hxxps://drive[.]google[.]com/file/d/14-81X_Cc7mhuSCOB9omV8pBTvhkYX67d/view?usp=sharing

Analysis

max time kernel
149s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
13-09-2024 23:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/14-81X_Cc7mhuSCOB9omV8pBTvhkYX67d/view?usp=sharing

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
1	drive.google.com
4	drive.google.com

Drops file in Windows directory 5 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133707447126504587"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 735702.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Computer.bat:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
3972	msedge.exe
3972	msedge.exe
4368	msedge.exe
4368	msedge.exe
856	identity_helper.exe
856	identity_helper.exe
1172	msedge.exe
1172	msedge.exe
2520	msedge.exe
2520	msedge.exe
400	chrome.exe
400	chrome.exe
3988	chrome.exe
3988	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	400	chrome.exe
Token: SeCreatePagefilePrivilege	400	chrome.exe
Token: SeShutdownPrivilege	400	chrome.exe
Token: SeCreatePagefilePrivilege	400	chrome.exe
Token: SeShutdownPrivilege	400	chrome.exe
Token: SeCreatePagefilePrivilege	400	chrome.exe
Token: SeShutdownPrivilege	400	chrome.exe
Token: SeCreatePagefilePrivilege	400	chrome.exe
Token: SeShutdownPrivilege	400	chrome.exe
Token: SeCreatePagefilePrivilege	400	chrome.exe
Token: SeShutdownPrivilege	400	chrome.exe
Token: SeCreatePagefilePrivilege	400	chrome.exe
Token: SeShutdownPrivilege	400	chrome.exe
Token: SeCreatePagefilePrivilege	400	chrome.exe
Token: SeShutdownPrivilege	400	chrome.exe
Token: SeCreatePagefilePrivilege	400	chrome.exe
Token: SeShutdownPrivilege	400	chrome.exe
Token: SeCreatePagefilePrivilege	400	chrome.exe
Token: SeShutdownPrivilege	400	chrome.exe
Token: SeCreatePagefilePrivilege	400	chrome.exe
Token: SeShutdownPrivilege	400	chrome.exe
Token: SeCreatePagefilePrivilege	400	chrome.exe
Token: SeShutdownPrivilege	400	chrome.exe
Token: SeCreatePagefilePrivilege	400	chrome.exe
Token: SeShutdownPrivilege	400	chrome.exe
Token: SeCreatePagefilePrivilege	400	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe
Token: SeShutdownPrivilege	3988	chrome.exe
Token: SeCreatePagefilePrivilege	3988	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
3988	chrome.exe

