2b574142c27e20f6fd8a1285772104c9e13774631d3173f2eb825dae4a6ffe65

Analysis

max time kernel
599s
max time network
607s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
15-09-2024 22:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f7b1aaae018d5287444990606fc43a0f2deb4ac0c7b2712cc28331781d43ae27.exe
Size

55KB
MD5

eca370e62443218965eb27b1a61bb7a0
SHA1

4e48d0c38e0a4543137cd381abb38e6bd17f17aa
SHA256

f7b1aaae018d5287444990606fc43a0f2deb4ac0c7b2712cc28331781d43ae27
SHA512

6e0554a49c509a3c1c29f042746d18f924417692f3d4c2e8f55676bcc8bb7574ff3a8d4c131634601bd3da28c7c4ef4282c7002bb2a88a69c40e73aa23d58c81
SSDEEP

1536:qzwshK8pUMGxo0xwwW9VemFMGfpbbVD5ANyCa:wwshK8yMexbW9vJVD5ANs

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

f7b1aaae018d5287444990606fc43a0f2deb4ac0c7b2712cc28331781d43ae27.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f7b1aaae018d5287444990606fc43a0f2deb4ac0c7b2712cc28331781d43ae27.exe

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exefirefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exechrome.exemsedge.exemsedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133709131930314700"	chrome.exe

Modifies registry class 1 IoCs

Processes:

firefox.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings firefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 24 IoCs

Processes:

chrome.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exechrome.exemsedge.exechrome.exeidentity_helper.exe

pid	process
2352	chrome.exe
2352	chrome.exe
4632	msedge.exe
4632	msedge.exe
2660	msedge.exe
2660	msedge.exe
6292	identity_helper.exe
6292	identity_helper.exe
3132	msedge.exe
3132	msedge.exe
7120	msedge.exe
7120	msedge.exe
6876	chrome.exe
6876	chrome.exe
6720	msedge.exe
6720	msedge.exe
6720	msedge.exe
6720	msedge.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
540	chrome.exe
4056	identity_helper.exe
4056	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

Processes:

chrome.exemsedge.exemsedge.exechrome.exe

pid	process
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
7120	msedge.exe
7120	msedge.exe
6876	chrome.exe
6876	chrome.exe
6876	chrome.exe
7120	msedge.exe
7120	msedge.exe
7120	msedge.exe
7120	msedge.exe
7120	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exefirefox.exechrome.exe

description	pid	process
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeCreatePagefilePrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeCreatePagefilePrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeCreatePagefilePrivilege	2352	chrome.exe
Token: SeDebugPrivilege	4460	firefox.exe
Token: SeDebugPrivilege	4460	firefox.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeCreatePagefilePrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeCreatePagefilePrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeCreatePagefilePrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeCreatePagefilePrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeCreatePagefilePrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeCreatePagefilePrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeCreatePagefilePrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeCreatePagefilePrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	2352	chrome.exe
Token: SeCreatePagefilePrivilege	2352	chrome.exe
Token: SeShutdownPrivilege	6876	chrome.exe
Token: SeCreatePagefilePrivilege	6876	chrome.exe
Token: SeShutdownPrivilege	6876	chrome.exe
Token: SeCreatePagefilePrivilege	6876	chrome.exe
Token: SeShutdownPrivilege	6876	chrome.exe
Token: SeCreatePagefilePrivilege	6876	chrome.exe
Token: SeShutdownPrivilege	6876	chrome.exe
Token: SeCreatePagefilePrivilege	6876	chrome.exe
Token: SeShutdownPrivilege	6876	chrome.exe
Token: SeCreatePagefilePrivilege	6876	chrome.exe
Token: SeShutdownPrivilege	6876	chrome.exe
Token: SeCreatePagefilePrivilege	6876	chrome.exe
Token: SeShutdownPrivilege	6876	chrome.exe
Token: SeCreatePagefilePrivilege	6876	chrome.exe
Token: SeShutdownPrivilege	6876	chrome.exe
Token: SeCreatePagefilePrivilege	6876	chrome.exe
Token: SeShutdownPrivilege	6876	chrome.exe
Token: SeCreatePagefilePrivilege	6876	chrome.exe
Token: SeShutdownPrivilege	6876	chrome.exe
Token: SeCreatePagefilePrivilege	6876	chrome.exe
Token: SeShutdownPrivilege	6876	chrome.exe
Token: SeCreatePagefilePrivilege	6876	chrome.exe
Token: SeShutdownPrivilege	6876	chrome.exe
Token: SeCreatePagefilePrivilege	6876	chrome.exe
Token: SeShutdownPrivilege	6876	chrome.exe
Token: SeCreatePagefilePrivilege	6876	chrome.exe
Token: SeShutdownPrivilege	6876	chrome.exe
Token: SeCreatePagefilePrivilege	6876	chrome.exe
Token: SeShutdownPrivilege	6876	chrome.exe
Token: SeCreatePagefilePrivilege	6876	chrome.exe
Token: SeShutdownPrivilege	6876	chrome.exe
Token: SeCreatePagefilePrivilege	6876	chrome.exe
Token: SeShutdownPrivilege	6876	chrome.exe
Token: SeCreatePagefilePrivilege	6876	chrome.exe
Token: SeShutdownPrivilege	6876	chrome.exe
Token: SeCreatePagefilePrivilege	6876	chrome.exe
Token: SeShutdownPrivilege	6876	chrome.exe
Token: SeCreatePagefilePrivilege	6876	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exemsedge.exefirefox.exe

pid	process
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
4460	firefox.exe
4460	firefox.exe
4460	firefox.exe
4460	firefox.exe
4460	firefox.exe
4460	firefox.exe
4460	firefox.exe
4460	firefox.exe
4460	firefox.exe
4460	firefox.exe
4460	firefox.exe
4460	firefox.exe
4460	firefox.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

chrome.exemsedge.exefirefox.exe

pid	process
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2352	chrome.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
4460	firefox.exe
4460	firefox.exe
4460	firefox.exe
4460	firefox.exe
4460	firefox.exe
4460	firefox.exe
4460	firefox.exe
4460	firefox.exe
4460	firefox.exe
4460	firefox.exe
4460	firefox.exe
4460	firefox.exe
4460	firefox.exe
4460	firefox.exe
4460	firefox.exe
4460	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

