hxxps://www[.]bluestacks[.]com/es/index[.]html

Resubmissions

03/09/2024, 22:41

240903-2mjg9szhkh 1

03/09/2024, 22:36

03/09/2024, 19:45

03/09/2024, 19:41

03/09/2024, 17:36

11/08/2024, 17:42

11/08/2024, 17:24

28/07/2024, 18:08

Analysis

max time kernel
226s
max time network
226s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
03/09/2024, 19:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.bluestacks.com/es/index.html

Score

5^/10

discovery

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Drops file in Program Files directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Crashpad\metadata	setup.exe
File opened for modification	C:\Program Files\Crashpad\settings.dat	setup.exe
File opened for modification	C:\Program Files\Crashpad\metadata	setup.exe
File opened for modification	C:\Program Files\Crashpad\settings.dat	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133698660862870426"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-523280732-2327480845-3730041215-1000\{1195170D-5022-4CDC-9EBC-0E0F44930AA1}	msedge.exe

Suspicious behavior: EnumeratesProcesses 21 IoCs

pid	Process
4688	chrome.exe
4688	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4868	msedge.exe
4868	msedge.exe
3968	msedge.exe
3968	msedge.exe
1388	msedge.exe
1388	msedge.exe
5788	identity_helper.exe
5788	identity_helper.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe
4292	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 32 IoCs

pid	Process
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe
Token: SeShutdownPrivilege	4688	chrome.exe
Token: SeCreatePagefilePrivilege	4688	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4688	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
4908	chrome.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4688 wrote to memory of 4860	4688	chrome.exe	83
PID 4688 wrote to memory of 4860	4688	chrome.exe	83
PID 4688 wrote to memory of 2956	4688	chrome.exe	84
PID 4688 wrote to memory of 2956	4688	chrome.exe	84
PID 4688 wrote to memory of 2956	4688	chrome.exe	84
PID 4688 wrote to memory of 2956	4688	chrome.exe	84
PID 4688 wrote to memory of 2956	4688	chrome.exe	84
PID 4688 wrote to memory of 2956	4688	chrome.exe	84
PID 4688 wrote to memory of 2956	4688	chrome.exe	84
PID 4688 wrote to memory of 2956	4688	chrome.exe	84
PID 4688 wrote to memory of 2956	4688	chrome.exe	84
PID 4688 wrote to memory of 2956	4688	chrome.exe	84
PID 4688 wrote to memory of 2956	4688	chrome.exe	84
PID 4688 wrote to memory of 2956	4688	chrome.exe	84
PID 4688 wrote to memory of 2956	4688	chrome.exe	84
PID 4688 wrote to memory of 2956	4688	chrome.exe	84
PID 4688 wrote to memory of 2956	4688	chrome.exe	84
PID 4688 wrote to memory of 2956	4688	chrome.exe	84
PID 4688 wrote to memory of 2956	4688	chrome.exe	84
PID 4688 wrote to memory of 2956	4688	chrome.exe	84
PID 4688 wrote to memory of 2956	4688	chrome.exe	84
PID 4688 wrote to memory of 2956	4688	chrome.exe	84
PID 4688 wrote to memory of 2956	4688	chrome.exe	84
PID 4688 wrote to memory of 2956	4688	chrome.exe	84
PID 4688 wrote to memory of 2956	4688	chrome.exe	84
PID 4688 wrote to memory of 2956	4688	chrome.exe	84
PID 4688 wrote to memory of 2956	4688	chrome.exe	84
PID 4688 wrote to memory of 2956	4688	chrome.exe	84
PID 4688 wrote to memory of 2956	4688	chrome.exe	84
PID 4688 wrote to memory of 2956	4688	chrome.exe	84
PID 4688 wrote to memory of 2956	4688	chrome.exe	84
PID 4688 wrote to memory of 2956	4688	chrome.exe	84
PID 4688 wrote to memory of 8	4688	chrome.exe	85
PID 4688 wrote to memory of 8	4688	chrome.exe	85
PID 4688 wrote to memory of 4888	4688	chrome.exe	86
PID 4688 wrote to memory of 4888	4688	chrome.exe	86
PID 4688 wrote to memory of 4888	4688	chrome.exe	86
PID 4688 wrote to memory of 4888	4688	chrome.exe	86
PID 4688 wrote to memory of 4888	4688	chrome.exe	86
PID 4688 wrote to memory of 4888	4688	chrome.exe	86
PID 4688 wrote to memory of 4888	4688	chrome.exe	86
PID 4688 wrote to memory of 4888	4688	chrome.exe	86
PID 4688 wrote to memory of 4888	4688	chrome.exe	86
PID 4688 wrote to memory of 4888	4688	chrome.exe	86
PID 4688 wrote to memory of 4888	4688	chrome.exe	86
PID 4688 wrote to memory of 4888	4688	chrome.exe	86
PID 4688 wrote to memory of 4888	4688	chrome.exe	86
PID 4688 wrote to memory of 4888	4688	chrome.exe	86
PID 4688 wrote to memory of 4888	4688	chrome.exe	86
PID 4688 wrote to memory of 4888	4688	chrome.exe	86
PID 4688 wrote to memory of 4888	4688	chrome.exe	86
PID 4688 wrote to memory of 4888	4688	chrome.exe	86
PID 4688 wrote to memory of 4888	4688	chrome.exe	86
PID 4688 wrote to memory of 4888	4688	chrome.exe	86
PID 4688 wrote to memory of 4888	4688	chrome.exe	86
PID 4688 wrote to memory of 4888	4688	chrome.exe	86
PID 4688 wrote to memory of 4888	4688	chrome.exe	86
PID 4688 wrote to memory of 4888	4688	chrome.exe	86
PID 4688 wrote to memory of 4888	4688	chrome.exe	86
PID 4688 wrote to memory of 4888	4688	chrome.exe	86
PID 4688 wrote to memory of 4888	4688	chrome.exe	86
PID 4688 wrote to memory of 4888	4688	chrome.exe	86
PID 4688 wrote to memory of 4888	4688	chrome.exe	86
PID 4688 wrote to memory of 4888	4688	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.bluestacks.com/es/index.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff904eecc40,0x7ff904eecc4c,0x7ff904eecc58
  2⤵
  PID:4860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1856,i,10020962236846718825,5062211701366534008,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1852 /prefetch:2
  2⤵
  PID:2956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1824,i,10020962236846718825,5062211701366534008,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2120 /prefetch:3
  2⤵
  PID:8
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2264,i,10020962236846718825,5062211701366534008,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2468 /prefetch:8
  2⤵
  PID:4888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3120,i,10020962236846718825,5062211701366534008,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,10020962236846718825,5062211701366534008,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:2692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4608,i,10020962236846718825,5062211701366534008,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4620 /prefetch:8
  2⤵
  PID:3128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4664,i,10020962236846718825,5062211701366534008,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4828 /prefetch:1
  2⤵
  PID:3672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5032,i,10020962236846718825,5062211701366534008,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:4960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3296,i,10020962236846718825,5062211701366534008,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3236,i,10020962236846718825,5062211701366534008,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:1016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4912,i,10020962236846718825,5062211701366534008,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3108 /prefetch:1
  2⤵
  PID:4540