Suspicious use of SendNotifyMessage 40 IoCs

pid	Process
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe
3988	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3348	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4368 wrote to memory of 2072	4368	msedge.exe	81
PID 4368 wrote to memory of 2072	4368	msedge.exe	81
PID 4368 wrote to memory of 2384	4368	msedge.exe	82
PID 4368 wrote to memory of 2384	4368	msedge.exe	82
PID 4368 wrote to memory of 2384	4368	msedge.exe	82
PID 4368 wrote to memory of 2384	4368	msedge.exe	82
PID 4368 wrote to memory of 2384	4368	msedge.exe	82
PID 4368 wrote to memory of 2384	4368	msedge.exe	82
PID 4368 wrote to memory of 2384	4368	msedge.exe	82
PID 4368 wrote to memory of 2384	4368	msedge.exe	82
PID 4368 wrote to memory of 2384	4368	msedge.exe	82
PID 4368 wrote to memory of 2384	4368	msedge.exe	82
PID 4368 wrote to memory of 2384	4368	msedge.exe	82
PID 4368 wrote to memory of 2384	4368	msedge.exe	82
PID 4368 wrote to memory of 2384	4368	msedge.exe	82
PID 4368 wrote to memory of 2384	4368	msedge.exe	82
PID 4368 wrote to memory of 2384	4368	msedge.exe	82
PID 4368 wrote to memory of 2384	4368	msedge.exe	82
PID 4368 wrote to memory of 2384	4368	msedge.exe	82
PID 4368 wrote to memory of 2384	4368	msedge.exe	82
PID 4368 wrote to memory of 2384	4368	msedge.exe	82
PID 4368 wrote to memory of 2384	4368	msedge.exe	82
PID 4368 wrote to memory of 2384	4368	msedge.exe	82
PID 4368 wrote to memory of 2384	4368	msedge.exe	82
PID 4368 wrote to memory of 2384	4368	msedge.exe	82
PID 4368 wrote to memory of 2384	4368	msedge.exe	82
PID 4368 wrote to memory of 2384	4368	msedge.exe	82
PID 4368 wrote to memory of 2384	4368	msedge.exe	82
PID 4368 wrote to memory of 2384	4368	msedge.exe	82
PID 4368 wrote to memory of 2384	4368	msedge.exe	82
PID 4368 wrote to memory of 2384	4368	msedge.exe	82
PID 4368 wrote to memory of 2384	4368	msedge.exe	82
PID 4368 wrote to memory of 2384	4368	msedge.exe	82
PID 4368 wrote to memory of 2384	4368	msedge.exe	82
PID 4368 wrote to memory of 2384	4368	msedge.exe	82
PID 4368 wrote to memory of 2384	4368	msedge.exe	82
PID 4368 wrote to memory of 2384	4368	msedge.exe	82
PID 4368 wrote to memory of 2384	4368	msedge.exe	82
PID 4368 wrote to memory of 2384	4368	msedge.exe	82
PID 4368 wrote to memory of 2384	4368	msedge.exe	82
PID 4368 wrote to memory of 2384	4368	msedge.exe	82
PID 4368 wrote to memory of 2384	4368	msedge.exe	82
PID 4368 wrote to memory of 3972	4368	msedge.exe	83
PID 4368 wrote to memory of 3972	4368	msedge.exe	83
PID 4368 wrote to memory of 2036	4368	msedge.exe	84
PID 4368 wrote to memory of 2036	4368	msedge.exe	84
PID 4368 wrote to memory of 2036	4368	msedge.exe	84
PID 4368 wrote to memory of 2036	4368	msedge.exe	84
PID 4368 wrote to memory of 2036	4368	msedge.exe	84
PID 4368 wrote to memory of 2036	4368	msedge.exe	84
PID 4368 wrote to memory of 2036	4368	msedge.exe	84
PID 4368 wrote to memory of 2036	4368	msedge.exe	84
PID 4368 wrote to memory of 2036	4368	msedge.exe	84
PID 4368 wrote to memory of 2036	4368	msedge.exe	84
PID 4368 wrote to memory of 2036	4368	msedge.exe	84
PID 4368 wrote to memory of 2036	4368	msedge.exe	84
PID 4368 wrote to memory of 2036	4368	msedge.exe	84
PID 4368 wrote to memory of 2036	4368	msedge.exe	84
PID 4368 wrote to memory of 2036	4368	msedge.exe	84
PID 4368 wrote to memory of 2036	4368	msedge.exe	84
PID 4368 wrote to memory of 2036	4368	msedge.exe	84
PID 4368 wrote to memory of 2036	4368	msedge.exe	84
PID 4368 wrote to memory of 2036	4368	msedge.exe	84
PID 4368 wrote to memory of 2036	4368	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/14-81X_Cc7mhuSCOB9omV8pBTvhkYX67d/view?usp=sharing
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0x48,0x10c,0x7ffb9b7b3cb8,0x7ffb9b7b3cc8,0x7ffb9b7b3cd8
  2⤵
  PID:2072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,16325009937995012877,15778771808280672559,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
  2⤵
  PID:2384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1936,16325009937995012877,15778771808280672559,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1936,16325009937995012877,15778771808280672559,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,16325009937995012877,15778771808280672559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,16325009937995012877,15778771808280672559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,16325009937995012877,15778771808280672559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:792
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1936,16325009937995012877,15778771808280672559,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5624 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1936,16325009937995012877,15778771808280672559,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,16325009937995012877,15778771808280672559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,16325009937995012877,15778771808280672559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
  2⤵
  PID:1160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,16325009937995012877,15778771808280672559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6248 /prefetch:1
  2⤵
  PID:3256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,16325009937995012877,15778771808280672559,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:1
  2⤵
  PID:2360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,16325009937995012877,15778771808280672559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:3312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,16325009937995012877,15778771808280672559,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:3392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1936,16325009937995012877,15778771808280672559,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2644 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2520

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1932

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4916

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3348

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb9654cc40,0x7ffb9654cc4c,0x7ffb9654cc58
  2⤵
  PID:3432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1940,i,17726569752355841385,17825022159508936213,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1936 /prefetch:2
  2⤵
  PID:1612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1648,i,17726569752355841385,17825022159508936213,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2080 /prefetch:3
  2⤵
  PID:3476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2204,i,17726569752355841385,17825022159508936213,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2216 /prefetch:8
  2⤵
  PID:3212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3088,i,17726569752355841385,17825022159508936213,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:2548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3096,i,17726569752355841385,17825022159508936213,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:1032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4460,i,17726569752355841385,17825022159508936213,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3564 /prefetch:1
  2⤵
  PID:2136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4740,i,17726569752355841385,17825022159508936213,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4752 /prefetch:8
  2⤵
  PID:3460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4604,i,17726569752355841385,17825022159508936213,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4904 /prefetch:8
  2⤵
  PID:3552
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Windows directory
  PID:4720
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff6a40c4698,0x7ff6a40c46a4,0x7ff6a40c46b0
    3⤵
    - Drops file in Windows directory
    PID:1564