firefox.exe

pid process

4460 firefox.exe

pid	process
4460	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2352 wrote to memory of 3312	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 3312	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 3516	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 3516	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 3516	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 3516	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 3516	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 3516	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 3516	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 3516	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 3516	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 3516	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 3516	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 3516	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 3516	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 3516	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 3516	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 3516	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 3516	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 3516	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 3516	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 3516	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 3516	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 3516	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 3516	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 3516	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 3516	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 3516	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 3516	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 3516	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 3516	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 3516	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 2244	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 2244	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 4944	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 4944	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 4944	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 4944	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 4944	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 4944	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 4944	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 4944	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 4944	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 4944	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 4944	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 4944	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 4944	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 4944	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 4944	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 4944	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 4944	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 4944	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 4944	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 4944	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 4944	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 4944	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 4944	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 4944	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 4944	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 4944	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 4944	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 4944	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 4944	2352	chrome.exe	chrome.exe
PID 2352 wrote to memory of 4944	2352	chrome.exe	chrome.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\f7b1aaae018d5287444990606fc43a0f2deb4ac0c7b2712cc28331781d43ae27.exe
"C:\Users\Admin\AppData\Local\Temp\f7b1aaae018d5287444990606fc43a0f2deb4ac0c7b2712cc28331781d43ae27.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7fff82b6cc40,0x7fff82b6cc4c,0x7fff82b6cc58
  2⤵
  PID:3312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1712,i,2149009085988726943,8785879183484354720,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1796 /prefetch:2
  2⤵
  PID:3516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2120,i,2149009085988726943,8785879183484354720,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  PID:2244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2288,i,2149009085988726943,8785879183484354720,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2396 /prefetch:8
  2⤵
  PID:4944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3172,i,2149009085988726943,8785879183484354720,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:1800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3208,i,2149009085988726943,8785879183484354720,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4272,i,2149009085988726943,8785879183484354720,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4512 /prefetch:1
  2⤵
  PID:3168

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0xfc,0xf8,0x128,0x7fff7f9046f8,0x7fff7f904708,0x7fff7f904718
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,3989661462611691680,6493110879855845848,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
  2⤵
  PID:1140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,3989661462611691680,6493110879855845848,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,3989661462611691680,6493110879855845848,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:8
  2⤵
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,3989661462611691680,6493110879855845848,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,3989661462611691680,6493110879855845848,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,3989661462611691680,6493110879855845848,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3720 /prefetch:1
  2⤵
  PID:6576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,3989661462611691680,6493110879855845848,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:6604
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,3989661462611691680,6493110879855845848,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3488 /prefetch:8
  2⤵
  PID:5868
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,3989661462611691680,6493110879855845848,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3488 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6292

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1948

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2880

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:4992
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:4460
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1976 -parentBuildID 20240401114208 -prefsHandle 1904 -prefMapHandle 1896 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {87ae873c-0f0b-41dc-8697-205f9fd41992} 4460 "\\.\pipe\gecko-crash-server-pipe.4460" gpu
    3⤵
    PID:3620
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2428 -parentBuildID 20240401114208 -prefsHandle 2396 -prefMapHandle 2392 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {001a4056-7cb9-4984-9dcc-217219043cfb} 4460 "\\.\pipe\gecko-crash-server-pipe.4460" socket
    3⤵
    - Checks processor information in registry
    PID:2960
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3028 -childID 1 -isForBrowser -prefsHandle 3024 -prefMapHandle 3052 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {feba8710-a1ed-424f-8bfa-d3cefa73de9d} 4460 "\\.\pipe\gecko-crash-server-pipe.4460" tab
    3⤵
    PID:5404
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3644 -childID 2 -isForBrowser -prefsHandle 3788 -prefMapHandle 3784 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6242e272-7005-495e-bd12-5236dae43661} 4460 "\\.\pipe\gecko-crash-server-pipe.4460" tab
    3⤵
    PID:5556
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4280 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4372 -prefMapHandle 4368 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {65b78666-08aa-400d-a5e8-3b6dc2c11011} 4460 "\\.\pipe\gecko-crash-server-pipe.4460" utility
    3⤵
    - Checks processor information in registry
    PID:5464
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4344 -childID 3 -isForBrowser -prefsHandle 5388 -prefMapHandle 5432 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {41fd8349-9e88-4eb9-985c-c7c35c89978d} 4460 "\\.\pipe\gecko-crash-server-pipe.4460" tab
    3⤵
    PID:5984
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5632 -childID 4 -isForBrowser -prefsHandle 5552 -prefMapHandle 5556 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc65f6f7-3850-4a7e-abb6-9f8b62fe75e9} 4460 "\\.\pipe\gecko-crash-server-pipe.4460" tab
    3⤵
    PID:5260
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5748 -childID 5 -isForBrowser -prefsHandle 5828 -prefMapHandle 5824 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {236467fd-5cc7-4dde-8a33-4cc1be9148c9} 4460 "\\.\pipe\gecko-crash-server-pipe.4460" tab
    3⤵
    PID:5416

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2364

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:7120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff7f9046f8,0x7fff7f904708,0x7fff7f904718
  2⤵
  PID:456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,15299487413015185127,17843172893105363794,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
  2⤵
  PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,15299487413015185127,17843172893105363794,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,15299487413015185127,17843172893105363794,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
  2⤵
  PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15299487413015185127,17843172893105363794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15299487413015185127,17843172893105363794,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15299487413015185127,17843172893105363794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4324 /prefetch:1
  2⤵
  PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15299487413015185127,17843172893105363794,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4332 /prefetch:1
  2⤵
  PID:5536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,15299487413015185127,17843172893105363794,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3620 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15299487413015185127,17843172893105363794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:1
  2⤵
  PID:5652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15299487413015185127,17843172893105363794,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2324 /prefetch:1
  2⤵
  PID:6496
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,15299487413015185127,17843172893105363794,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5648 /prefetch:8
  2⤵
  PID:6624
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,15299487413015185127,17843172893105363794,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5648 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15299487413015185127,17843172893105363794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
  2⤵
  PID:3704

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
PID:6876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff82b6cc40,0x7fff82b6cc4c,0x7fff82b6cc58
  2⤵
  PID:6844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2100,i,3702309650929438841,76325861442324864,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:5716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1840,i,3702309650929438841,76325861442324864,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2132 /prefetch:3
  2⤵
  PID:6240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2276,i,3702309650929438841,76325861442324864,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2496 /prefetch:8
  2⤵
  PID:5468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3128,i,3702309650929438841,76325861442324864,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:7040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3140,i,3702309650929438841,76325861442324864,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:7052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3564,i,3702309650929438841,76325861442324864,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4488 /prefetch:1
  2⤵
  PID:5216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4712,i,3702309650929438841,76325861442324864,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4744 /prefetch:8
  2⤵
  PID:4236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4860,i,3702309650929438841,76325861442324864,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4864 /prefetch:8
  2⤵
  PID:4920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=208,i,3702309650929438841,76325861442324864,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5028 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:540

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6856

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6748

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:6236

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:7076

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
4cac357bf24f523841d64a4775f0aa54

SHA1
78b550849a3899d802ec8798fac15a7401580ba9

SHA256
04e85566882a2bc4e8d6d31ceefcd36b4c0a5b3cc3885321ea274abf780ce5c2

SHA512
f9b9107b26c3ac0ae71c1a24c5e240f984663322eea15ecf6ad4d2e30cb444b78bb3da3d3c9229c37ebba39061fa283f94f02376524abd7d09f02cdb632159d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
9e42bce4705a9ea2d746c845b890e13d