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4996

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff904eecc40,0x7ff904eecc4c,0x7ff904eecc58
  2⤵
  PID:2040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1892,i,18427097816035108144,18410398002622907502,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1860 /prefetch:2
  2⤵
  PID:1732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2196,i,18427097816035108144,18410398002622907502,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  PID:2524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2264,i,18427097816035108144,18410398002622907502,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2456 /prefetch:8
  2⤵
  PID:3756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3068,i,18427097816035108144,18410398002622907502,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:3808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3084,i,18427097816035108144,18410398002622907502,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:3632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4496,i,18427097816035108144,18410398002622907502,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4468 /prefetch:1
  2⤵
  PID:3436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4832,i,18427097816035108144,18410398002622907502,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4840 /prefetch:8
  2⤵
  PID:3916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5028,i,18427097816035108144,18410398002622907502,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5044 /prefetch:8
  2⤵
  PID:2932
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Program Files directory
  PID:5028
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x284,0x288,0x28c,0x260,0x290,0x7ff7529c4698,0x7ff7529c46a4,0x7ff7529c46b0
    3⤵
    - Drops file in Program Files directory
    PID:2208
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Program Files directory
  PID:3432
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x284,0x288,0x28c,0x268,0x290,0x7ff7529c4698,0x7ff7529c46a4,0x7ff7529c46b0
    3⤵
    - Drops file in Program Files directory
    PID:1756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5444,i,18427097816035108144,18410398002622907502,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1184,i,18427097816035108144,18410398002622907502,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5000 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:1684

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4876

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8f4ef46f8,0x7ff8f4ef4708,0x7ff8f4ef4718
  2⤵
  PID:3624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,8119227892780573220,1684670184008600044,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,8119227892780573220,1684670184008600044,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,8119227892780573220,1684670184008600044,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
  2⤵
  PID:2464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8119227892780573220,1684670184008600044,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:3224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8119227892780573220,1684670184008600044,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8119227892780573220,1684670184008600044,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
  2⤵
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8119227892780573220,1684670184008600044,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
  2⤵
  PID:2820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8119227892780573220,1684670184008600044,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8119227892780573220,1684670184008600044,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:1860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8119227892780573220,1684670184008600044,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2136,8119227892780573220,1684670184008600044,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3656 /prefetch:8
  2⤵
  PID:3316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2136,8119227892780573220,1684670184008600044,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3668 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8119227892780573220,1684670184008600044,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:1
  2⤵
  PID:5296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8119227892780573220,1684670184008600044,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:5376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8119227892780573220,1684670184008600044,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3644 /prefetch:1
  2⤵
  PID:5384
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,8119227892780573220,1684670184008600044,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3704 /prefetch:8
  2⤵
  PID:5608
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,8119227892780573220,1684670184008600044,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3704 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8119227892780573220,1684670184008600044,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:6016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8119227892780573220,1684670184008600044,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:2028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8119227892780573220,1684670184008600044,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8119227892780573220,1684670184008600044,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1
  2⤵
  PID:6140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8119227892780573220,1684670184008600044,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:6120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8119227892780573220,1684670184008600044,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3712 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8119227892780573220,1684670184008600044,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:1184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8119227892780573220,1684670184008600044,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
  2⤵
  PID:5964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8119227892780573220,1684670184008600044,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:2612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8119227892780573220,1684670184008600044,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6472 /prefetch:1
  2⤵
  PID:5156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8119227892780573220,1684670184008600044,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3128 /prefetch:1
  2⤵
  PID:6104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,8119227892780573220,1684670184008600044,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5548 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4292

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1184

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2160

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
efc82f8314de2fb0909127cebb38a019

SHA1
ffeb52cdf0bffa888270847d4981cc96ba448c14

SHA256
9836d53d4914279fb42e48acea940dc78d94b2ba4866e0731a528c65ff131d2a

SHA512
89d234d0dbecccda14e5fadb343a7b80a4ce464e270d1e17488b66bf707da13c0f0de30ce9f4a20746c5951c31fe776e9d618712fa6a842749555dd1cc2b0866

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
60146def5318c3a62a66b7562c82e651

SHA1
2ffa0aefe2d411e03ca9006e156254f75f167994

SHA256
efc6a7d30ad5d8272231a3dd84d9b4a3069735604baf0694404dba6073d44336

SHA512
29cef6ef2820496997d16f1a032a40122479d512ebffb1ffca8a219058a08f36e3adc7193b5449653d8e1499285da0046f3ac60855df00ddebf32efed13f79da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
2dc299d232c02519e54457d8e25256cb

SHA1
d49d7893dc243dfdd99c9c0bc494851b7da5e5f0

SHA256
c0d971e8cbba7ebc8d8f196e5178a8bfdcddfbabc62e996c52f03e7f796e2d1c

SHA512
4b48cefa5a26f4f27408a947e59297e89ece636482155240312e668e8a3b4a3cd6a6f618974fbe7cefcef758654eb0577bbe3426e58c1db6b56e72fc3ccb41ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
6f0ea99b22d0d29c3bf0593e1081cf1c

SHA1
6c086bd4824869ac9509e07f62d69890bab82c2f

SHA256
75da66079b92a69efeac22ec873e338a154cd5d09db191975edc44bfead13d31

SHA512
6c20d80e9e4436856f104a57f4ec81c8858b298e660d66436df34ea8db8499864d548c2ad6615ce8efaa6c9eb494f55199b4c7dcab6c812ff158e67a8aa0b9a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
af831571e767e659612580b7dfc8854f

SHA1
de6ad5bd5018be505a9437391f359f0ad740b99e

SHA256
70abacc34b78ca9531f93be7b4cd9126075ae3d85767d20197bfc25ed137e98f

SHA512
0e1bb360054f422a18e3d30705b9eb19e33867407976e278edf24be9ed063e217a9682bde72fb0759d92d4d20df5117e3c64f9c41ae570d9a00dc4dd2488c8be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
81d859f4dfca5976a96b2f1e14a0bf8a

SHA1
53954d1b83250d8ab7147512a6d447ba98c3f270

SHA256
ad2401aede20901a29c6d87b6c72e13034d491e90d53bba423c0fa50d64db91a

SHA512
4905c7d0fba79e388bfe07313cfab3088f0a8f578aa629d99e03a3684fb89ba54ea447c4830c57e5a2e45d0cc7a9b236a8bb58e4e5bf5d1b13af50caaf09d628

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
129KB

MD5
97ac71ffe30489796ab1aba77acaeb94

SHA1
20e050c92cb2d248df15d1fb8145c67c986ea0df

SHA256
2a6b532eeb181e2222034de265f4cf0098852355469ec114ef8e72bde7daca41

SHA512
ea5accb03302e7368af31b014c89f14f7cb8f4107e2abdcef431f30f20ca4281ec1283c2a8fdbda2671fa6026e46cdc2c51329142b2b33586fb87a3f0e75ebb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
83KB

MD5
939b0ce31fdad8288d09e660c8e7ae76

SHA1
d2bb43cb05c63fcba0299ec734e2b507fad20590

SHA256
b5895d2b8c39491c1c888cdefe08bdfa5fc3298f6780394ac1e5413ccf89e91a

SHA512
7e2b9b45c8237f808400fb0ba390acaba5aff339572fadbea9a59fd5b7bdb85aa6829e834da410b1c80ff4c956db878ed056528a2d39a33f4b04296c91e4ff80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

Filesize
234KB

MD5
8826248ff9b4db041b839aee7a70aac3

SHA1
eb279ea7a130a2b9c7ee80e6607914f39c287d39

SHA256
d1045c4bd73126a26798ba64b8a1799953b14e1de072eb278cac32b4c9c6fef5

SHA512
f04ef53e5a40fb155c348a5feda420a35d110c6f2c5caf84f8904f906196fd5fb3a2d30f94413973a9cf896f4f45f4a368a19aa0d9e88288cc2f06eff1acf858