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3192

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:992

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb9654cc40,0x7ffb9654cc4c,0x7ffb9654cc58
  2⤵
  PID:2988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1928,i,8755501429105008805,12524437219789136179,262144 --variations-seed-version=20240913-130113.518000 --mojo-platform-channel-handle=1940 /prefetch:2
  2⤵
  PID:404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1760,i,8755501429105008805,12524437219789136179,262144 --variations-seed-version=20240913-130113.518000 --mojo-platform-channel-handle=2144 /prefetch:3
  2⤵
  PID:5076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1976,i,8755501429105008805,12524437219789136179,262144 --variations-seed-version=20240913-130113.518000 --mojo-platform-channel-handle=2372 /prefetch:8
  2⤵
  PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3084,i,8755501429105008805,12524437219789136179,262144 --variations-seed-version=20240913-130113.518000 --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:1524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3092,i,8755501429105008805,12524437219789136179,262144 --variations-seed-version=20240913-130113.518000 --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4436,i,8755501429105008805,12524437219789136179,262144 --variations-seed-version=20240913-130113.518000 --mojo-platform-channel-handle=4376 /prefetch:1
  2⤵
  PID:2744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4700,i,8755501429105008805,12524437219789136179,262144 --variations-seed-version=20240913-130113.518000 --mojo-platform-channel-handle=4724 /prefetch:8
  2⤵
  PID:2832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4852,i,8755501429105008805,12524437219789136179,262144 --variations-seed-version=20240913-130113.518000 --mojo-platform-channel-handle=4904 /prefetch:8
  2⤵
  PID:548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3412,i,8755501429105008805,12524437219789136179,262144 --variations-seed-version=20240913-130113.518000 --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:4068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5008,i,8755501429105008805,12524437219789136179,262144 --variations-seed-version=20240913-130113.518000 --mojo-platform-channel-handle=4376 /prefetch:1
  2⤵
  PID:5008

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4200

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
- System Location Discovery: System Language Discovery
PID:4972

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,Control_RunDLL C:\Windows\System32\srchadmin.dll ,
1⤵
PID:1708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
8c70a081513b9b6b57176170ad4631f2

SHA1
1fef79c42e99fcdb28e4032cc189ae07a043bf23

SHA256
da3d4c9598cc59f71715904a8aae6fe3caf08f8e6230e086e6a63d7c44036c85

SHA512
14a64ad5052b86ec163da43beb47044818da8742db259eccbdb2b98f9bdd211717bd73367dba1f5c229f6470c67d3af191ebbd63767d045a3eca446a7a25a478

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
a9e0eddfbd826fa462eb916974666355

SHA1
911f2798962b3848d9b456a79584d88ae6f5ad90

SHA256
fc881bf7eeaacb3dfbf75485e5138d11358eac58d16e742c76e59379c04e684e

SHA512
dd84a90557a850e9f5d858116c52a8e8908e0da77084dc94f1e212607141a39ff8e02e342f214bd74516de680eba1ecbef9dedf38636d1bb34fe32253dad8380

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
8f69a75c453af76fce431d40a3e1d664

SHA1
6d6ebc99a910b5c10534d0cf797221112548520c

SHA256
992d2738a67c3e0fc45195481dbb0ee2c9a519c7dc94eeadc30f170aa577e382

SHA512
965be0305f593508f1d7ff71331fe3bc13ab51eeef71f2865cac88762a3956a789d87979f4e301527fa2b4a3c497d0d7c3456d22ea8f8162a926e825ff52e907

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
9088a4000b559d0c8024d862c3159f6f

SHA1
38d73aea9dda0e7e3ade1dacfaa9c4b8560fbd27

SHA256
075bf7149d60e96c813082740031374613ba7880a0c0d8b132c09e7e323d01d7

SHA512
16e56309a4b81016784517d50455a2a8a85245a39688720e61ab678abb301f5d9224ee338342286629e89a40e7d269c35bed0243e6f598fbacbb1fa3895d9549

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
a5c43e17da58cd0fd8108cfcfd9884eb

SHA1
3177db70d86d283d6ca43d447de3cde41f1a058a

SHA256
577d06fe2af4e22879ffd65d7db6c169ffc90707f89f9e7649ce57354e2112bc

SHA512
9f54ac16ca3d076427c08a4dbe138e1459569c994f155e9c1b0a603398fa6b74240031797dc64a32557ca28b64bf00819f8c93d7e8a0e0138cf90bda2986cd61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
212KB

MD5
08ec57068db9971e917b9046f90d0e49

SHA1
28b80d73a861f88735d89e301fa98f2ae502e94b

SHA256
7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

SHA512
b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
317B

MD5
b505413fc252c670821a63ce6d796099

SHA1
3c9affac49a813666d7aa63769384cdbd79d6195

SHA256
773c77cf3adde9fde541ddbb51daecebc79195366c69a3cf0a5aec2e6e5aeada

SHA512
4a6cd1cc5af454e7bb7b44f6d806aa1aceaf3e2c8844c4b789639c9245821b4c1ba9c5d80431610eba9d7ae6522f803f1175331577e126aa3402ba7ef688762d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_0