SHA1
f16ac2863d6589a8be969d47e644fb70d6e075c5

SHA256
fee4e7c855df7644a3473c1c9042bc16fb7b92fa567d35275c79254b1205a541

SHA512
5db8c457e18647b35457b6c4d6622cb50427535489fff7c86b4da24c271b88842ed681b25a7fdc9990c46c60f0a834b6aa6e8f40c160223a37742f4ded82d666

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
310fdde3c838d7f8db5abf9047bb6e91

SHA1
bd0019993cc913429054ddbb06cb4d2f1d800de1

SHA256
420a9f81cf23a987698f2ce71a822b4d19e46cb0fc4617d840d0576bc3d17065

SHA512
b3dbb51bc553d5c4e19addebbefbfcfba274d41a0e6015898b9ce4388581b426f21c0c7c6ab4b7f8fc17f8c8d43737d2feaeb6b0c8d998669e91db4fd201228b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
8c0bf073fcd7d7a4174e54951397f753

SHA1
2769818deb2953b739ef453835ed0acba5e6427a

SHA256
196029b34bac3fa7db78e0d3a9e99ab783730762780d3fbd4cba33fe79069ed4

SHA512
00c26d5f6d71b44b9e71f1c7832cb06c2b463f714a5454cadd5f44fb92a39a10603c66b684dbc26cb8e343fe44610c16cc8307e4babd6cb8899fefb52e852c40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
80310d688340de6be0b2d8c539b0286f

SHA1
dcf8b6a3788cd7034704cfcb012099b7b05af88f

SHA256
611a7d0c554173d476c444c1d26451581da681df3593d3146381e1ded5a56f94

SHA512
161e643acb1d3d643243304f128a537c9c229f72df6ae34db228ba67d6a2d2b91b6df9c4310ab211f0c63aa5d732e4584b4fe094376bf143b1aabd528b261a1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
329B

MD5
efeec6053e116964567617c641da1e47

SHA1
d3575d8416469c4c89dcea0282159e7a07d9d030

SHA256
864e8d9c3c1a8b295a0ec6fe50fe6bcaceb9baab745c94bd2423961102b24569

SHA512
2377f346cb4d8b72f42dd6996b9671f7d543cf5b75ef1f6f8f578419c2fd26bba673e6a5cd895ae84c888f7e41c875ee4087c721529e31e854c5adc5fbb989a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
6af3e0b51337022ba96aac683469d564

SHA1
7f55939359790fd0d5797ff4d32b54abbe6b1f24

SHA256
4fa9ee47b8e68c9ba5796e860572c1ea037338ae6f1a6da9306f6164cd2b7def

SHA512
234031b436a2ff0db011159b74ee8092b4d455b891670732f386b4e88abb2e74944d4ddd15f9a05e3a2486953ead92cdcf53eccf9cf87d53dd20027832d5e3a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
c416f03601d310c54f04505ee37519e4

SHA1
144f45119e1417be94781be5956f781d350e259c

SHA256
b1578c1b4c4b516a5a7780eaa6b0479fb149a179eeb5557a277518e5881c9b7d

SHA512
60887eea41ebdbc189bcd0c751f915d44a671532aad882730f83a5cb0840fd9d36f6b8f3eebf4c5b76d70f1b2d8dde534b9dc27963c17e6a9a35f700e516b290

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
62e97783de58d7f712bc7e0b51fc1974

SHA1
c1b290868190e46c2204532d01fe38e19f29ccd4

SHA256
11024153e0c6bcaa8d5d78b4d48ec5302ee3e220d5fbf17d333060f76254c00b

SHA512
f0af9e0a3205973d10a95f06048afa9432971e8b979637a68232fe576d902477e7749a354c0cf7c148c552caca3a6600f559cc3df976a5b656681b8e3bb0fc6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
853daec44a56c8a26c4dbd5dc89cf726

SHA1
4cbd16f3da6d43fa8eaa35d7d4b38e16f9010628

SHA256
00c6aa78d292b07f44ef646f0e561fb024356ab510d2ec35f950af39731c04a1

SHA512
446a539e24c13b02296cd599154a0e17b86c3ac159cf8dbaf1ce41f036bbfb73fda48ea262d6117636f69cbff765005ab8b9c755ab9b5e7044820b0fcad9a698

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL

Filesize
36KB

MD5
756e2fd59140fa2c4726d97e579a76aa

SHA1
5a09111754389caed85173c55af35b5c7671d85f

SHA256
51d1784b31dcf9487d2633e1db2b1e7c86ffc9f6944c6763108a7f9898c4a2fd

SHA512
91029abab8f53ee8af9e123fe626f87193b2f879da754c9cc7ddb2d3071fb4cf7f240002399ce97e93a6a23f30d77fd3cd337f5ab85da99f84fca1476de94e37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
c2f13ce6d30a3307f28f751075370f83

SHA1
9c679947432a64c27ac531d2d3709870e7b07bb3

SHA256
224b8f9efbadaa4daecf77c400b7041ab77fe2297b56f107dae2bc7a560994eb

SHA512
4b324c7301aa6e104d3a3007c8eded09107ef2813aedacdba4382b099eb692cd8cb9c94996ea088ffffaedbad959d4ffcc5254a4ae2a326983809d906109e0b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
682977c97270a933e36a3412c3354d02

SHA1
46e7506bb85a3b1d0db84f78555432c81b317569

SHA256
b5a4844be92b3631e67021bc8297087a9fcb5d30e6ade0e4ce132ef41ee30546

SHA512
e00bcbf0b9699f363e4cee8ee7249e7591542dafd1148dac4b1d8e84ac731f527dab645b49f4804c5d2e9614d55577cd4f5ded376be300708f2718a42d14b8d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\d2518f17-c2f8-4190-8b73-8fd9165b69d9.tmp

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
95c2a5b424227771896b178d76bafb42

SHA1
d4f64b45412f1f90865f3dbea2175d089a2670ad

SHA256
19cb041a39bbbf8179e6886f337df4096d8d559b4f8e6a69822bf5d5c82d7bc1

SHA512
58452a14e66e38c3a9b70376b3fd4ef92a6f319336044906457d4c051d429a8c8366896fd2a64dd60402f6bc095614f2fb252409a25747f6d3e9941b452e028b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f775c7f84fe22a85bc4cf74c13c5142b

SHA1
1da43166d54d16ff0c96b83a7e2b32aa46396215

SHA256
e54a0fa633942f4495612f6b5e71f1bc7ca850b5e9bac72ec46ef9df0fb9aa1b

SHA512
f7be7d67c98123f0916d700934e25ac702dd7523379f390262f9d909c6cbce348ecbe053e82929e9563846c65318536b4af2b665304ebe1ea74d4e2755d0bfba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e7b634d33d464bba2f70f49b7d4fed1b

