872d

SHA512
84b9a9e69a832b444f0b714cfba42ed9bf9e0a807f213181de0f2fa4e436cb15fe155a47e298f244e9fb35d5127830271419e46ce79b70c86373153fcd3f2c3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
534fa874eff544638ad4deca9fd91272

SHA1
c658f2b40419cea8e6f9f92089a29fa0363e3f28

SHA256
b892c665cf8f05198d55ab750917e6466e78d3893fca0c88ca58046275f1b394

SHA512
0f05d2ecf2b1c4ca1349e9b20c8a84a4803658bc65ddb690d56fbad65b11d86273bd12ceb1c6984366b30e058f8fec4c80e5f83b092a070ca3093c7e9ddd9484

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\Downloads\Spoofer-master.zip

Filesize
85KB

MD5
880f8c2a8e30309e941fc799cce1ec69

SHA1
4616417f611724b8232fe89b70de85531cd7a0df

SHA256
7badd4281227d7754f23e04aabdbee98a804881e80fe1e177c9a0ff19ec251ea

SHA512
18ba47f33f79c7dbd6d84b476e46db90df8982a1eafbe40fd8844e8057204c787a654864b1ef3e80ce133ea93c6f0218bb59ce541f2786f988a8740e68c1f541

Download Submit