Filesize
44KB

MD5
ea744d185b19bb58de6c50652691b1a7

SHA1
13ea002b27bc1bdef7cfb9676c52058d9256e449

SHA256
d3176a0d3bf19db42cb1c35b6354c6926ba55f7acceefaaa049c00828c2b905b

SHA512
9a6a1e4eb36372ffcebd03ea7ff5e8bfe03ceebefa1eac62e827deb723a8689eed5800301a18e4dadb03851a3929fd46b0b9a30bbb02836c48d37a75fd7b9ca3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
5ddfe31f7a7a7e0f271d61b716280d57

SHA1
772af28b97a03297b9bd56e7d725dad7a6359f5b

SHA256
2f9cd3efe086149a967bca308b6d447ac8caf2aebcf3dfb98754f12c47bae124

SHA512
8dbb0188c615b1818d5837059771dcbed72419e8c5f12408919d4919700316d86267ca5f3c9b914a7f16256a2af57b42ec200428a3c65d788a101604a15ee4d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_2

Filesize
1.0MB

MD5
52bb6b1a8d9db924fcb2ddb45668fa72

SHA1
12996023e66ef0ae44d4e8a36c5d6f1ec78a85e8

SHA256
ae324698ce5ffcd56026f3de4c29ed754e9706f1ae1029a0409b4a3998128b52

SHA512
944d29fee61a718410e5a45bb55008dd2a7b9107380def625768c849b31c325c9592795c53b7d5818e883c791d7c6e271c1691ae0805c557ab9f1d0c2f9c36f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_3

Filesize
4.0MB

MD5
cfa172a650b84b3abdbcc47097ea7b57

SHA1
5b45943b506c37225942826c102fcca6bb743847

SHA256
74581baa80a130006b3dd5628aa4845b20089bb80a5c5710c459e2708c95b038

SHA512
fd8626ec91e0b48a17bfe1bbf51ff8419717f631109ea2ca39b908dbc06d7628b4ff5d861bee7bc2070685c59a63c9c3759db1cb589299a0cf430a7d3b5dabfe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
329B

MD5
1e7c69e24a09599b00a96ac4ff63e9d7

SHA1
a387de09b2b7458e8ccd9dea188d5f6128d9eba6

SHA256
a3fb4de48d86217640e783894d82235e0a61b2ada98ea60704d0338d3018397d

SHA512
0de1b232a0379b04438a605f5778e174318128b7ef200da115ba95efddec02ad6812549ea56387642ae59ba07a3d1b9ad0eba426af02ad53cbb727e08a314e3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
0a372e7a2d6f234e8e91fe85681d48bd

SHA1
fe650855cae4b85f772f312c258e66214bf04a38

SHA256
2a878bb1d4f3c070f617633427e1264b4a9d4a6bca78ab1c81e63deb165a30d1

SHA512
8ee945574d6bd95e79891ab1f884cb7b028016b7274d2225416f99c503ce6af9dd5b5219bb09c86cabfb778ce0bc74cbd1512a4213f6377ea9ad8e021f604aac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
fc3e915ec5c0a60132e16bb82cb09443

SHA1
23c7cc38e2346ccf4818327e65737a8fe9ab2f86

SHA256
a33bfc86abce96134a60b1263e14681f902e5672716ad4831c260ac6bdc0113d

SHA512
f25a22eb753987b02e5269f94a65107a506bc031e2315629ff47755f2602d51f6328df42bad0ce160b3b75cac9636958b04fc90504dd1952b826f9ac08538d3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL

Filesize
36KB

MD5
c5f8cab44b5a40803f52fd48c7574b6b

SHA1
046eca0581e01a96fb01032089c23f38bd45f7e9

SHA256
a588b840e939c19b8ad27f799307b1228659cf65c5002a0e47d48ee80c8128be

SHA512
b643cb6cc2fc37058744efba11f7068e1759533e0e39221c04515e7fc96e1d03b9e6918f5cb6f35090c9899cbd804b1b39813838c7a462cfac5ba88d5cca5a7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
352B

MD5
631ab033a5a1bc82fb8a6c7b37c97c1c

SHA1
b9d8bb89914b1968b3c0cf00026b7f6adf8c31ac

SHA256
2d95fd379c0b691042bbf03bc6f76b59e8deb01508e9a34942480cdaa400d710

SHA512
6e7b04d7dfd5a62de29aeab1d36d6604b9023fcbe0d92823a59764f7f02eadbada25f49a2b5afbf822e663a896c8157d08e40c61e3d6dd71b4874e5a711bc3d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
352B

MD5
da5afa78f88637a5f0dbed0f6882aac9

SHA1
28e1c64368b5a4cdb1d545efff60e0ee9feb314a

SHA256
39d45ebd43f1d8b80cc35e7226fcabe590c47c152ceece0cbe9ee88c92ceb9c4

SHA512
aa392d862c64417eec111eb93ac6cc6eb45a19a3613dcb6d07e2480d3cd288ef25b8a0bf5c95132697baa6dd13ee0c19531b13850c33e5e729744015c78cd9d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
14bb2a9b701fedde6d05fbcd653e56d7