SHA1
126538a0e7ddadefc7fa10bea7385eef5964f09d

SHA256
feaebab1226270d3230e0c5f7377ad949bcf5f9aff71086d66672391be5de692

SHA512
8f3fa1243d1786b62d6840806c0876c08ff2f0d8a813335763657943e0789d3f92514370fcf2c7d0a36f18f0779691ea39a5a24d90df90991c0b9f9c235f5b97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fecf6fd655ee632a2c8fbb27dd6a3932

SHA1
1c96f5e7a960c1835ee5abf859a260902ed1eee8

SHA256
153205850a57ae52272978f576c92fce352960eaff709111ff5dbf1dad2c5ca0

SHA512
569bed1f84476a7313baea8692c3793c5b251a2aef4f554122e137f48b7ca4f0f8320f84a1ac8020a382a72e2798386506010d955953a0d973a729381d6dcee1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1fec80a32c12c675932d896c4373b4c8

SHA1
11eed133ebf5d7a0b88be944ff2176a7eefbcdac

SHA256
f58e5a91964967a2d3b968b919487b89ad90f73b749df53850069d9f0a0da46c

SHA512
247efd0beeda2fe6d231934ccdbf2554092996712e392df1e32d0f62ce6b4f3161cbdbe7f2698d2b36f8f6b8743c3c1e3e605d36778373033316fdbb094ca7f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
81c0abf4e82970906feb5968b693a136

SHA1
0543d610efc0b7aebb76ba780ab16e521dff5284

SHA256
71b138826bf3bc63a39d2d88a69a6c5af91fee9b46048e8f532b4a8a549c237c

SHA512
813daa89591c777e298be38c7b17eb095f7554f2dbfb37a36f1d0b9904c19e4713dee6438dec58def39756c679fe0436d1e36d2bb74786ec238af32f3b9f129f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ac5c4bb6691e3cd743d00c6f7c15dfb4

SHA1
78b504f8b711b196332f2632ec4605956fc4fac6

SHA256
072325365b85d516c37f65fbc6358b81d7f754ca425a98aa30f1308e4e0b72d2

SHA512
54bb0746be9003e0307139eec8b27f40d8fe91a98fac84bce5d461f831a2b0b86df8624da75ed3e2cfef98ecb4f2143e5cd291c9112b1e501a1ffac87a7c1ea7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6b30bdfbdb70f11743730ce94b24220f

SHA1
a59190a129d06eba1cd7ca93e523b265043cfb12

SHA256
911c8ae379570adbe2390e55a3fc85d91d8db7f178039e8848cf0e7ec2f0bb99

SHA512
f9f3de8bed29b3ab8fa4d9e7d30b98f990f12590c0ba080e9e9e0631f4c628238d1fb2c9bb16c07d50d5c30e78a89539598e3fe9a098341e760a132f4dcf970e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0a0a598e46f6deddb36cca264f19cef4

SHA1
35a58609feb8db61ad0d2c9e7bf6ba2080b2529a

SHA256
2911141105a67fc0637ac9108dbbe49baa2285b78799a8237c06b4ebd7fa0fd3

SHA512
9cd10b3ccfae94f9aa70916987f55f0ddc3c2af0bcbce6c3083f033266d64ae084281eba78a9073de4fe3c94c3aa9db161f4c381a65e1afb410c9d44adfae325

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bf057721d85fbbac04520e036ee93e3b

SHA1
5500ecb0facc9535e24a93dac7a092a349d102b9

SHA256
31187c690a7595dacfd2cc72d9e1cd347859e5aa7026b136553c1c9f7b92c489

SHA512
f65b7fc3dccff0e254cb72731736b5f2b59e07cce96c2e151c84270c13ada23329007862b201b833314f6cdafa1130b5e326d702262dce2c46e60473f8bb24af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4c4657427db12b359d083293c413db0c

SHA1
557d4e25faacdc3318aab5bdeda56651a7f466b3

SHA256
4f1dc346e42f2b3453ac7ae39d4f34c51aa5719bc295da0cf63a97cca021b1ad

SHA512
82418d94bf6fd55bc13bd30f415372f8cf6ed8a486616f7b8737084e543b76abc2d033712bead5e165e3c3f6dfb282d935946960115f4f2f28a613a844c9d2cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
03f372fcb62b79ab83af4c810b66e593

SHA1
e50a261e819104e71debbf60202e818b001de1fa

SHA256
e78184ce937ab9f5c103cf2861e8f007810b535671ebe267e63d5517c9925a7a

SHA512
1489452b8bdfd30959c42d1a940dbb51ad3228a9a53f469677c3829c637d6319fd7d468c1c5c68f36399df2fa26d2754106cb5c8cd841b7cd540037aaa73c427

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
309ef25120113d19eddd2c4e20454181

SHA1
8f1b0fc4d05706aa3543a7373e2d9da57a410ccd

SHA256
35f6b931bc3953a6f6404e955153150cb35a6131b44e8746d1645faf27dff9e7

SHA512
defc4c73580ed1ce8ba8c04aa30c3b091eca47ad19386ee32cf0cd7cae20a6f0b47466d5d113930cb86aa5aa117588aef5dce702cd4787838d066a6371abd34e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8f9408c4b1ea42152492371fec181b54

SHA1
4e51e98da9330a8e113feeeec9b0594ae0f43414

SHA256
9e9e43195e223af162a2d6ad6efd82ecdfd1afd771a583c139b44aeba7a4c66f

SHA512
7983f637b27c5876aacb7d6bd8afcd6dde486014a910d91bcd70bd53fa916490027297574581073a52463e96d895a5154e3c29ac647ef6a25a600bb7784fd3b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e9dc94cec96c86cd82a64dae166fc0d8

SHA1
d40a82855e899f466a23cbe4a4b7d0434382a1fc

SHA256
05db46b687ce54a9ae1121cab1ca78b1aa7e3166bd879baec1e478d61800c3fd

SHA512
740d1153a8198d8d0aeea0129a8bdc7f830187f8417a46edbc704fbf604b7ef8d531cc27aed12bc76f9d5d9e24ebff9cf1fcec006f550ab2def13e1e4a78d727

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0836550e8241483c7e48e99ac1625a9e

SHA1
25157a4e3c5c529695a2f7de0d7b7b1aaf17cc0e

SHA256
58cf21d61954bd43fa08bcb30c4ca2badf2b862759a1f000d89b737c6c2e7e5c

SHA512
70a5c808f9e5b79d5d17626149b104e963eb214230535c003e56fc8cff3e742a8b4abc68b5ee0bfd7c92599db8dd876f5c74bed6a3068d7eeed51b81b9ec2c10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5f8d8fb04aa67c30cb4138b06ddae094

SHA1
96e99895944dc581c3e1d2fb25d952c9c9596d49

SHA256
ae115c08a65a293aa128a3914cf55567b4e03245df9ff68713c08b27bb4510c3

SHA512
3b555da27f8692c789b5c9cd4929eb387a5d63676a42ee58d6d2c3c82dbb6ef02afc0bb502525c53684eb3edeb08074691d1e1aa66f20991614401d9a0c260bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
626c5b19574cfdb888e4172ef206f111