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

Filesize
16KB

MD5
5a8babda83267f2dcf0e362c1a91d331

SHA1
6aba4d1b2eabf71be30e28c9ae6ea8e5cd30db88

SHA256
6e4a7648ea296ec014c7d333ecb49a793bd44a4e283ca40614d0a44f5cd86d37

SHA512
379ef6c1a4aeaded1d6d3a0f4e5a0d3623dd5e40620b4e1cc1693cfebb009a5971de3bf751c7deca172ec63e4f02b8586793f0ad353fc4734608f3e3c5bad2c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
18KB

MD5
116608fe1637feff7c4795a4ae3e40ad

SHA1
0a178e5f6e8b6d227b8ada9ea00c25320ccaacf1

SHA256
b9388261237751a33806fd6ba2b58fbeb24fe87f25cd55053721fa2e7d8540e9

SHA512
7b200885ceeefce861b1f74ba78c4388c20ffea82836138b541a46a78b763f3a422adfb84c81ed6e0ea58f137b90c443bdb436948dad712ab923dff7e463bebf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
25KB

MD5
ca64e58a7c25fb5f624915b1ffc6a89d

SHA1
8de41ce1438206834bae9a7ab869251e6c485b3c

SHA256
9028920f0e4300b216a308b0d817a29aa61a7151f912e3113a8dd0c6117758be

SHA512
c18a80b106c0d5fbb7428b647b749357818fb5d5c995c5956c9baa099167b286aadd6e18e25d71884f25e3d6e829f537b45eaa0d6782d57bba88a6ea5f867e0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
87KB

MD5
691b2ed330c50ead86750d463086bb5a

SHA1
2aeb50a994f3fae958433fd19fa4f7ed66cd4e76

SHA256
50c4c653ba6c1893a4feb20cb1e1f236981685b89c798f8ef2225ccdb57269ab

SHA512
a08347f135de703c3ff160564fb545440001cc276938c87fdc8f226731b6090e439ae7d4adc86d54f9c61bd795f9c9222c27a5bfb3452eae8c0c1ea207c4b63c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
109KB

MD5
b90340bd461f4a6d95ba2929dbbc637d

SHA1
562db1ed39cfdbb1d732797c442a06de19e7fb89

SHA256
b866c1a5cb4ba996e2a6080af888aef7a79601c38052f969ca10363cc9c69231

SHA512
285033117b56ac1aad56f48d0682bc63f096baa22a572571a1d53c9df751a7a5fa6481481580bf7e6c1f9e512491b8409c7946adda42309599949907aeabce5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
32KB

MD5
057478083c1d55ea0c2182b24f6dd72f

SHA1
caf557cd276a76992084efc4c8857b66791a6b7f

SHA256
bb2f90081933c0f2475883ca2c5cfee94e96d7314a09433fffc42e37f4cffd3b

SHA512
98ff4416db333e5a5a8f8f299c393dd1a50f574a2c1c601a0724a8ea7fb652f6ec0ba2267390327185ebea55f5c5049ab486d88b4c5fc1585a6a975238507a15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
43KB

MD5
fe81c3956f2576d2b97d78b2d88c32ff

SHA1
bcab985032bbf5f5ba24ad3085a973a483878ea3

SHA256
c0a1f012159dab4d9b3e9206ee86bcf44aa6677dcb779e65972b2fbe744011bf

SHA512
18d8a8ab0f1e2f1b5dff223b5748884f30764a8333336aca4ae4cd5f87e2babff9d2499dc6c8521a82f050f65a5c5b703d551ee09f8fabc66cb5bfea9becefd8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
71KB

MD5
ea87d84a11887fd2468cb39783d43f3e

SHA1
b045cc02e8663aaad58f62d7f2f7655f65316fa7

SHA256
c4d8c0c73d978d5738fc3b75a4c2150fd9ab2781729452d0999d0dba0217c04f

SHA512
39d24bfd712a53f8de4e8c1d60dd88f48de57071a951392b9ba14784fd151d8dc33993d5743b128f7fafefed1c516ed861f2f47ab87098030e4bc5f596176c64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
66KB

MD5
2e4c7db86ed161a0d7788bd98956c814

SHA1
16755c5d022a116b8b38a16dff222df301d7a7bf

SHA256
e87ca665b4515b9a1ba19361f1c8aecd476e8a9a6d7995f0e6bf15dae97af90e

SHA512
c4ec6117fb7b46c8bff2a5cb1016a744dda05c3c81714a194b92a558b35bae025134fc551e12c7fcade1e054d0b179396ed96949ed487587631ff5c46b095d9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
32KB

MD5
598eddb6395070ff8324be54773eb2a0

SHA1
3675032bfcff5601b6b26a69dd783a360bf3eeaa

SHA256
cf197e9e80d3a746230ee650b633e8b5e9d2c75c6dd302c474a4ed229df25a82

SHA512
c306fee3cef6fb22516af9a82ff84b23d038f605c0267a5c6ce2f141a4d1218478fd3e8011f9104bf8accbb45b4bd0fa628fc7be6edb05263c9e8db94f9d2f4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
211KB

MD5
e7226392c938e4e604d2175eb9f43ca1

SHA1
2098293f39aa0bcdd62e718f9212d9062fa283ab

SHA256
d46ec08b6c29c4ca56cecbf73149cc66ebd902197590fe28cd65dad52a08c4e1

SHA512
63a4b99101c790d40a813db9e0d5fde21a64ccaf60a6009ead027920dbbdb52cc262af829e5c4140f3702a559c7ac46efa89622d76d45b4b49a9ce01625ef145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
376a86e4a35e9e06e0bb398034ddda4a

SHA1
42dc544c945e01cd1a085f1c62b830a622aadee6

SHA256
b9d5d3c03dc80c85dabcca34012dadafd1b626e2d7d4c5ebe1dbed65fe503161

SHA512
28c362460b65ed4f7bcbd2793c2118e4fe4aa13766e62f913881fb9a4cf2517820683006dad3d0d9f1a5a275da8de0f5d34b589c0e58a4916c41309f23669bd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
289adae0ad91281568133a8a4166e7dd

SHA1
2793c21cb08922628af1bbe3ae6b252d90d25f7e

SHA256
b5f4d9708de81567150d759b220ca2191283174b0208f93c5c2960ef3e452893

SHA512
f0688aa19131dd558a8bd265dc21c96bdbe642da826959a8d7264f3a3b2dcc6c7dcd9ef5e78376929576c30c1fc3d08064b161a361e00fefe82966593f6391b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
0afbbc9c03965f3969ab1e9f47f3743d

SHA1
7c7239be5108f946c484d916b2bccd3e015cbdec

SHA256
073276dabffbff211ee451505468da97977d187de29208c1a0725b115cf4f57d

SHA512
5326fb8b2ce66cb0984e55941c7f5bf9518b00f30f874360214713157fe27e2eef7bbc71ff3f56572e923d35a8f44ea466a9c3208f03e2b0277910f0d84d6bf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons

Filesize
28KB

MD5
8a4abfb33d39efde6e97609149b9836d

SHA1
61eed2f2f3e459627844cce97d5695faea161a9c

SHA256
9e30c7897d6bb5efb1d37960ede145651b47fb4e8bbe80ff6640c255573a25f3

SHA512
4e6476ed10da55d7b4e6be76e6f872d90d8274d16c018b615ed81183ab2698c6ad211021fe333552a7c84fbfc1035a355ed24cda36344d2eb5c7083f9a716d14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_0