SHA1
3b2146cfbc6b4b1f36cacd9578ac33ebbeb72e39

SHA256
c5e8d21d2d93b0e2542322e09e058cd9146cc04af411f0516f0630ee88df4c02

SHA512
bdc006b67e8451848b66be427af3058fdb379a635731d0cc3d75bef87b0010ad4f004f5755f0baf656a62188865f7d0a698ac225a18bf17992a4d59cd0df10cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
47bf207e61c4f17c7173a385dc0689df

SHA1
81c67d03f52cf73ce95efb6d54eeb203333f0a14

SHA256
35076bc7e4bb69368cb8e5d3396b11c7785cc27d35a101254de4910ab10e0a1a

SHA512
7dbcba4001c61fa29403e01d727c934b27572385d788a66813dd8205bcb35b9ab95b5dabf4cd0862711fef70eceb552a4dc11d1d9b9e3a4316c254e759eae94b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0e96a86eb0d51fac5a13c47f79ee13ad

SHA1
ea13b43407dd2d2fd20d6e66c36dad2fdad3439a

SHA256
163b48835ee57afdd92e6159433d9636d2346554111ca50daf76ae5f0024cb9f

SHA512
516bd0fd81408db12d01df093f52e19ca6abfc772c694b121b248d9106c787fbe1a29ddfdca63ef899731069a566175c93e480d024a6ac4e7441f42f528516e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e46a2b298541b15324e7d572db1f0bf4

SHA1
3f65be19a6668c1cb3f954034c4ee89c84c05396

SHA256
2a1bde4ca918fad2467a61407dc9967628999d40f5a8a71bff84978342d9787b

SHA512
bd6b084ba49fb3bb46108df7f41ce957a1567861b8311bd1fc65d0cd5e1cf7fa586c0d479761755e62e2ce68da4037d29b611344f44a8253f9cb46df549ede87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c962108252cb23447dd0fc871837f730

SHA1
4858c59a488d86b12ba9dd266cfd1cdc8336c5dc

SHA256
aa5b3005a37af7f86420eb21efad06a0e35b519a0ce45701d694bbe05d05d1b0

SHA512
824a97724b315a8ad2c9703f9bf830c88d83d29eafebfc03cee857d9e80c7a9ffa2d196f6342b3bab85caf7205550223f194b555748afb9def54f5991e9a9c67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1af233f16b48601fec703c26bdc21180

SHA1
3f69635aa241e3fdfbd2332a6af9f3f578b5e956

SHA256
e9b478c0f55f360fbacea4b762eb7a36264eaeab3bfc59e57faa50b04306c31a

SHA512
d7154fe771eef39a1b6f243c59c78f140d6319dbd431a4b1f8b7512dd1e761d9ef3d6bc621d7a486dba5be2662384f42e8d29f8909842d6cc7bae93673b92ee4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
398ae2fa052fb460c8e0c6e8bbe02f5a

SHA1
17230e0a08b9a69fe00fc6a30b33fe86a603df43

SHA256
614ea71b9066f4655bb87e04e48766b20fcfe4fe4e29b44dccd4755a0fc57c45

SHA512
518d87091e8fa11b99c3be66460e851021c7a541d2732ff3442a20afdc360ac23496fcbb9efd1ccf699dbbe9d8e3bdeb2189c2f5dbd08e9153553fa3935267b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
58884c67be0d1aea92e2a4936e612eb9

SHA1
01a6c6f0fccde1d7a9c6b284781968490d9f0728

SHA256
796244b01c2b77c779b19d2fae2b4d2286552e4131f289a369a4513a98537ae0

SHA512
8fd966e58dd69149be39bea5a491f0cbb1c4260a116a5167b8a251a0c629775f6d745351730f36ea2dc72f46103c3ae499abe3cceaf9f1fc0b13c31b3a5b4e1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG

Filesize
333B

MD5
0dcac9a1c53f431dd542c8d08e43ad4b

SHA1
50e5267fbe40644293db3557e977eb1df8b6266b

SHA256
36dbfe86fc6688593f7f558f146a9bd6a89593959f33a9869d613a94c1079e48

SHA512
d383841d750120b897fb7913e841f7e9ea1cdc2b31184c9730131af41592928c8f32572d0605d44d6f91d69a3b2a18b8d06dc3b08892c04700dfe09ceb05bdef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log

Filesize
327B

MD5
a66efaa590a0d16b1874a35836ba0a4b

SHA1
bb750c61e162420271f89a90f2b58f43587680e1

SHA256
b9ab1ed7609e2254b7d4fb655b57b21b2be601646c4ff0b207c411e8bdd9e654

SHA512
2b1ea0c798b69b360ab1546d14fccf7d5f9cb224b31bc8430cdb956c8cc570a086e4cfa10e6a843292deb862f4161dfc9b9abbc44afe397ff0ec9563646ff7a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
317B

MD5
0047c00f0169a13abc36ff1fc46422da

SHA1
117f93446c09cd71cc8a2ba902a23ad7343fc2d7

SHA256
4f0981fd44f518f000ff00ef0d5b245954420b68061760b48f05444b55edf1c6

SHA512
c5f7752499db05940a6cfca52bfca52b016e483702006629171876c2b6e04767dd6062b3d7d07434f6a2c3fe4110375ea63205e6843ecaf24eabb092935e26df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
345B