SHA1
7be34ebf5179923957c26a90dbfca252e0963f01

SHA256
d3b76358dce3d4626ef37f86b4d3be67b010b99e3c300662b80b5e19ec85a0fd

SHA512
9706d848c1963aba7c86e36ec9b43f682dfe0168e07a81811278e0181b668bed73f536aa623288c18e1e84f6edf13bd7248d8bc4a08df4c0232e79ab963928ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0e79fabc82f83e79ce83ea5b9a17c252

SHA1
1a04fcb53ef3f9464142fa19375230cf6b8d2703

SHA256
17cb7b9ac4d0f0b4cc9523df9a9dbf5a57134ab00d0baec80dbc483b023739ce

SHA512
08a8c8aabb822f8b5b127caefe932f250f6d7181663b6e1341469c573dde717ec22a5fbb527e65ad8de49c1de872b15bf8884376f1d18aaf09d943f307deace5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b6d046f6f35316ad47634568c8446083

SHA1
a37d172db1e4c1a10994f6c1a7c8de2b3af6c9a4

SHA256
c1f75d92fcde5768a41a175289ab6fd89988e50caf645d6692057664a104c302

SHA512
7032ceac33ccac69c180c3e6d322ac52b54cb5c364d05002ac957ca56bcb31ffa06c76acae38e2866233f44c6787c165637f99ceba3cddc2a1a330d67876600f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
db0d865c8afa72830d459af04577a0d8

SHA1
e52089593866398b142db9a6951c4d4fd73d849f

SHA256
2253024485c2da22d7e9d4686bda33330cc93aeb32c3c67160e5905b460c9538

SHA512
77232f80bfdf951b40475ce2ecce923eeb3964b840d3bd505d6d16ad80863d1d78b19b68af5fd8c726aa77104823ae5f6c3647730abcae9205e14cab20b4a3a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
814e1e0b1ac126423fd8932fbf75b6ed

SHA1
7917b46be5f87cb8fb230ebc1adf0bfc4d139238

SHA256
0eb801bb4df5c86869afe065185b6eceb1db0864ac39d65524405b9fee71cbdb

SHA512
f1ef4f1583e9f772dac7527117df7789016fe1ab08bb03a3867995a2c8c489e87a6633ec6dd24ca8c202518e37b6238f3f2bf14d44a985828aa260b0f135dfa6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
290b8a9497b9d410b8faf0853074f5a6

SHA1
96263bf0fdb5c6ac4743315e2539f855bbc5be62

SHA256
38a0750abe652121ef3e8e9dd004b2555059a4934810c69a9de1326305fd3a30

SHA512
80fdc7083a9ae7397e3939278e1e4098a2b56d3cc39707dc74532961c746db00d7c38e18069c1b7a9c80a012231ab51d6e238698ca20913ff71cd2b95dc05343

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b499b8b34c26cc6da86ba66a2a3ae32d

SHA1
d3a20b0bae2f710224b8e71e6ef32200a1fc4d6e

SHA256
e7ac737c5ae624cfa4acbfb4a37a5f5031095dd2b5b36c7e640262804c2dbf76

SHA512
9922e5f67237ca18c9b07aad36afb823e8f5fb74bd217468663d0dd3b8783787e6f8c4c2f9a464da406d2256a79bb8e1e0b5bd1b023ec38289f561d3e8115e8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
838d65b976c6e4013a35baa5844c8588

SHA1
276e2f0a88299ae78da1cd2951f3fcc3e6950841

SHA256
1a5d21e7624461a3d18101505c1c3417df7ccc27f3f52bbfe9c1d1e731166b07

SHA512
72019f97606b1ed55691ac4302bbc1d8b0730ed75aac96c209ecb0d1c7e7da875164dffccd119bca367bc3e6eb0e70b9968eb174c754e459b6db3acf232010e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fa47f70ab535deffbec7f9015d06c6d5

SHA1
8ea2a17170c163c0e5274ec84bb93e3f3a64ed2e

SHA256
eb0b9d63ede0e56a498a2fad090e0b4373be30a689defca4b16d49b715bed265

SHA512
f0b398ae08ce9b8e8a6db46410a8e19a0636e53ace8d4c681e0635574ce2454b9173efd50ae97cebd7b253ca8bd2ec23abaeae1bc2bb42b62f16368a54de7c65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
81588f203ae8a2994c3c556049f02ddb

SHA1
13c87d0b584e0dd8678fd464e73fe7e0e3e1c131

SHA256
aa7e64dc276065b55f4f1bb080915a983596af40469821ed2ff2613619769c40

SHA512
0994bc68618efc2377d57526824eaa9c56ad2a4eacddd413e4b6f2559cd2b191cca5d45e434afd9a6b4d10612ab6767e1bd3dc4965ec3dfe4f047d09c08ebebe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4cf4475139e792bf2be523e47174f7f8

SHA1
d528cf1a22a6828cc19837619cdaa52e777fd82e

SHA256
9b0db215261552f11710e3733e2139414bdccf11bfb0f73ca410a6333a1b2bab

SHA512
6c4c9bfa27f8a2eeb2cf7d82c4a3d218e0f7c1321b4153ae2125ef6072bbf8eb28e05638a5a48ef985cee756e5af3eb68fe6f1ca7583263ee51f41ef5616a3cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
9b5f3596784d0e04ce1646eefbc2ff03

SHA1
e3b73d20b2227d1dd9b1449fffbc34ec0a610168

SHA256
22ea2ffcfa6b1a134ce60372dc945f924c9389561bec4ada5606c93591c47bf2

SHA512
333ebda6a28a6da30a01bf0b011c1c65f500ebec889eed585d445215cf8b3505e3498681a16c5b2689558c8a04189e71086895a42c90cb35f64a76be4d4e92a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG

Filesize
333B

MD5
859c568261c0f4a5eff8a2ddeeabe13f

SHA1
8f5e499022c03cb6499fd30201f8c6c40e4d9916

SHA256
7d1852ab9d4e60360acafb2e11cfc5e0c8d638e6164ee8bba2cf944322f12680

SHA512
cd6a626c14f3f9a8ece0506a296150c1202db7365070501f01dbd587800f25217b4a73bb9d4bc50263af66e409054ce2735e80011d5f297f66052162efcd0343

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
348B

MD5
398b8565490ae11bb1abc5f4ce158684

SHA1
c21012ad61d9d0557fd4f85b6bad4c120aa5e60f

SHA256
bfdc8f7b1dc264fa9fca70f819b87c5792cc710bfe4ad4533d8851259b677b86

SHA512
139270b89bb6f44b1f9880621e95bfebe0e9ed8817035fa86ac37714137a71ddfc931f9ce85f1458294ee404a96ce02f7416bcd1e167274fe2eb23a4ef49c3bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
fd331f0a28103c4d3f8d8cf364b69003