Filesize
44KB

MD5
f33c88f779243c9540ba82b4d01af221

SHA1
eeb4ec1963734c0b44686ea252e1ecd4e588dcb8

SHA256
bf589214c7dfb02cac4ab6323df3bc95be7e4ae137064f883bcc68ddf00eb336

SHA512
a3e9bd83b38c5874f998b9205fa96a52fa8ddff04cb0807994142099c235c3ea69b87b6e6d94a404cac99a2c581d21342876d726653523e863f08dd94e76d335

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
14d49dc1663faa0f2a9ce492fc1a772e

SHA1
89a0b420eb89785197a8b2bc4ed5d47058f80a5b

SHA256
66e1820478d76b56b29da4b1adc64264e6fbb3615e97194bf2aff83511f80277

SHA512
b4a037a90e4143a2945b10327a5c647beaacb65c34227387eb220eb84753590ab6bcac4b4d8a717771175abe4796760caa0f3f6a66455d2d071ff556f02e4157

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_2

Filesize
1.0MB

MD5
0ab01cc567a5e62e658ea949e2abfb80

SHA1
c248cff61e4f7aa56b0eb6c33aa9113975a2c8fa

SHA256
7049c4a27bec9da8419994066d7ef01fb203226362c2ee885b77ef08b589cf3b

SHA512
41d0260f90fa3f8d0aff727e14807dd5851a45219168218058e6157fff36fe353268d3549931f99698c371601dd840feb7e926069aa44249e75bfd4e31a97541

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_3

Filesize
4.0MB

MD5
9a952beff5eaae5d808c85c6e384def5

SHA1
356917679e77e954ccc41dec75605d629ca6bb38

SHA256
5290c96952313e2ccfc7fcca63fea22e8e41a41ec38613d023c684d900c718d1

SHA512
268debb0efea3709f606b0d7d4a63bccba1bd8aec0c9cd3191e05d04f593ee93ca35ae22fef45c41a7a28302e2abfeef1e3036589ab8a1728249d236e8edf2df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
160KB

MD5
959cbc0eb093c4526e065edaee2b732a

SHA1
4178156b64dd9cf800ea0caa659fc2beb40daa34

SHA256
f4a37d8398c83ef2968b2003ed147b67016adfb9f43c0b9d3ce06c2fc630a38e

SHA512
d21611fdcd7db1bf534a1ffcc50b7e974b066b6d3b29889e964ec6267908788392f4572b7f222666342509d43467d71530bbfd47b7dabd58008e5f9760fc5701

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log

Filesize
1KB

MD5
e93bad310bd06cbb224dd4c22bffb5de

SHA1
a158f438f772f947eacd80b1b4afc1837aa73995

SHA256
2fe4f5e3d60b8463820967785541fb7fc6825364f7fcfb1cf75c76cdac15e25e

SHA512
dd2264419b36e9a99ee8441f6875035ed63442a31a3f88c9ba729e30d89cbbb5836776d8e695ad80f039bd3089c22b73ccd20cfa154e3ab829e5cc63f7d5c393

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
332B

MD5
dbf51540d1adf7950bdc1d981edac97c

SHA1
ab4921729a2cf4aa05b612d1933bac34ef73e897

SHA256
c4e71c344b32e76112e0811fc72a788b2b555043a8c5b2b5e12cf5e48b81c2f2

SHA512
c4fb3895cad0a3fe31a8f77a06cdbef8f14e84ce8330ed703d9277b059c6eedc4e467a65ec35affa0ae6d2aa9b66fad56cfbd4be22485941eb1382d16cbff5c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Filesize
20KB

MD5
233d13cad290a4312653f70b73309dab

SHA1
421ac73dcd0bb5eb38a98f45184780a287c7325e

SHA256
c439263f4bdf7750c8f29a171ac9a6bb57f796fd0aaae7632f27d6e776a823af

SHA512
ce97bb6a7a095eefb8f23611264b3c1075d9150324af013369f2062500281cdbc56d8077f61618b3a2b4b98cba18f34715f574d7b845351ff1f4009bee36bb87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
60fbc36be41ff6d3c71d2cb4bfd155af

SHA1
58c4d324824dc1dda28e3abbed419ba06cd6eb65

SHA256
07b9e1e3bceeda173462ec805ed22336a7048c8f3fef85a2f94bcd74811ae028

SHA512
b7951db1cec4631e364e48ebce12e047cf5a813bef94707d4e451c7388b4f146b98be13eff6bd438a7cc7eb50ee37ced9a0fca37387da692076f333f8c611a59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
535de646f39207cff6b16875a7a84895

SHA1
5d48fd22539697d10fd11edd6e536c3e3c1a19ff

SHA256
e26ce2536f9244a3b8424119121446cccfcf39d95d3016e50467d4f6488544e5

SHA512
9eeae874b841d36d2bb831a2b90698623dbbdf3eb1a41e88745bd1fda6430def46fce22b12466c9950b8889309794dafefbb5284433fd87d68e4a2adf245df56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL

Filesize
36KB

MD5
92991816cb55a746e90c98abc6c48cb6

SHA1
34b6d8b38971aa1dfc05c761667cc8938b4af558

SHA256
d3d4f7877795e15dea4d084e9712fe77bbe6d14ff4e6e932488419bfa32a8558

SHA512
ad86b994b95409b24eb577493fc1f7e87227fda10ba154c354983334700fff65bce9d0007949fcdd8722d8a26930bfb168b567b722eb56f4026b765e17392285

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
beea6d961ad5e37449fe9fd0c4cc327f

SHA1
01bcdced94012ed08dc5d823385b0cf0c197ae9e

SHA256
b9f539938c66d4478beeaf65a702b362352f0b6a54eb7bacaa9d9b3d65d8537c

SHA512
8dcb9cacd6b60c6ec2a23291831850a940123729ab11d76127684fccc82b564d58c6ab2a7931fbd6e56e716ee0e0b2380af70cbcc47a6e8f89dd36df223a1264

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
856B

MD5
2b2ff9d930502c22a369badaed5b1ef4

SHA1
22f573b346e21a65377bd1a6850b816d964c7204

SHA256
458ed1d870aa3dfcfefb171a2b37e69faacec5484848f6e5f6c3ceaf90bcbecb

SHA512
c4e594f7eeb5612baa685610e20d44daa7b46a1bb924c59de0574163e6e6fbb605ee3c20b636a617d010f9d7a7e5de16e9ff1b1e9034304345d7f10fca4a4c13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
10bec8a4eb94b3f952388dd3a0ffce74

SHA1
17478d33e9274c9528d0e692e1d7d5c556473238

SHA256
14e6ad72fbb40deeadd93230493f0d36f47d6811f73101fe389ea5acd51efaf5

SHA512
6fb723d3b14ec093a098fc22e1672b900b700683718114137f88d3593e3d7635ac1128a2fafcb7f005878f8405a520fa027e5482d8df54518495809461520db9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
856B

MD5
4504ab3e35666ad6b54194c29620c411

SHA1
7191e9c5f94318ff9f6d63cb1ff9b48fc70997a9

SHA256
f3ee6692c00d8c7c42f329d42c4ee1ce011ca7697c48fb6874497340554c2512

SHA512
24871eb7b9febfafdbe45b3b1e5d41802aa4f1912c0dc77e043bef3610612e45dbe69e34b7fffcdc65f86b91f770e47e26375a4e76f125ab935e3fa755c5117a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9fa4edd088674c23d7f7258e2d708a58