MD5
b3e2980da934321e7cd11485f9f4c392

SHA1
9ae4217827fcec58a24eae09d02cae31b1659b73

SHA256
368de7c0966aab4f8440a425b601504f1e6ffe95afadbdddd3c8e1d29e25e9b4

SHA512
11340d306eb654340209e8212866718f801137c69a2d2b37d79529a0d401bd9032dd872f482425090a1f29cd89ecae3d51cc5393d399c9da17b4aea8b8f17bac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
1467ff670b319afbb1138779d20cd2b3

SHA1
fb633b62af1fa2aa35032879fb77417428c52886

SHA256
5b5dda801c7cf80c4dc0afb1fa0153568694ead7db0ef7309a54eeb74ec74744

SHA512
d7c44282f46c90629db1e73395bfa54bf85ba8823dae718034c8734d4504e1bab4cf01d3c9625c85bcfd496a6a7f2aee6712860221a717a39fea462ded30d68f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager

Filesize
40KB

MD5
fdc8d4aaa2055bd5042d2468ae139a2b

SHA1
a5c4e0f522496352b93d6155a3eaae4e997d64cf

SHA256
19da013b2dce8d1a193340b24a1bdb46408216ba32c99f830a07e66e6980d9d2

SHA512
9f87cdf00b75da2b26a45fe893f19c7a46b40dcd8505efc89b7fbdeafeae2499773122357d18362a5a0d580edc77aef22525e109033f7ef5bcf5310d452905f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager-journal

Filesize
8KB

MD5
11d3ac2c9a9937d5237688dd0eeed7a5

SHA1
5effb890c61a336cbce993eea0352c6a9c1cf0e1

SHA256
3337b599919b7c68713e7c46050b934e20b0b0b7b7100a3d9944905e5367682f

SHA512
a6d1ac2339dd7c7683feebd4c34cadc280c32aedafd1b196110c84780f6e34384dfc5428431d670ed2f2d75ef5dabc7b9b5f775118bf45899090dfb2900a2394

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\ce7c04c6-55d9-4e34-8879-40cc4ad6de4c.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log

Filesize
18KB

MD5
eaaf7f4c8326078ae382446c73cc30de

SHA1
75a9e6065b8342cdcac727546077c94d2feb4a1d

SHA256
ed2d3834bb3f835be9d993ace2894718acd668c0e2a13791ac5e706ca2ec57a0

SHA512
a753f9f9682a707d2f0e20fbd76908cd58267b6edcbb8a1c317a08eec63b1be72935b3ef0008699831363ab2f4b871da1878c77d73a61604b4ffb861f828b0ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
317B

MD5
b0625c7f0138d7ce3687385c2808eb9c

SHA1
1ee8430dd5762a1c6b13a92411f6c7bcc941307d

SHA256
e457e1048b1db1ac54af039d3522e3d3d0c370541f527cbc8fffd3cff9c359ac

SHA512
68c47de7fa0d8b6151ba3df67dbbc07e0d6c52086d1fa3cf95ac2102bd97917901dc2bb3d8ff6ce8e6a975623f0bd40a02cb8a68ea49aa6ffddc0fc9433cefe3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
1KB

MD5
3cef255202b8a20fec7f8d56f34eec39

SHA1
1614743d99c8db371a4ac15aa81fc57a1080aacd

SHA256
c1c02528344942c0bc1887ff892164cd7f8cd174600fc4439fda66f9c2188f84

SHA512
a9a59cbcf03f4e0080f27d3b5b593b3ee9142a48b6579da914c01c8a88a6c50d8e37090dd966f58ace4e0370a0a5e70a982ef6df16979e74572cd8127995ff45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
335B

MD5
a03ed01eac8f15d0a2fb452c653be237

SHA1
b53b8a75cf5a7a66f7264a63404a44bd0e3d8327

SHA256
24bd61ca22b24b05c17bf208c36e30345ecf9db945f5865caa7f24e6dca3b542

SHA512
c88d0cc657328fbfc3de7ef3ed9b3624232767fc292a2a6b516aec45ad570619a7ad3cfe0584d21cd5f6c6c0c496b2a0f7aec44fe92b7308de69bd4c785aa399

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0

Filesize
44KB

MD5
c6f22cd89b7df339c282b1099f4b77bd

SHA1
2ff31d1ad1eb9251fc9bf8c07e8f4f772e71c646

SHA256
c4b07556d3f28651fa855aa77a093e0f17da714b740e897386b52a8b2c12acec

SHA512
6eed9fd2086d9d440cbdadcb0fca1d82ce3ff43a9a0d5d4bdcdf957a3e81016913153b5b5b1dde806ed68c0783d8b9efd6a2bfc84860d42343770b359ed3c005

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
544f22580ec619ec602356912c58a073