SHA1
bd40137d49c55c5f47a854202947891aeeb07d8c

SHA256
345bec8f64e021a792884b144303dce0722fcc9cf3c62c9901d5724773ba7843

SHA512
c0e147b07f16766285fe3bbf70e345e54558df380194b55ef75d5ff4ea26ce152b4631460ebe507c04a7dc827f95d44681c1a4eda1786063167d87e5ad5e7244

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
ef48733031b712ca7027624fff3ab208

SHA1
da4f3812e6afc4b90d2185f4709dfbb6b47714fa

SHA256
c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99

SHA512
ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
208KB

MD5
68a548aea4ecf360e98c29f58b44c79d

SHA1
841ecde119152af04ad6cab5fb2d0b3eadf91908

SHA256
ca7b0f0e5530c3d3b4d23923ea71254eac56becfb216ebc604961d9fff8cdbfd

SHA512
63f35564aebda80413f5c7343bf7f481318f7a1502dfd50da2f0a7a3df3d317174fddafd9111cdf0b4a61fcc3377a12721f12bffe71224d07d776bbb0e86522d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
1ccd943800271d93856f601d1d840161

SHA1
9a3935a764b2f794fed4b3201462ba4a717a9e7d

SHA256
0308d278ece4c67fd58852200dbd308b5b23af07a5dd8708452a4584f27e2085

SHA512
92eedb9d7e5ac9a0a2fba71e8965d8cb596b65fe1b5d0e15accc304e842aa662f43f5665249676c08dd543e486dcf546a5cfcf5bd9f48691c71b7eb575cfe148

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
2fe88ce94369bfc3a8546770ac006324

SHA1
9143278025b34f5a82f8afc74fadd36413ab8b1f

SHA256
e6ab2e340fc9f33feac80bf36ecbf4b1d88fbb4f7467d7969860eca3ca82b5fc

SHA512
ed837bfb84ebfcf0e6456cbc1d11bfb88f32286de8c4e08d460e86d6c850b9b7d0fb25a73f1f38816fab6e184cb9a0e746933a1b4c955b57ca3750bff84c5c6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
207KB

MD5
fd83c3e1efef8417fb64eb3712a5c083

SHA1
94daf5b749d91946be4c463a313e4209b59ca5f2

SHA256
0ecbdfeb769fe45cbc6dd146b8ca9adc5d6b61a79a3f8d95f4ec5feadbbffd61

SHA512
071175d38b864a66444bafe4b9478331dd6d1c953a65809578f48a9cf5e240931f1d08204a95d66f36561f47916d7a6ad6b52243f82fcf4831912f26e7d54926

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
263b4d7801b3c7166d7f13f4b7776967

SHA1
9932ad839521e9fc2cf4d5aa70bb1679e179c4af

SHA256
73f83cc05e50bfb7ca2de4d12578620d926a03cd71c5edf0ef9a5a12d570a5dc

SHA512
8fb936f36e3081b1456cd61881315aad1243f2c2ce1e0484dff5fa1353b31fa9cbd4532cc927eac83923ad1fdfdf0bab22eecf7bc9bcbc1e215f362fd30a363e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d13ad78a4e3cb58ca52e4efe7b07cceb

SHA1
8fb26fc3be9fd7307ef6846b2738de64bfc98d78

SHA256
fa647b40c34145531816a29973570139d463dcd0e12c876c54916c4e80494bbd

SHA512
8f6ff0c8753b91d4cdbb9604c96087031c274d139cfe2dd0be521a28ae9619c8a81238f5728b156ab8b7bbc502ec65c5cff2b3d3c939fc9d693a67cd02f40190

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
b0b20fd832ff45252261809d7d6dfa74

SHA1
0500df950f6acce0431fea82c6c07e25780f6fff

SHA256
de02dd6dbb0d7505e108827a7153c58b42b7836256e23699dfb3e79c38cd3fcf

SHA512
cbb38a9f56a0363f3cb22b31bc9ec97629afe47873165c5ff88983ecf66909286f80d86e07c8f23905ba471e264c223d07525ebb112596ba526e5eca2e1df1aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
d84bea0d7b79a0e925a70253f9295a03

SHA1
d421e1eb134211f27fb078bc9c23ca26a2c53c2b

SHA256
11f3584d189a134bd01bd850201d6a21cf512ccac287fb05e629a7b1c736e297

SHA512
a2fa156f7a55e8e5a829032f5b4a2860f3bde26bb4009c6e4a6b62d56d2c26c8d9bee271c53b8ca7d7916a458ffbc1213a40a507e1914e84f43657bb636b2db8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
322B

MD5
44d230e83b7f8c612a99db0368f8bd43

SHA1
fc742f2d1676d32371cbc8df63365b89c0070056

SHA256
60aa6747e3600f18e671d4e0f3a96b66bacf0cf371f4fa1129173ca3c821a2ef

SHA512
78a586d6f5bb4753b61230c2e98e178298f3ef384f2166e2259dadf41bf3e1f8b7d961f1170862c04815d7329cab5f4d5c069a53d2eb96b263f28d4783616c09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
da3279842d9adae66dfd305dfd3a1e96

SHA1
ce7aeb97ba5f4be3add2bc351115f0c707689ef7

SHA256
074c8735edb62818b1da77a73a4dfe79fd4ba97950481007df8be33bf0321e6e

SHA512
7dc3922eac5f33ec637c53238e3e870f7bc7ad8b477b5f3274f47c4b9117f547c75108c0a5c48b968418dcadf0c5d6b38f6149b9cd8ab16557712b53d6ec7a82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fdf609006f807c05813dda1756d5b6a2

SHA1
2b20385c53c599612ee68c5ca39f87d33d323331

SHA256
86b4f7ee2f2dbf3cafd94d6d9146d3f914965535c1fc8d075c4cd5c0d644891c

SHA512
8e6476e6b099b38b947239b6d1c7e03a7ccfccc95b58a1c33c1ef7b03bab40704e7ee70474ac7e811cf31afc4f4a449228263d18e90d1e18d6682c22f2ca4c57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7bb4a10c6af63880e512ba115238fd5f

SHA1
051501ee70bbff48b3e160104631390a04935c6b

SHA256
e36ded14c0d4d36a610fe0da8e37caebcedb2104ea7f21dc571744091a159ac0

SHA512
9254d8d9dce56d4ce002eaeb6dcf048c43450ae2e29ee57523814778b72973b8efca5e80e3e1a695f47b6e1c15f179bbd62c95c957afe6871f3f1c35564e4174

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cc5d3b0fc2fe5430be2782c59c120308

SHA1
beca96c8b8d42fb7950f1bfb4a941ee89d5ad908

SHA256
abd08a827d8e47820f348725de276675a2322b7a329f653a0961cc18ac124e0e

SHA512
237027bb7c8faefb85a183566efc919b8be84ca39b9ace30cc75b3f06e45cf517bd2cdebaa5681cf4ba9d836ff5445dd3c410dd2f2acbe51bc3b593578f26a31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2330826458b4ab2ae096a57bc38b0c10