SHA1
cd50d37e35c4d9f018e9f7ddc2ff6cf528c1c44c

SHA256
0f58282591296b0a9b336389412f2adce6023d41c3da1dc8335a2e564aa19f81

SHA512
d8b9d62bbb059b3d2a40fd68d6e44e6aa0ec01fc79a465d23c65c2dc439d32a28f7dca774ef7af60a6f559dcde2bbb592f189fc6a0c9db3080366e968329f632

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9fc96ac73a95d5b3918551ed3c8f069a

SHA1
3c30d5f580b45f29f1c5e49472a140efad44c0e5

SHA256
ef6d7abca32eb6b946bf09dc50113abea85b2aa41fcab093f1261ae696cb2a40

SHA512
c0848b1ebd8d9cfcb7960698df737f4e730929325fdbbf5b9b93cd3236f1b92ccfe2e81b531b3adfc546bf195a85a1185c60db2bc2ad16389f50242bb16f1b11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
09518cb4f60976212111a6de850ddda0

SHA1
e253769218618498f36742d187aa978ed5f87370

SHA256
20033b4c26267a96dd91b5dec41d9ac041e2e45cc6cc9df8f1d5e8865814e93f

SHA512
5f28a2f2a82ffc20ee927b37b71cc1a5191f215897a5486ecbcc4d29c6bcc3b20aa89353b6d56ebbb13aaa1df5b4367774dfb573de2b57d0a948b7047a6dc78b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b62de1f329a8569d15406b6701cd8863

SHA1
efc68bb112428fcf99d2a88e6561d51a45252096

SHA256
f05dbdb20aceca9781222c84077b157f0a37d88f05985aa2fdeefc67c0e81ef8

SHA512
c300dae54162259e4a99566e926dfaade8b92ee56dffe53339385ed7bb9d5884c8afed6e80ad90f827dd6891b98f4ea7c3635b4524bc79408a2935dc37d01e0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7dbf60cd8be9988dea391e7b61261ca3

SHA1
4fca76fb58280526b806cdbde5b50fb7d7b96e77

SHA256
31a0c8f743d8c5c267f4fb528091ebb303900770bafe63ce67c46570c1c571b2

SHA512
f3807ce2b8cecfe669fbdf77a8835ec56ec60434527b7d4a7e13e6a2c1dc19ffc9ec7319c4e1a8d1552f0c37cb1221197ee1ffa389060da8129447fc21682767

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
be040ed4b34bfc6ea3aa9fad915309d3

SHA1
678f0cd0c54dc42125a17a564f5037c49d7a2173

SHA256
34aaa0b4a627b60d0abba442aa85d39d5c083d287c2c3dcab0d8eeef9a069e50

SHA512
a7cb9a21d2df2cf108764198a1b2de9afdeaf140f6764bc8e64a02b9c18d42775114284bb78948da52130b3cbaa6f0234c336b009b7129b9d5b503d0519ecced

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
dc292705d1375be85741aee171782868

SHA1
7bf29adb59d053adad87369b11fa13465158821d

SHA256
95bb91dbaa81947d76ec7586975883deeac61b4b7d7742345c3c99e7286fe4db

SHA512
78dbae08100d136dba032cdba449212366fd580815665975ca400784698ce49a62b7c267882f146a813ecab605591a60b483775fab06bee1dfe5fc2992b80772

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7f960a0c1a3c4554d73a4891dfade860

SHA1
b6b703e7ec526ee6e87ff54d5cd0f8649a4e4938

SHA256
59fedf39a26d1fe14eaee4cd6ed97128dc880b56db4e6fda0d59dfdbde8699ce

SHA512
59724c2bba22021175fffee5dc6000b0e05c28bf43741544e7cba8e620034455a3f46aaebe9d1f3faa547832b0089a627c39de257af278286e9ae3daf2f999b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ec1c32aa27ce95ad711b5dc8eed8fa00

SHA1
b7ca3dfce65b5985b084e1aba88c8b1a28f53951

SHA256
a15c6bf87d5b61fc2a7bb8e80dadb14ac60165956825bf069f6164d870b906b4

SHA512
d17ee5ede119a13d6bf1e10631c8b47294befe0bdd9cde333d151472088dbea57deb6ecce5bc48b27dcacf8adc8ef5de0077fa9c52a8c3b080ede11b89b27f25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1b8aa542915df71dbb8b040b68b2cd05

SHA1
a378358d4d0db0e3ae3f81bbb1f75136f95a6876

SHA256
962cc1f13ea9176f4f01e6018ca59daf55d50cce9c3fc84b4c14a46983a8c7ff

SHA512
b82cfc66936aca0301c6bc6ce9a979443d7f2767a0e4d38914a7a8f0336e2ec51d44c41ceb33a6188738bc999c7d1f141ecfc5dd9f8ee2005bf0aeb5a0a892a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c5c7f8f66481ded3b54d264448a60c32

SHA1
6d6c0890e28a70fc5524c9c74828f822258c1ecd

SHA256
5d012f05c981bace9d073a940e80ec26766118c56f2879d8ca30bcdff29d7d88

SHA512
546f7ce8449bab20f0e60f4ca4aaa068ffb2ece8aae46d23b7d17d43a23dd999888f0a3319cc8c232777e560837b61167c959dce903d1b2b21ae4fc292ed5e80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c9ebb320a6d6c1d9ec492c256328fa79

SHA1
e1802f563e7ca3ec9d4354a4dfaf52f600dc6bdf

SHA256
b9fcd34422a66e799908c880306f69cb5eef9e0ac86ecb5a728647ae6f69bdf5

SHA512
ce6653861a0f7b780e820135741a72b93dd2559c9ac0cead2037c7d65fec7f8035bc8990d91d08bcbc37c420d1856bf01122073392031ac5dbadf9f4f2097d4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
53f1add081377945620a5e88c5142391

SHA1
fcef66b7f64501b8c9287deb3d2d87c43ee904e4

SHA256
95066ce78dc43892827c7552568c873614688879837d2b88a2fd270105272c30

SHA512
71e703f53d14bb40ebbd707c740253d729d280df3466a9f3ba7d42503933fe86cfbc30e94664725c367369169d091fffff2d7cc0764c08dac74920684e0a6a41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6ffb1d314eb17dc717e38846cfaffa28

SHA1
e6e2a6c509dd96c976dd4504571088bb5b1c6f4e

SHA256
aa9adc80281a3f2817e2e98ba7c8b4d4b991f89f5fc3d94700010ad725500c16

SHA512
62839df8931f83888a1020841c3ac4fc24ac77e8eab0d17bbc7e188d456245ce1c5bae3b516947595cd1e52a7b4fbe8146ab70e64b51517b16b804a58cec00a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
911570f69d9b6226ffb8a664959edd2a

SHA1
c4f57bc3eae820600d4bd70ff7a5e4883d273ca0

SHA256
41aad55109661f58ee0a513b685b449554da7a615722765c981341228dfb0339

SHA512
4e4c76b782b9eb265621598069873b8805cd944ba593af5c9309982360d6466c4c6999528a5f4bf5ced875e14c2881cfd87d37ac113db7a9f7ffcbb1588e8076

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
065947b74c511301697d73262774829d