SHA1
d63b3a422f6ad64583ee9a71547694752b2d66fb

SHA256
16752275c67eddb0c9c0adca888a3cb0b963a4f7675bb20bd6f5704dc985383b

SHA512
24e1b13ebd14238a34ca91090e4df82099daed42d4dd6f187bb6b0ef2247bc79c2e77c49a7cacaa720e5fc41cf64a0d1eba91dea002100d2dec93e3a6ae6a833

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3

Filesize
4.0MB

MD5
d12c11d8faa05ac9636d1b504913dc2f

SHA1
f17f405f2f3852a46bba9ad6cae2fc05b311d2af

SHA256
d69f72cc9e6b13a970886723f25bb9f893c25cde00c213d5abf53958dfba479a

SHA512
07569eebaf83a710e506d9b0a2405acce753aa9e7b9defdb24d60a98c550c67da779d8d441124248587b62fd8e51f890251f56d29c068765088bde393aa9ebbf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
ef48733031b712ca7027624fff3ab208

SHA1
da4f3812e6afc4b90d2185f4709dfbb6b47714fa

SHA256
c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99

SHA512
ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
112KB

MD5
6018ef1df815cf67dd1c1b9de790fdf9

SHA1
c684884a7bc7d86f5eec5ac7296d21ea9796a159

SHA256
a71a993b0fb1cf3c2fb1a56462409de059e3f75cc4ad40881de201308f0cd266

SHA512
fec1c7bfc1d60ad6d574c3be2bda62aa0e93deab392d026312ea702fc678492fe84c325b359c2f324d6488e2a709a920ca50c4ec2a80c1d07659374daef2f95b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
208KB

MD5
1e984ab02536516eb7ce1db4976b84d2

SHA1
8cf32e90aaef28ba69e59b1ddafaf461a227eb63

SHA256
912c29fb1f70d57664410c04998e3696501985ef1e4ea776cb19710e3caaf24f

SHA512
689b7ad939f6d7d3cde465bd8a006990ae56914a8f3eae2eeb9a7557d64c0adc49b0d7ad4b76093499a7678866f7221ababfeeb0981c4146d6d411c8a20b8e99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
112KB

MD5
43e06c353c7d849e45cef7b90ea2211c

SHA1
da5549c62c5060bd0a1fa90d56ec76f05f4e8536

SHA256
d5467cdc077b1246bd8d224d78740f9d9f9a8b26f0c42e7846d03912741c86b9

SHA512
4ccf39f1cd89f772b425e370ed00f922afb1e803723373f7c3df6d154572e844c00f5980e3c88bfca2d82a200edd9685685f8dfdab45eec6e70760742c750a8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
208KB

MD5
5acd9a4361b5bfd4bca1141bf247d3c0

SHA1
7cb7855102137ee304d3d960057f562a47066877

SHA256
679e5d6bc2a6a3fdc71817880099632cccdfa2bcfb7afd63142132aea6b9ea2e

SHA512
9447dbfaf4575f4fbf2f97cd912a71d33b1a08d8cfbfafa23136bdad8a6f29392a79fb5983d8f552b5b9726e0b35276dda40732b0617001e12ea606b78a050a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9828ffacf3deee7f4c1300366ec22fab

SHA1
9aff54b57502b0fc2be1b0b4b3380256fb785602

SHA256
a3d21f0fb6563a5c9d0f7a6e9c125ec3faaa86ff43f37cb85a8778abc87950f7

SHA512
2e73ea4d2fcd7c8d52487816110f5f4a808ed636ae87dd119702d1cd1ae315cbb25c8094a9dddf18f07472b4deaed3e7e26c9b499334b26bdb70d4fa7f84168d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6fdbe80e9fe20761b59e8f32398f4b14

SHA1
049b1f0c6fc4e93a4ba6b3c992f1d6cecf3ada1f

SHA256
b7f0d9ece2307bdc4f05a2d814c947451b007067ff8af977f77f06c3d5706942

SHA512
cf25c7fd0d6eccc46e7b58949c16d17ebeefb7edd6c76aa62f7ab5da52d1c6fc88bde620be40396d336789bd0d62b2162209a947d7ab69389e8c03682e880234

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
0a2e04cb81441f1bc20e3b7265ba709c

SHA1
6cae000566d366f4be3f6ddad2d2765268df79cf

SHA256
a37cc2f65664d94ceb0c8a3e79dd292ef9d26504c9f2f7582c1f432eb6e10eec

SHA512
e6771c5ae6dca5abb13032dd71140278ec5e64e5f9248d95d0c54d38f2d9f976f7f966f0a4dcb292035b5dca6ad726b34677747021c9f1b2139ae25700c798a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
e3d468c2eae8d91c865bef47ae677924

SHA1
3712aae67f91bc0343142a18ba0d05346a3659a1

SHA256
cf1cde645b40b953871976554bb4faf00cdc9884d663aa91c94c9823d717fd07

SHA512
3bdf4a89d8c54d143a25901dbfcd1000e9c4044ff196865c02ac08fe2dd49e0e82e40e5bfdcfdb0e45fa9ad29b3a8a2da062b283f86486e44b3f00465ba3913a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a8a08bf6b16e942e0f249a253af90823

SHA1
6a359bd7022225fb2359ef5df80f9590b2b94440

SHA256
97275b869577209395656a59ce992a2ed6a3e46e1b8d1adceb417f0bc06c3acf

SHA512
6aa85ed955ddbf479f23456f10689ee7a905a39a61e54725b8f89baeeba80c29dd215cb368a2b8b2c7062aa01737fb7185786e1a80403849737b51bc40faea43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
60999ea6810f134fdfd1ce945e5ae91e

SHA1
36bac3af869bfaa74fdd41e906131074f49e3c75

SHA256
a863e22dddb103edfaec8329c2074e839aa753750f92919e82dfaf52dc2b5acd

SHA512
76fe694a319a8e7ddcb06877962438a74f49e382469efea9a80178a2e81c785b91bf425a4810d6f157764c58ddc5554dddd2055dbcf7c5db51fdecd5be1e93c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d6bab70c2ba810ae5a1a8130dfe21029

SHA1
5dda41fa5baa434fd68a63bf29d90707a43f4e7f

SHA256
58529c52f0b305b80f2bf9a7ef1708ded6bf78ce7c4a3a3ec5a6042b997526d2

SHA512
00b33c8909283a80734eaddc9c679b06860efc4175825d8b60073520418db5b90c720012d8db8b1cf60a5e99562e8c31c4da8f4d7ada4b418f2351790d152c5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2fb5b52ff0dabea28e3856c6ed3aebdd

SHA1
6ec53dc2715d64168a4e8899c305f8f0866acff2

SHA256
8a040431894ad1f6d78bd9d7dc842810bdd9edfe7ab3dac23d182221dc383105

SHA512
6b5bf95b5e6960c6d77406c9673a2772aab8be53eeafd7146a271cc665a98f4cb098210ad15771d5d45a12d23fd8676114614a6ef4063b586c121531727e8a6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ba822246b5907e421f1cf252f0596a77

SHA1
06ad5067c7301641e50032ff512fcd8920f307d4

SHA256
ea641dfad0a9091bcb26f19748bccc0c0f595445140e48f5b28680065ddbfca9

SHA512
31b429d5dc465580800d4f3a9841543fd0cb3bf6b316bf49e56d0d21b3d214b73bc2705f3286f2af443094aa494c7de53b7877b858635ad7cecf66620a7083c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
bc11a6bdb8642405fbdaaf509a4bac12

SHA1
1500eb137dfd4ea9e64c04313582ea5bceeffc23

SHA256
769fb247acb93664ab72a59748b198bac69fc3062847dc0ad33ac5bee5fd3d00

SHA512
14913e168b390f4ba826f762abff625985f452d6e46c160671db55ee11162d188558a40dc92e283554da7e65d2aa60f975ebeb8641f8d20d3070d65496bb714f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6ca18f5aad87a2b1d47d693cd9b370d1

SHA1
7864155672156dd59cb5d52c94291c6cef389f65

SHA256
552fb8e41fab26b663f68a59ae0c1e9e4ebb492927cb7a64d8f314de2a852f22

SHA512
b66055e91cbd29665c5078d15f892de3f476cda962426836820dcce0b181ae9380acce127b6ac31b7fa1dd09b380603d7d4489f0f2e39581e34409fd5e029d87

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
4d52399020a24c1f6b4254cc7252504b

SHA1
2afe0c8994c64898d5fe16ca68811438ef19b0ee

SHA256
e75a14ce8abaea1788c4361552ef9ef2b86ea02485eb4ad5f8c22c9c49ece3e7

SHA512
a481726d4ef1dfd67a86ae79e16abda87a0f370310758cc8a1bb2516a69557129e9612b9430c0ae11d7ddf72e1afc3375f5649a09bb53febe5cc16718ba976b4

Download Submit
C:\Users\Admin\Downloads\Computer.bat:Zone.Identifier

Filesize
186B

MD5
ba148688fad0948aa962ed1d8fee6bd6

SHA1
060f8251a849ba999c5e390e3eed33316852f13d

SHA256
52cd8163329e109bf67c406795711e1dedf3fea72874c75125f66de5778e5a40

SHA512
f0fb0f9118aacc75b807e242e18977d4be3d96af36efe87ca34a0ebef3d0653713e6635e9556ff84e47a8bde2dade5bbee50fe335f933950e888139385d37f75

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 735702.crdownload

Filesize
53B

MD5
5b87058672880a82251cbeb9ecfd2872

SHA1
82288343fc2c2f6a417044229736b3e20b0d6a1d

SHA256
4a3a3261e6e158841e86f53096ab6891d08d281eae95fda72253c58e17da7cc7

SHA512
cfbc78e775f442095705a46d7c8f3a606eb418e82d50ed86059f9b0c97fe6d4686413c6b4e0054351641f8cfcbbe5bd5235d6a9d00c4b9a792ceda0dd573117d

Download Submit