SHA1
4c22e3315fc07c5128f4714224dafe4db6f5a2ea

SHA256
edc41f676cfcd53930875ee25966454555f0d015eb5b1107c45cc28520b49a63

SHA512
72ab64a5b8767eef20b103213aa2cfa620a40c0ca853eb6e889556eddb49ba7848073bc839163cdf0b8e5929f9340ecb4481963e948df4ec7be74cb819187a98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
137B

MD5
a62d3a19ae8455b16223d3ead5300936

SHA1
c0c3083c7f5f7a6b41f440244a8226f96b300343

SHA256
c72428d5b415719c73b6a102e60aaa6ad94bdc9273ca9950e637a91b3106514e

SHA512
f3fc16fc45c8559c34ceba61739edd3facbbf25d114fecc57f61ec31072b233245fabae042cf6276e61c76e938e0826a0a17ae95710cfb21c2da13e18edbf99f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
5bf5c6683f778eb223de4133d76ba4a9

SHA1
c90067752a6f4ff4e1263e03bdc16c28d45df269

SHA256
371169869e54830e68d2c4820b7de7f1772fbd6e7547833c639f36b590ea058f

SHA512
3313630d1501e07ab651723f413eac83d1169465ddd6c0ea84bd7a6db94980f8d2baf163a3906e578ce572154b2230c87a98692ded3e24be2802a1cc3c502ee7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13370913171317317

Filesize
1KB

MD5
62668103e0c5bf50869c79ace37fe6c5

SHA1
733184452cb5ab7203f09ce5a0ad2c59ea58b2d2

SHA256
f167f6aaf6e96c39298a150c119d82822f29906238c5862758f35dda8f6ca155

SHA512
d0f832b6f4a1ba730f3780b80c4eac1df9a4cdad1a967dcb834e3e79c2b130d80a8aa8c9f42ba0d6c0f537da8cb6f55cde7c88ae33861108925815c6408e60db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
066a90ceb043088ca0eee09f2ac7d843

SHA1
b3b9a1e5cc279960c3e2d9c49eda6bd354db2a00

SHA256
0c411b8b9feff6b0bbdb33c67ac5aab5f17132ae93cdd0b96082f608f56c773a

SHA512
1a989780da346f16c60f862cb7f2b8d40d086223cb6316b72f65950370054e8d2091c65c24772f87aee201bc461d423dc379976f251568cf7cbc319d928c0c49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
5d697212c08db73d12c13dc299891b45

SHA1
0fe4ecd1ae26c28e983401c38fe9c32759083147

SHA256
e6f747298070644f52bf907abf84fcd43e9640c382e9c77218d15c4d3c4acb54

SHA512
4aaf3d4928e82be14f588f2d4f0604f9cac5ad15139f7bd6bbc51ed00d80c0336de4233660e39f943ace928c3f7f1b91bb9183bcbb1a472cde65d92d6ae219e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f677fa64-c20c-4f0a-a781-7020b56c082c.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
f8afc45ad0a46ea1af8590838ed286fd

SHA1
e75b72dd6d36f92d1687986888e9867c176d7953

SHA256
e5a7b8aa9625f1f27a35c59e62d0117b4b9d5ab719367086b804446dc8eaa309

SHA512
c27ff7bbf7fe6eb39ad13c97749400838ff63cd8bf93a74078172ac7ec55a7622b26c561f627425281d3541e59cfd32fc80f70afebe8141726966400a733ecd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
187B

MD5
cf8a249d37dbf7afa74b74f026e26e5e

SHA1
07c2100f4a0a4c0f7be626962da91ca597da34b4

SHA256
a7427ebe9e860357cb2173972ca4a18f1c67b2b79de315e22d0bdf0b23b76d80

SHA512
c45c469f181307b6e9291e770527bcebfb30e804cad9494de25c9fea885a90c0bd73e067139d9862f3b4cb79fc30606f3e90aa039145bb44c054c8c3cfcc974d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
322B

MD5
9a68b5a0bc89eacdbd14f3b934622648

SHA1
373cc1ce48e337d00701cb649db7154889717be1

SHA256
c6ef3645f11bb9977483723853d91a6ef6ee6550fbb72145e171950cad7f75de

SHA512
04d217a947110f8ee9262a8f629f3302438f8ec742e663b4b571acf34ebd93caa267d391b1cc30ad732a3d11a7509911840fa26fcbf4bccd17546f3c220489cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
565B

MD5
b4bb45b372d220723ef4c8d3196a66c2

SHA1
c3e47832747be1bc429264a1784d6472b38621b4

SHA256
ad86e6c318ed4b226a101f85ef9158ab5fff56f371655da57c94d61197ce3456

SHA512
3fec0564184bfacd087a818a659d8d63f7f1fbbda612658debb4d2912f8414039d1cda4e8c18734d1fcdf9b65bc579cea3e90445b0c44017d3fce9f18e71dde6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
340B

MD5
09870fd823e899bcea977ef3bfc3ca11

SHA1
9f185510540997ddc2a164509936c502fb223b70

SHA256
49a6e75bc4a7bcb7c8cb950a732016317e3bd7735fd1f723cda945de0c3ed486

SHA512
8085373434ecbda8f52200866d0005b19410f7b023658529c51ddb8b2d8f19b379b8d30a44d81f8ac008630c58a1200ddf133192ec6f1fe9ea6acad825ee3371

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
ecc423865006d1c3cbd02fe1bc2d1858

SHA1
4ac832ac1932d08d4b0005f088e8aefda376be8c

SHA256
2934ae193fbcdf42b6d1211d1f62cf330ac6df47d564f36b4c944b0bd627fd1c

SHA512
b693c25110bb2eaab3f92f7cda2a6c6fedadf4c65c43e7d3e660eabe92a396dd7004899750a4a0b78b80c9a3223f293498986703ba4656261ea4373305d15804

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
ac9d5a4105ce784d048e446f8d1edb8e

SHA1
e8f1f41e36660b9df2f39bc0bc8d37a4647f38c5

SHA256
aa3faf987da2f2122b7cb99d451025575d92081cfaade6ca533a24893b6e98c2

SHA512
b26f49e7bdd0aacc82ff47692d0fda4809bedbc247b7cfcb849432bd9a26be0833ca3e871f57d7a2a6f6ed00210f4d2fc58cb228dbb57a942d0dc506074b4132

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
3f89ebfb550d03e7fea2db0e0e4613f2

SHA1
bf709c07859ff9373b22eda4623d1716205f754f

SHA256
856560dfaa8e585b672a37852755f961d8324fc55e6fafc31203c5e318c6c302

SHA512
c3785874222e0f4979410e1577df8f04025e7eba61e6895afa9b7f5434cf0ea6ff3450333b9bb1e62c9fb830cb5a9eb8c33f6ae9548cd2cbe01a52acd603ee1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
22KB