SHA1
3962cd76b14318135e28c89a5aa18d7617fae0c1

SHA256
262a62ea10a329c78777958111e0d483a95799489e6d29e5477e595bf97ddf3f

SHA512
d47810e198d50bbae3058fc844d87a174a778f01e60d37b56702e86b496c318446a7c1a8db96dfe1affe1a17c2812f0c66011bd2acf7d1fa49a658741033f4de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
93417bf475b8884890738f3804e68d77

SHA1
fe296626275146aae74dc613dc84ba0dcd273079

SHA256
2baeeff023a6332fad017551519400c380311bd9f57f7cb89153bc374df90b0c

SHA512
3e836bb4e066b9bf3718a53535299c8269faf35c4d458883268870f10120e8cb490f07f83b80dc0fa05c021d5c260dab61fab021351eb1f4f42ab053b4c50cf1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG

Filesize
336B

MD5
d12b1cc94c6ee64e68f5b3ed293afb8f

SHA1
e5bfe9cf905a8a00cebc9e6aeed9ecf50c9120fd

SHA256
d17bf55863eccb779002da1917902484d4d43ee7f36fa0103f93ca1c5b819c6d

SHA512
1d1cae4a56732765f4becd51a7975ea1e0c31f8434dfbe9e926700e6b309ff4b577f017a4a64d2351476fb91c73e0c97ceeba356c4d5d53954cecfefe30a015d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13369866091011825

Filesize
8KB

MD5
197576655e67465c0867cf6ec9ff31cc

SHA1
00079f7a138d1210bea3c344348b939a0f9b4b5d

SHA256
8ce4f5c7f7bc20572d23c16a461353b2ff3e97f13616b85eaac78d30b91fb416

SHA512
a911d891c6cbc17b7b3b111880ec15f14f9aa0c52899e4023bd73d146e35e14a4c3320e8c1e01cee380632eb135ca79b0c22a9a90c0ed83efa34b86314823cbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log

Filesize
184B

MD5
4be57ae2c918e53cf67691505aed99b2

SHA1
f349cd1380e4da092bf735baec28cd84ca6fc335

SHA256
6cd4d850f026f60f183f9fc5508cbd6f539c003ff56de92d468954d5696010b2

SHA512
c880411b394ff6ba84ce333f3fed10fd06ff8eedde92a011a0bb73348c7be8a70a3b5374c795a2a05d9b81d6337e109943dfa5329917acf5e7b8ca5359e05274

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
345B

MD5
f9185c1415555e5685a8475fcc3e0dc0

SHA1
22dacbcefd31db1e102d51c74eb9dc78d8754905

SHA256
a9ede58458bbf8be79e4d934e046abfadd6db8f08af9f61fb7d957caf97ce61a

SHA512
acd2c2d09e14da22d3618c9128f877fd9351880ee5d13a9a5e0462381a07e8267420bccbcb22232e31578dd1ade67e496044fb06838788adaf8de98f8f683f5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
5dafa88471db92a35564930fbbc117a3

SHA1
2a8ce769c0af90f48fd132acaaf1e0700bb894d8

SHA256
d38eb8409084c3634f7dd70d25e1dad93627aef743cb81ac7ec779c2e88c4ae0

SHA512
3328f52ee87623ecdc69e94625b3b228f6f6090c9d82c0c84bfb7643752290053434715d95cd80acc3629c5914987b297d7945f931b2572dbf2ff0e5fbb4d266

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

Filesize
128KB

MD5
e19bebb53f9c8f7e41b4cb0de32882aa

SHA1
3e44de6170a5c6e6c332d40d140dba8ff493bb5c

SHA256
0597424f35a5feb22e6ff5ac553593a1295450e7fc2f3c41542d6cfd18724a01

SHA512
da79ba48b9debb84fe1df359ea4671331a3611ea3458c8825f03e334d3b8d52ddaf9e47ef77a43c9fd5f950d661944c9d5dde5c3bd902588f804b811ef825159

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data

Filesize
114KB

MD5
9268cea625050459d5203f5345630bc4

SHA1
8c5a8e948131ab5d96f6f0af48ea6709983c59ca

SHA256
3bcabd8fad54336a1e6b81e2e9c68880959bd669d085adcff59336c7f67d80c4

SHA512
48fa66a935588849b25c03f6e5b61a7df0eca78ce5818c457d1135c15e5526bd465961fc380fa639ec023700897a2d517c15e8ba0198400d05392632b42cbd6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
ef48733031b712ca7027624fff3ab208

SHA1
da4f3812e6afc4b90d2185f4709dfbb6b47714fa

SHA256
c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99

SHA512
ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
f0ffec8e16ada4e8141d2e5f7415e71e

SHA1
4104e3a5ffcbea10fd73f1e950e670f651f1fc30

SHA256
feefd11becd1ff2fd636e46130b2576be246b0cb61eb1b2b299a29a21530fc05

SHA512
285872703aed9afaf25939c7cafb746b0af3db21375fc046c43b46f9e8e4a9cd18d0dd32b1afe85a757ee483cc27f768ae385cebd909b655716237c2f63ab923

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
f75f564c276e4ce2f225b7b4a1f9dcb0

SHA1
599053dc5667fd6596079cf3a62ab45c6c267189

SHA256
657fb1c746dff4748ca0f67ac02285d51c656da6470861c5e662aceeabdaae87

SHA512
3368e797b52799b5609ce214bf97f2500f96559eeced9d6cf176d0d4a098331f055a4de74fc72a92cda677d3c0dadcb0ad542cbe05161a67f711411568bc28ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
204KB

MD5
df5195108bdcffa0252ef70496cbcaa0

SHA1
3c49a754d67530b5806fd3c5809a49a4d7384d53

SHA256
456c984c6e6f1ef03831d4bbad8f174d26ecef15e331d149ae833e21ffa0d327

SHA512
5c6b88a054f12565317e40b531d2dec00c0bfe571c97e81a34f1b7dc2d092fc08462655fd02318a1bf7ef72c440108cd4e5faa62ce4a89655e0316dfe25b98f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
e69ad685327711b3bb31dafebeab25b2

SHA1
18a4b414811e5feb452ad686edbfc4f27b27b4e3

SHA256
82e239ddac2ced9d0e40b1afd272af819902edbc47fb12449c6108ecf03346bc

SHA512
1058931dba89e86217efe18100b66cdf06eaa08594b1de6454bbe99ba2fa378d047476f0d28a1b13cd4b7a03718cdd225bad0dff90705f533c8925abdc162361

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
279acd78fed148384c81f0941e8d6f37

SHA1
ec3ee7a947d29b4328c54111e9f0ef68a623b346

SHA256
ba0ea5be9022eb349ed5745acee0655a20f010c8250da19cc9dea62206133787

SHA512
c2f3e8665df5c6d2947f530840017d9f1fed8d69daade7cebf5c52595e59a86b5baf7524092f33dc9b375960d26539640e5286b486406a1d3c1c557acbbcd028

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\segmentation_platform\ukm_db

Filesize
28KB

MD5
90e322a41e8bf19926113d703e445ebf

SHA1
73a169e50b3ed70100b52fd7025e459dc18bcef1

SHA256
3fa6b6855bfecd2227565419d374067050d25379555e4ac8dd1194d1407121e1

SHA512
1efd319eef3948e70dd688eb3ad7839492e86610d02c098589a9f544eb2130a539c391c2f62bb8c40c4592c9c9000738b20fa033d274eb894728c69f79a87e6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9c327c31-9ea4-450c-bb2e-0df4868a1415.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
70KB

MD5
4058c842c36317dcd384b6c2deaa8b95

SHA1
1085ddb12b29b79ffe51937ba9cd1957e5e229b4

SHA256
0e562969cad63d217848a5080273d1745dc4277d210b68a769c822f2fbfd75f6

SHA512
435a67024811360b12339e3916945b0639e2d9319e9d540b73e093848a467b030e91e01917b7fb804eb756dabce2fe53c2d7ea586554ee6cfee70e652a85924a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
41KB

MD5
f3d0a156d6ecb39d1805d60a28c8501d

SHA1
d26dd641e0b9d7c52b19bc9e89b53b291fb1915c

SHA256
e8be4436fcedf9737ea35d21ec0dcc36c30a1f41e02b3d40aa0bfa2be223a4a3

SHA512
076acfd19e4a43538f347ab460aa0b340a2b60d33f8be5f9b0ef939ef4e9f365277c4ff886d62b7edb20a299aacf50976321f9f90baba8ccd97bc5ac24a580bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
1.2MB

MD5
540af416cc54fd550dcdd8d00b632572

SHA1
644a9d1dfcf928c1e4ed007cd50c2f480a8b7528

SHA256
e4e53d750c57e4d92ab9de185bb37f5d2cc5c4fcc6a2be97386af78082115cbb

SHA512
7692e046e49fcde9c29c7d6ea06ed4f16216ec9fb7ea621d3cc4493364743c03925e74244785588d1a4bfc2bedd32b41e7e66e244990d4076e781d7f4bbb270f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
43KB

MD5
209af4da7e0c3b2a6471a968ba1fc992

SHA1
2240c2da3eba4f30b0c3ef2205ce7848ecff9e3f

SHA256
ecc145203f1c562cae7b733a807e9333c51d75726905a3af898154f3cefc9403

SHA512
09201e377e80a3d03616ff394d836c85712f39b65a3138924d62a1f3ede3eac192f1345761c012b0045393c501d48b5a774aeda7ab5d687e1d7971440dc1fc35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
74KB

MD5
b07f576446fc2d6b9923828d656cadff

SHA1
35b2a39b66c3de60e7ec273bdf5e71a7c1f4b103

SHA256
d261915939a3b9c6e9b877d3a71a3783ed5504d3492ef3f64e0cb508fee59496

SHA512
7358cbb9ddd472a97240bd43e9cc4f659ff0f24bf7c2b39c608f8d4832da001a95e21764160c8c66efd107c55ff1666a48ecc1ad4a0d72f995c0301325e1b1df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
26KB

MD5
1de4708beee6992745a7c14b7d8580da

SHA1
03bb2b7dd07f1701da7cf19b68dd23a2b298827b

SHA256
ba0ecf05941451756a9acfc7a913e64dd56ddee8f3811c8a9f1cdd0a219ad64b

SHA512
5d21cd342f3f70a7dc4bdd3b100e6677e74a7fec22af3ffc9d048618d1daeb5dc5e3f1511ffaa2fddf2f3e49b31351d7d4613f7f03e21d2b609483ad6aab9c86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
56KB

MD5
eca1cf7f7cac454805779985b12c6af0

SHA1
f10ff8f3164aa2c29304cc5a717b576b10fa2392

SHA256
fb34f85d9611fc047cf704bcded6621d49cc21160257f8930c291779769e61ce

SHA512
af752fb9229013ce803620b3f7210561f857fbe029d8f852303c4ad838396f3ed7092244fb73a41cb3725685d6d0be2340a399d0d1b28432bb80ef8e5fa89e52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
16KB

MD5
4801be8e10d90b7f116bd5c0317aecad

SHA1
7aa7b575011fe38f6e33fbec98e8c92fb1b26957

SHA256
925fe993dba774b69b734410aad20f58a2c95eccaf7f0662abcc2e61530e105c

SHA512
069f2aa0e6957a0287753abe91df33b88e87d20879e8054a4896f19382fb3db0dad7676931e1571aa3697f466d01b139c22ec1cfacc12ed3598a14d3ec68e512

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
187fd2c4b1d11470da2906fb3360d717

SHA1
640a9ba271a375f390d9a03b3747a9b119fe393b

SHA256
ffb10238f82b2f8cafa19a415600738edc39826c433dc8ee892a89a256bbd316

SHA512
931a9cb1f3e74f34481fd42198a203180e200febdd3ebf304be68f71b96bb24f0d9bd0e272334a0479b4944d45f053b2ed2f64ae3d8531f7f1dabe42e260b5b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
2fef80a1da1cea62f6756f5ea7cedf4a

SHA1
3e1d4de7d2610dfab24eb144f315ddd989be35f8

SHA256
6c46703636ab8822a471a9c80b6aba1b8a3aa3bc498d7ace66f355c7e4716e79

SHA512
b1996aa61292262220bf15eb3de122222c83fa86a77476587adb54ad666378c693e5b48a91c4ded68bbc423f8c203aecb6399ddcdf3bcccb8fe1c15965b77140

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
40a7b4840a76c70a5bf5925f1d5f9785

SHA1
419fc640faa98d7173b5d77bdcf8deea0c929837

SHA256
d7a343d1f1b5a44bed3ca7b81cff2fb6f32a8ae122d580640bfe541d48caf816

SHA512
a07635f4e223f9e57c6c14c2c29b2bb6db895f4715197d19749bc288822191dd61c63a2776c7212dc54cfa99554dcb0b31039ebb5fe18108041d82e40a9ead11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.reddit.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
5efe408e6fdf7f75a064cafad6304310

SHA1
7810c2dfb2b33e053aeaeadba1359d7354e44c91

SHA256
7c41352e881f928647b0d738caea54031ccea3d1e4b40ca1dc38cc8faf75309f

SHA512
b1b788bafca76dee48e437d63e726fd79c62a35b229d389cab16758cdb4e7d107c41a6c3eb9728b5629a1ca5d6c2046175eb2a3869b34c2d01cbce756da1e5d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
b270b6beab3c502f8acd64ebc9ba2c6a

SHA1
4124a26b411e27c9104016f13312fd5ed0966ab3

SHA256
2b258d293a15a0644f14f0dabaabbd666365c7c21ccdcd91c5983e04c6467782

SHA512
34427e36c64eb4f237d647f114704079b9f7d81c384a17c03f08c2c8bbf4e3ff5704dbf0d4c3872b2a698c4189a0c77d2e4d030d885aadd07f37f61a274edc51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cbf8c66cd3e52284d36be7e2486dba53

SHA1
594a3a9b8e446475b0727c7d70a84d49c12dace3

SHA256
1f9c4f21329d896b0a04d68b013b6cbe9764f35b894dbfb5d7537c8b9a867b3c

SHA512
fd3a301b90ce7124219a60b05f20bf995c84c70d6dff13e52d5010b998a7ba860a6aa916d6bcb17e2c59942edb21ed1c7e9553996a0789bdb1aa2c5b15e18e82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9f2f0ddd4e12b7c7500b1e27b6451f23

SHA1
32b8aa94246ee580fe03e8c064a81f71a1c32766

SHA256
ab43f108d16bb18a2fbf41d6f8ac75c1431bb4f586e27c6cef797fd8c24d2979

SHA512
fb962f85883500ec63a6dd5c35fd65d3d8b3cf43d2faaf328eda34807f46b7ea8928b1cd01ccda3ff81d0216daeceb1956375aadb2bf842ad93eca6c6e29911a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a9b5c921acb718183721f271f3c9bd29

SHA1
e7841de9fcd9b36b1cd97588425973367c0730ee

SHA256
e24e2626e244f222e29923ae71243ee1eca6da003b70180d380e288a09eb3ccc

SHA512
eec42e0cd67f423631ad961e02ea409951535a4e6a18c54a458777e8ef1623f5cab54580b8fa7b7024655f1d6799ab9260cbfee204b61b70fdeca1f91a1b6abd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
0f90c17546f5cbba9fe57702ecf8c1c1

SHA1
a4143397b8bd238bfaed0c27a0cd2db5ed9eac15

SHA256
ce69ede9a6f65ad7f9924b82fb1f97f692d6fc7aea468015e9000b87abf95669

SHA512
9beef781188d41435afe412bc00338f9da6259f59d3c9e5508728dd95a3652b082b2a037c204aeb01864ccef2575f0960bb9a4aa77361128a2144e3a361d2c9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
6f3c3f51cb57e61b0d5fda4d1047e85c

SHA1
c863c456555cc702a447f99874d42a4c2a0fb2f4

SHA256
469bf9153e238d45db3153ed563fdbe30e1b42971f3d7a1e6468fe3c6fea2fa6

SHA512
457af03eae359fde17180824b0c8d1f0097c518f8e9d1a7bd4d69933867e0ce5f13040372cf24d474be99bb7238f06ff8cee4a6e82ff6cdbd2588f4902cc8480

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7d9a2975d63766deadd030b76092d9fd

SHA1
2f571e67111b233414e6e4d080a0b3300754aa35

SHA256
2edc5921c162bbd326b654aed3b9f81d5d1eeb2041bc9c9813dc973f51c811fb

SHA512
92d2ed9f2bfff5c5d54452cbf526700395494c73334df541a423985d1ec42b140c0aa43cc12485a05768731988b9049ef3c616520f3329f4b3ca1e9fc2f05719

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
789393262f3c86d87a10792ded85959a

SHA1
7495818ef28ff5835896fe3d91071fd4a20fed75

SHA256
ee7e92ae9c636fe95cc802ebbf2337af0735347902daab38f84cf7731fc3c63b

SHA512
735f7bd53eaf3933094af464ed31ca9c1c2c27a01ccda3427f7d600ef2e8fc34cb96fb56b802b9241cd78aeb8fd7b8cf936c2e3ff701c59dd4de762b48befff5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
4510af8156bef6ca352a75ce121b86d8

SHA1
c06c3f233a14e32f172123793ea155dee05b5578

SHA256
1c8ad259f4bd5f8b072690d08a26111a3d864d18cacf2badfeda0d6c66f998fa

SHA512
5123cad837a4a6c019c68eb72553ccf9afb31c7c3b4618c4401e4af0a7cfba937f762ce604667073b55a1846d71e82879f26bdb19367f1e4c19c027dc689d154

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59b685.TMP

Filesize
48B

MD5
9f9e6891431b137e5cbe25e515966074

SHA1
1f334e07770b22bc9b73efcbf38494aa729ca355

SHA256
1ed4ff69295493e533585f23669c9c68b67c61e578dfc2fde2954586f31d9ce9

SHA512
92d9de553abcf7c92181bbab1e47f3764ee04f6be88176e5d9c351f68c9a038e8ea85471668934800d089fe46472413fd4d32a7d15b953b396261d548ac779c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
e8da1906900c413039cb78b331b8d222

SHA1
70ca7c662d0e40f288be61ad4d348bea2968ca6e

SHA256
5176d447c6045e78662613185d7d92b7adcce9ee7c487e504586ec7583fa19d3

SHA512
3810abf954220fb8e51c9c68ccdb97ba0f28e9647b17950daf95e1c52dfe01077818b4c7718dcbd2772a3a6bc886706ee878995d85371456cc25c9850864d559

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
e66c4e7d7f5a9ddf20d5d65e275132bc

SHA1
f9a7084ee0c5e5709bab918a92bca598eddbbccc

SHA256
9c47ac9b082469578d979ad3a614641304bdfb93e81ff14bb8021902c04d8dde

SHA512
d2f9fb5d798d4d77795741792da2e3d25d8ff98dc0bfa2aaaaa729891b40d6d4e7c01e7dc19b39228e4ea74aa724c7140b71e236ce828a6242b8bee6b274fb59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1b92ef505b5fd56c91fcc5bac136eaf3

SHA1
f8425b160c3d4d4e4510bf963e18d58f4243364e

SHA256
14642735b8f0a2d204831b9cc75e25f5f906d55cd4043f373f97666696d46acc

SHA512
1340451350c73fbc7a77e87a81bfc0656f47b35de1822ca2d7276468a6b0078f92d2b5c5ba060805161ad8977b722043b06ad348678e3ff27c52d05054de6e5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
88cf1626ec221ed8d28c78e36ae08f5e

SHA1
5310384db2f9e2b09b428a25c57ed83b94032a17

SHA256
96c831c3e4707c32a8bbb80cb9a78dd33dd54fe6d677b2c0caac6c994a7988de

SHA512
1cff01ee1a1f2af6da50914f816d99421d5f8e5f8891634b352a3834faaba6cfc71d647c2ac05b2b53d913d3c71fde72f5be224776b5d541499ecc165f708126

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
907f294aa622470e905671a5316efd58

SHA1
bfb196e88a152992ee501a3b6cb114b2fb9bb821

SHA256
07e7357511d7b288a8a11c0c8e11e976d985a364fcc01c3fc39856fb9e9ae45a

SHA512
9bd677ba25f15fd395d9965a50be965010b9fb2a6f588577ad05329044b7f858e1e25dd9a36183713fd6c665d9f83297a3a298332aec0579f830a912d35f4547

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ea013e16680a7838a08fd59285187081

SHA1
9cc246afa691c928233d3207845441ee07ae2248

SHA256
3220cb94f5dbd6cada1bab295e7ada73889bf20194df05e12715dbdf3c6aba97

SHA512
954e412ad9da5605563d090530331aef70a80da19f197a5979f45fda691b30acabf81a02e4469aa648f165a5fc21030bc3676d0e6d10e0b6e0e595533e9f3545

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe598979.TMP

Filesize
538B

MD5
2a463b93ca0e1edfb34a677e87668dde

SHA1
c0c3369c61cd3533355f23ed0363516883cdfb67

SHA256
35ae4d73aee3dac0577aee1fbe52cce65818b3926619c98faf74d93cff29308d

SHA512
283ab9c4ef835ed564dfa0c1928ed08dfe32039afd8e81f1cd60dea9cbf36facef5defc22aacec5e6bea72599cfef111fbbe4f6d641e15121f83d0cd9374ccd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9339b7bc7052af3756518a72855d463f

SHA1
4bfa26cb433b06f36601069cc734ad46512dbb59

SHA256
1d7928144314f023b3a86441d4551d5c3998b95433678b9367ab18be3148a2e2

SHA512
8cd36c31c69f2e9c15a13edd09344f750ddd97deffd0e554c50f189c9ddc5e71f9ea96259e1286d13ca033944e9d5d4c9f005d49ee7246de17c107a5beb6aac9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
1ab90e6911fd8bc2fb88751726bd630d

SHA1
8b5b984808d1696e22e5e14ca27ff8a0ca09533b

SHA256
e0cd8cbd15756fbae6116ff1c60eae8724f38d6d1684078c842464479c00564f

SHA512
4df60c8c90e2395a3845de60c9575a3b9f49f8be6c7c0864c7deebdb831d916ed7ee66913d3a86a876ae47cecdb87bbff44aa0afed86f34fa13a66b9404ee5bb

Download Submit