MD5
1ac9e744574f723e217fb139ef1e86a9

SHA1
4194dce485bd10f2a030d2499da5c796dd12630f

SHA256
4564be03e04002c5f6eaeaea0aff16c5d0bbdad45359aef64f4c199cda8b195e

SHA512
b8515fb4b9470a7ce678331bbd59f44da47b627f87ea5a30d92ec1c6d583f1607539cd9318a5bccf0a0c6c2bd2637992e0519bd37acdf876f7a11ed184fb5109

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4152cb3eb85481c99b6917108827649d

SHA1
d0793c301a3ad8bc55f6bed07ba1c6e9da058729

SHA256
5049b5e0e9f10fabfdfebe9f862acad8a169b780bcc561dfdd86a4c3f19837fa

SHA512
bcd8e940c345c783837e5a9994b6531dcd14603b55c5384aad4da4291dd169cba46e3b53e058713cabcfafba440ce6a1ffb9ce15c8321c2a54ea610b1250b1e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c10f31d12021f7a3ca36c83b0ecf3dbb

SHA1
036f79b63344b8b0da740086c4cabb493a2f2433

SHA256
dc06e6880cc3af2010013284fdb1f61e815d00e9dd5b1483192343cded90e386

SHA512
1464675e6d2a956a45aaefbd361aa790639525f129d241b7c1717a552158fe3b603c6a44c2c93f2f0f687c88cfb515437dc9a5ddca76c68903a090a283bcdce6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
ae19537dc95ef80c94a1755f3dd86724

SHA1
d118c9af89bde2b328d24d8c9f09c849853ce31d

SHA256
119321329f78492ec3ce3e4123ae6b4c2ed0931725c37d3c2b73daa6ca2b0f9d

SHA512
a14af2c37f98d45cf884b8ad6953fa8ce3bc6329a20ce7ae02bdea5756f7b009abc45d3aef1b1159aac5ec12075883e2c23d88e7ed97f54904137dfd2caf6cc2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\AlternateServices.bin

Filesize
6KB

MD5
ba8588b664aff021f6785ac8cdf288b6

SHA1
dc36120f32677568d4534220cc66d6d625ad48b3

SHA256
cea6731af4e98ab36ac059164274cb6f63752bad98a6a5ccb8c2819c95dd53dc

SHA512
dcd45d99dee52da5671afb05a76adb69922a37031c188c398976018a8d4f6360305f8bd4236b67d89d10eb1b57f4d3437bbebb54acd03896767a3e92445c1e1e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
b3083f17bf62881b91102cd9aa8fff62

SHA1
0a41f806ecf3e3f409699e9b1fb929399bbb5d70

SHA256
1389c807e14521b3852bdb7c52aab0836f70c09fd6a107c294a65660cdf4b517

SHA512
56f52f9355d49b3774fc696d1a094f4e66bf4b67d50b2c124d3329d6e65a73a3599e4791958aac1f24dbf7cf8db8b881ee06effc79d86f6ea89da6d581388d56

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
8dd3a9983685b71208922f6838546f51

SHA1
613df420bce848a21da0300cfaf4be09cc132862

SHA256
cd00bb63598c4fb74936abbe12229f16d2bbb5a4066d3caf3a85ff3f498a6ca9

SHA512
6a4f54e69430c92b8d23ff60d2f9719c3ed75b01240c29b0871b7e6c583de0c5293726c0422193069af2982749b51e4c18a84658400aac970afcfa2c236915e8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\datareporting\glean\pending_pings\6e5338a7-50f2-443a-942c-b5f40c694002

Filesize
671B

MD5
5a09753214b72061be514e90010ad44b

SHA1
247379500cf6c12ce5e861f2aae36ed4ffad2b9d

SHA256
2f3375abcdb09688177588b47b51f22fa4db543744e9b75783ed9bf9c2563d84

SHA512
cb57c0724071418940402af6b941a4c28237875f742fed384dc066d2745cd55d9cf5cab32965131a70980996b79a88f7d1f8a7c1c5332645cb346e71c4fe02c2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\datareporting\glean\pending_pings\72cb5028-c87b-46cc-bb29-b086b1c7fca4

Filesize
982B

MD5
afc2949300d2918f8967d54b3e8a6d15

SHA1
d9806db69a464930d76809483a0e9519fb6863ae

SHA256
782976661a15bfcb2bc1f2ea2cf33455704ef893c95687478a69b8889be147e1

SHA512
25605c86efa81f3c7e24f28bac3458659418c57d51d227b104bc8462b5d556ad8036dafac45d9c7cfc6bd096a2078cc6c2ab750b9bd2207954f23e73cfa2356b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\datareporting\glean\pending_pings\ac2a0318-c65c-47e3-8ffd-8e0f6bddb1d5

Filesize
26KB

MD5
8ebbcb3c77288953a7478870b5314986

SHA1
a5d4161fc4d5de78510bd4bf0d54f055169fffd8

SHA256
dc8cc27253d50d2d14d51275d77d9d07833d93d960924a80fd93779bdf11e3c2

SHA512
9352f9444516e8603bf0fb162633ee3372f371e38c4d6aab9cc6e3efd490b1c86c0802a6741ec673af5876538ba63d3d4efe6f805ee77b93bcc2e7088103879b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\prefs.js

Filesize
11KB

MD5
399034913dc38674a578faca5d3f14da

SHA1
9f200512e525152f056578ea4a8f7634b3ca2109

SHA256
90c6efef903cfafd1bf3dede2711fe9ba359094a61af59fa1f8bd4ef6f739887

SHA512
e85a6c7b7c78de9e63c2c0549aa20e3c8c8e9ff9bb493112c7d393b9e9527a17565794e955435cd0506e3263f276a370289b059047df7a3d4a115bb701ee944e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\prefs.js

Filesize
11KB

MD5
cd3a35d05791a42babd34dcbb010e590

SHA1
a3575aebe784027efaf89f542bbc6a165a9c6d27

SHA256
fe2a14c304e44ad3654f5bd4cc5fbdf966a7346c6f62cbaa3267ea97d54c7a08

SHA512
3ebd8c3c89338f30ba60f026a67bbe90f9c58e9969e81d697151ea1f555a14973cbdc46f6a5feeca1902ac99b9ca28d422bdb98522f41d79f0b65af8887341b8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\sessionCheckpoints.json

Filesize
259B

MD5
e6c20f53d6714067f2b49d0e9ba8030e

SHA1
f516dc1084cdd8302b3e7f7167b905e603b6f04f

SHA256
50a670fb78ff2712aae2c16d9499e01c15fddf24e229330d02a69b0527a38092

SHA512
462415b8295c1cdcac0a7cb16bb8a027ef36ae2ce0b061071074ac3209332a7eae71de843af4b96bbbd6158ca8fd5c18147bf9a79b8a7768a9a35edce8b784bf

Download Submit
\??\pipe\crashpad_2352_JENXBSYFNOOEBDWJ

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit