hxxps://oceanofgamesu[.]com/12-watch-dogs-2-download/

Analysis

max time kernel
464s
max time network
466s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
21/09/2024, 12:03

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

https://oceanofgamesu.com/12-watch-dogs-2-download/

Score

8^/10

defense_evasion discovery

Malware Config

Signatures

Downloads MZ/PE file

Drops file in Windows directory 9 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setupact.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagerr.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setupact.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setuperr.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagerr.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setuperr.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagwrn.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagwrn.xml	UserOOBEBroker.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Watch Dogs 2.exe:Zone.Identifier	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FileCoAuth.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FileCoAuth.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 17 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "64"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133713938102053674"	chrome.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268"	LogonUI.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Watch Dogs 2.exe:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
5204	chrome.exe
5204	chrome.exe
4976	msedge.exe
4976	msedge.exe
2080	msedge.exe
2080	msedge.exe
240	msedge.exe
240	msedge.exe
5976	identity_helper.exe
5976	identity_helper.exe
5488	chrome.exe
5488	chrome.exe
5488	chrome.exe
5488	chrome.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe
1076	msedge.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
688	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
5204	chrome.exe
5204	chrome.exe
5204	chrome.exe
5204	chrome.exe
5204	chrome.exe
5204	chrome.exe
5204	chrome.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5204	chrome.exe
Token: SeCreatePagefilePrivilege	5204	chrome.exe
Token: SeShutdownPrivilege	5204	chrome.exe
Token: SeCreatePagefilePrivilege	5204	chrome.exe
Token: SeShutdownPrivilege	5204	chrome.exe
Token: SeCreatePagefilePrivilege	5204	chrome.exe
Token: SeShutdownPrivilege	5204	chrome.exe
Token: SeCreatePagefilePrivilege	5204	chrome.exe
Token: SeShutdownPrivilege	5204	chrome.exe
Token: SeCreatePagefilePrivilege	5204	chrome.exe
Token: SeShutdownPrivilege	5204	chrome.exe
Token: SeCreatePagefilePrivilege	5204	chrome.exe
Token: SeShutdownPrivilege	5204	chrome.exe
Token: SeCreatePagefilePrivilege	5204	chrome.exe
Token: SeShutdownPrivilege	5204	chrome.exe
Token: SeCreatePagefilePrivilege	5204	chrome.exe
Token: SeShutdownPrivilege	5204	chrome.exe
Token: SeCreatePagefilePrivilege	5204	chrome.exe
Token: SeShutdownPrivilege	5204	chrome.exe
Token: SeCreatePagefilePrivilege	5204	chrome.exe
Token: SeShutdownPrivilege	5204	chrome.exe
Token: SeCreatePagefilePrivilege	5204	chrome.exe
Token: SeShutdownPrivilege	5204	chrome.exe
Token: SeCreatePagefilePrivilege	5204	chrome.exe
Token: SeShutdownPrivilege	5204	chrome.exe
Token: SeCreatePagefilePrivilege	5204	chrome.exe
Token: SeShutdownPrivilege	5204	chrome.exe
Token: SeCreatePagefilePrivilege	5204	chrome.exe
Token: SeShutdownPrivilege	5204	chrome.exe
Token: SeCreatePagefilePrivilege	5204	chrome.exe
Token: SeShutdownPrivilege	5204	chrome.exe
Token: SeCreatePagefilePrivilege	5204	chrome.exe
Token: SeShutdownPrivilege	5204	chrome.exe
Token: SeCreatePagefilePrivilege	5204	chrome.exe
Token: SeShutdownPrivilege	5204	chrome.exe
Token: SeCreatePagefilePrivilege	5204	chrome.exe
Token: SeShutdownPrivilege	5204	chrome.exe
Token: SeCreatePagefilePrivilege	5204	chrome.exe
Token: SeShutdownPrivilege	5204	chrome.exe
Token: SeCreatePagefilePrivilege	5204	chrome.exe
Token: SeShutdownPrivilege	5204	chrome.exe
Token: SeCreatePagefilePrivilege	5204	chrome.exe
Token: SeShutdownPrivilege	5204	chrome.exe
Token: SeCreatePagefilePrivilege	5204	chrome.exe
Token: SeShutdownPrivilege	5204	chrome.exe
Token: SeCreatePagefilePrivilege	5204	chrome.exe
Token: SeShutdownPrivilege	5204	chrome.exe
Token: SeCreatePagefilePrivilege	5204	chrome.exe
Token: SeShutdownPrivilege	5204	chrome.exe
Token: SeCreatePagefilePrivilege	5204	chrome.exe
Token: SeShutdownPrivilege	5204	chrome.exe
Token: SeCreatePagefilePrivilege	5204	chrome.exe
Token: SeShutdownPrivilege	5204	chrome.exe
Token: SeCreatePagefilePrivilege	5204	chrome.exe
Token: SeShutdownPrivilege	5204	chrome.exe
Token: SeCreatePagefilePrivilege	5204	chrome.exe
Token: SeShutdownPrivilege	5204	chrome.exe
Token: SeCreatePagefilePrivilege	5204	chrome.exe
Token: SeShutdownPrivilege	5204	chrome.exe
Token: SeCreatePagefilePrivilege	5204	chrome.exe
Token: SeShutdownPrivilege	5204	chrome.exe
Token: SeCreatePagefilePrivilege	5204	chrome.exe
Token: SeShutdownPrivilege	5204	chrome.exe
Token: SeCreatePagefilePrivilege	5204	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
5204	chrome.exe
5204	chrome.exe
5204	chrome.exe
5204	chrome.exe
5204	chrome.exe
5204	chrome.exe
5204	chrome.exe
5204	chrome.exe
5204	chrome.exe
5204	chrome.exe
5204	chrome.exe
5204	chrome.exe
5204	chrome.exe
5204	chrome.exe
5204	chrome.exe
5204	chrome.exe
5204	chrome.exe
5204	chrome.exe
5204	chrome.exe
5204	chrome.exe
5204	chrome.exe
5204	chrome.exe
5204	chrome.exe
5204	chrome.exe
5204	chrome.exe
5204	chrome.exe
5204	chrome.exe
5204	chrome.exe
5204	chrome.exe
5204	chrome.exe
5204	chrome.exe
5204	chrome.exe
5204	chrome.exe
5204	chrome.exe
5204	chrome.exe
5204	chrome.exe
5204	chrome.exe
5204	chrome.exe
5204	chrome.exe
5204	chrome.exe
5204	chrome.exe
5204	chrome.exe
5204	chrome.exe
5204	chrome.exe
5204	chrome.exe
2132	helppane.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5204	chrome.exe
5204	chrome.exe
5204	chrome.exe
5204	chrome.exe
5204	chrome.exe
5204	chrome.exe
5204	chrome.exe
5204	chrome.exe
5204	chrome.exe
5204	chrome.exe
5204	chrome.exe
5204	chrome.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2132	helppane.exe
2132	helppane.exe
5776	OpenWith.exe
2656	OpenWith.exe
3600	OpenWith.exe
3272	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5204 wrote to memory of 3364	5204	chrome.exe	79
PID 5204 wrote to memory of 3364	5204	chrome.exe	79
PID 5204 wrote to memory of 3584	5204	chrome.exe	80
PID 5204 wrote to memory of 3584	5204	chrome.exe	80
PID 5204 wrote to memory of 3584	5204	chrome.exe	80
PID 5204 wrote to memory of 3584	5204	chrome.exe	80
PID 5204 wrote to memory of 3584	5204	chrome.exe	80
PID 5204 wrote to memory of 3584	5204	chrome.exe	80
PID 5204 wrote to memory of 3584	5204	chrome.exe	80
PID 5204 wrote to memory of 3584	5204	chrome.exe	80
PID 5204 wrote to memory of 3584	5204	chrome.exe	80
PID 5204 wrote to memory of 3584	5204	chrome.exe	80
PID 5204 wrote to memory of 3584	5204	chrome.exe	80
PID 5204 wrote to memory of 3584	5204	chrome.exe	80
PID 5204 wrote to memory of 3584	5204	chrome.exe	80
PID 5204 wrote to memory of 3584	5204	chrome.exe	80
PID 5204 wrote to memory of 3584	5204	chrome.exe	80
PID 5204 wrote to memory of 3584	5204	chrome.exe	80
PID 5204 wrote to memory of 3584	5204	chrome.exe	80
PID 5204 wrote to memory of 3584	5204	chrome.exe	80
PID 5204 wrote to memory of 3584	5204	chrome.exe	80
PID 5204 wrote to memory of 3584	5204	chrome.exe	80
PID 5204 wrote to memory of 3584	5204	chrome.exe	80
PID 5204 wrote to memory of 3584	5204	chrome.exe	80
PID 5204 wrote to memory of 3584	5204	chrome.exe	80
PID 5204 wrote to memory of 3584	5204	chrome.exe	80
PID 5204 wrote to memory of 3584	5204	chrome.exe	80
PID 5204 wrote to memory of 3584	5204	chrome.exe	80
PID 5204 wrote to memory of 3584	5204	chrome.exe	80
PID 5204 wrote to memory of 3584	5204	chrome.exe	80
PID 5204 wrote to memory of 3584	5204	chrome.exe	80
PID 5204 wrote to memory of 3584	5204	chrome.exe	80
PID 5204 wrote to memory of 3444	5204	chrome.exe	81
PID 5204 wrote to memory of 3444	5204	chrome.exe	81
PID 5204 wrote to memory of 3996	5204	chrome.exe	82
PID 5204 wrote to memory of 3996	5204	chrome.exe	82
PID 5204 wrote to memory of 3996	5204	chrome.exe	82
PID 5204 wrote to memory of 3996	5204	chrome.exe	82
PID 5204 wrote to memory of 3996	5204	chrome.exe	82
PID 5204 wrote to memory of 3996	5204	chrome.exe	82
PID 5204 wrote to memory of 3996	5204	chrome.exe	82
PID 5204 wrote to memory of 3996	5204	chrome.exe	82
PID 5204 wrote to memory of 3996	5204	chrome.exe	82
PID 5204 wrote to memory of 3996	5204	chrome.exe	82
PID 5204 wrote to memory of 3996	5204	chrome.exe	82
PID 5204 wrote to memory of 3996	5204	chrome.exe	82
PID 5204 wrote to memory of 3996	5204	chrome.exe	82
PID 5204 wrote to memory of 3996	5204	chrome.exe	82
PID 5204 wrote to memory of 3996	5204	chrome.exe	82
PID 5204 wrote to memory of 3996	5204	chrome.exe	82
PID 5204 wrote to memory of 3996	5204	chrome.exe	82
PID 5204 wrote to memory of 3996	5204	chrome.exe	82
PID 5204 wrote to memory of 3996	5204	chrome.exe	82
PID 5204 wrote to memory of 3996	5204	chrome.exe	82
PID 5204 wrote to memory of 3996	5204	chrome.exe	82
PID 5204 wrote to memory of 3996	5204	chrome.exe	82
PID 5204 wrote to memory of 3996	5204	chrome.exe	82
PID 5204 wrote to memory of 3996	5204	chrome.exe	82
PID 5204 wrote to memory of 3996	5204	chrome.exe	82
PID 5204 wrote to memory of 3996	5204	chrome.exe	82
PID 5204 wrote to memory of 3996	5204	chrome.exe	82
PID 5204 wrote to memory of 3996	5204	chrome.exe	82
PID 5204 wrote to memory of 3996	5204	chrome.exe	82
PID 5204 wrote to memory of 3996	5204	chrome.exe	82

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://oceanofgamesu.com/12-watch-dogs-2-download/
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa5ca2cc40,0x7ffa5ca2cc4c,0x7ffa5ca2cc58
  2⤵
  PID:3364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1884,i,2275452613745853883,467456756572002311,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1880 /prefetch:2
  2⤵
  PID:3584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1776,i,2275452613745853883,467456756572002311,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1948 /prefetch:3
  2⤵
  PID:3444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2160,i,2275452613745853883,467456756572002311,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2200 /prefetch:8
  2⤵
  PID:3996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3076,i,2275452613745853883,467456756572002311,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3120 /prefetch:1
  2⤵
  PID:2160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3084,i,2275452613745853883,467456756572002311,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:3016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4556,i,2275452613745853883,467456756572002311,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4540 /prefetch:8
  2⤵
  PID:5096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4856,i,2275452613745853883,467456756572002311,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4860 /prefetch:1
  2⤵
  PID:3196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3124,i,2275452613745853883,467456756572002311,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4776 /prefetch:1
  2⤵
  PID:932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4828,i,2275452613745853883,467456756572002311,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4328,i,2275452613745853883,467456756572002311,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4924 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5208,i,2275452613745853883,467456756572002311,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:5820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5668,i,2275452613745853883,467456756572002311,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5672 /prefetch:8
  2⤵
  PID:2472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5836,i,2275452613745853883,467456756572002311,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5544 /prefetch:8
  2⤵
  PID:3812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5984,i,2275452613745853883,467456756572002311,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5996 /prefetch:8
  2⤵
  PID:4772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5420,i,2275452613745853883,467456756572002311,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5508 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:2008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5224,i,2275452613745853883,467456756572002311,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4332 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5488

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3396

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:6104

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1228

C:\Windows\helppane.exe
C:\Windows\helppane.exe -Embedding
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:2132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:https://go.microsoft.com/fwlink/?LinkId=517009
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:2080
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xd0,0x10c,0x7ffa47c23cb8,0x7ffa47c23cc8,0x7ffa47c23cd8
    3⤵
    PID:4388
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,8520416877205964401,10143605338212256741,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1940 /prefetch:2
    3⤵
    PID:5428
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,8520416877205964401,10143605338212256741,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4976
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,8520416877205964401,10143605338212256741,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
    3⤵
    PID:580
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,8520416877205964401,10143605338212256741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
    3⤵
    PID:2288
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,8520416877205964401,10143605338212256741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
    3⤵
    PID:1668
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,8520416877205964401,10143605338212256741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
    3⤵
    PID:1684
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,8520416877205964401,10143605338212256741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
    3⤵
    PID:4876
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,8520416877205964401,10143605338212256741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
    3⤵
    PID:5208
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1900,8520416877205964401,10143605338212256741,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:240
- - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1900,8520416877205964401,10143605338212256741,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5816 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5976
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,8520416877205964401,10143605338212256741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
    3⤵
    PID:5872
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,8520416877205964401,10143605338212256741,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
    3⤵
    PID:4484
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,8520416877205964401,10143605338212256741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
    3⤵
    PID:676
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,8520416877205964401,10143605338212256741,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
    3⤵
    PID:4164
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,8520416877205964401,10143605338212256741,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3312 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1076

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6140

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1560

C:\Windows\System32\DataExchangeHost.exe
C:\Windows\System32\DataExchangeHost.exe -Embedding
1⤵
PID:4848

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:6024

C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
1⤵
- Drops file in Windows directory
PID:2368

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
- System Location Discovery: System Language Discovery
PID:3164

C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
1⤵
- Drops file in Windows directory
PID:1700

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
- System Location Discovery: System Language Discovery
PID:1660

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:5776

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:2656

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:3600

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa39dc055 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:3272

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
2e781408c838832df3338b6ceba66a53

SHA1
46e8d0479d26bbaa845c86f9dd6f0425a21be0bd

SHA256
6f0fde765c3ca663384b678549a799444945497cb9faa0ae8d913c3a7d821979

SHA512
0175d082ee7246cb51ae0aa5b0ae258404af1875c15398570c8e8121a5067869244ad639d6de06a14e1af0b16fc6b3b7605904df78cb84f736550bdfa19e1a75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
912B

MD5
9ae3b72e08214bbb8ae885211379da34

SHA1
ffbc69bdd09fc3d66c94f2d89b8d758123fdcfdc

SHA256
520f7f735370728050d6c38502238a2fc08dec751fdbab94aefb975d676c7983

SHA512
67111d5d45a98ebd66da160d67536e594673b9039994278990128c9e20db1e0000523a701c0b0cbbc8ee6cedf9320af45c28a1b16c8aeb30e5bd8305e3f341e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
a1758252ed671aecbff2e5bbabc6937b

SHA1
6b3cf4bcbfc6f4e095a263e22c940e5826048959

SHA256
7ebc69d095c0dc6824cd90d61938febbf52a936269117a695a4f45eeed809bbe

SHA512
f48d0031e39e73ebdd2a5c000b3237dda8788d0bf5221a8c43aa72b12eba647f196ab60317dadea41e0732f959b135ac826859c4e67e8d056cffd37fcc6bbeb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
78fab2431ef85a8ed2ea5916def2d8f8

SHA1
1b05d643ef1e133431d37ccd3a4583c48afdf63c

SHA256
54c48e0cca37e1ac3c9fc85046a31d56f06395e7f0cbc72098f4c7aad6a286eb

SHA512
862f2970414518e7ac7df5827940a6e997ead2835d3512c1653b1fffa6bcf72a950804bc423e5886f6658f6903b6e05b765289dee349b6dd1bf6787788856d82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
27cddd345a6e947b999a4381feb07e24

SHA1
3ff13ac49de9e09895532dd5d9e533c76f24d881

SHA256
e6622e83f0d1c852c95cb45a0c5ba3c4ea8b0831af85b8075dbe9bba554958cc

SHA512
98cc30176c95435f5697e4042031575fcfba40a23c7caa76d7eed3efec86a8947618521ad4e268c2cadddf1059521d71b5839f6d7f08785e2cdee879d3284a51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
3dcb0da0d906c1b35d64ac9324296ff1

SHA1
e2fb88e5e14fa61f6e766c63aa819967797e5af9

SHA256
d0c6e528ce41928a9eba0e70d2545e52fcd97fac48203b33a5641e49a3e6923c

SHA512
87b551b6055473854859ea47c2912cac7e6dd63dc69148a728f27fab51bed8c91e399707a39a76805fa08d3c9cd3ddbbe34cdaee1f652f10856d5086ca80cdee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
61c7a27c0959cee56cc4b85ecd08207b

SHA1
2c225e7671197cc87ec930b1b809991105598c7e

SHA256
d1b262c27a0ee98dd90b9f5f0171f254024553f58536c7a258cc64c9cf826604

SHA512
4fec9a1bfe0e185d6e6420aeb572582906529866d740fa9dcf5e732be5e1b756585ebc907347d3f6ba206632031d3bd36c736c204b60567faf651d52def20339

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2bd026c782fc44e8fdc06663258f2486

SHA1
e90e82ac6ea4e47ec77d461711c919d17c34fca4

SHA256
61b16f397cdddc3c1b3fe2357038f7a999a6c46aee4af46644a58604c95ff265

SHA512
b23d05e1beb0cc80d66f8ceba89ec29592cd46fe5b8eac49d5db94312bc01332b2f9e63674687b172e126672411236e161fbf16ba2603da76203ab985f97105c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
eac00a7449c52f1be1e15ac79e06cbe0

SHA1
1008e0db031e550ad2473f9b4478b1f81905b6f3

SHA256
57eb8904cffa4fb9c11c902a2020c7c4249eda8fd9b1603c60b3f70734ae5251

SHA512
e00fbf294d4bb41a34774d179d5f50f9beae652df4cfe1776844b11154c2236e94f92553d82073e57f36556955aac3f36230c93775c6f82a41319f736bf777aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6be649db27ad3d25fa2fe05322ae2851

SHA1
1e91172d1fbcefaf52115eecbe9f4010a6f659d4

SHA256
b0fb556ad8e8e3e20a7e065059d3f0ae25ee66a49b264dff19ab621807a59bae

SHA512
d48232de47ba6c52b064d69e85d4f88986b2f7f14c025bd16d915278a08e216a169a6daadd2339f7a74137ef0b41a42f3b45d79e7033da8768cca9f766e0ffde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
41b1f49a83888b368ca27108185eb940

SHA1
dc3e33a14e820403647d8b62af20a8d8ae7c0ffc

SHA256
54c03ca9d33fbaa207d5eef626a2e032f72953db1d9ff545fbb31d29bad32ebe

SHA512
ecc7e4fc0a73f5f3e091062bfb8df2b1070943c156ebf97a2502b59077d6c567668e253bb3c4d21cb78ba7b862da16e8b66801eee13aed8cd0b2f995221a85ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
33da5e21ef1a159d0641dfc1dc175744

SHA1
90a33d8fc20f7a5ea5258ad13c1c39f8f5901aeb

SHA256
9f765a7cc74b93c510c1e60cc938302b8825f2405955d20078e0a5af945283b8

SHA512
3d1394d2e0fb3da8283692f4bf6ada1f5f73bd09d52ce45a421865c580dd3dc3136408df0a83b86e440e63e595f9b454413528e7bbe0b3b230d9bd5680b07b54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6d87cff24eb8322745beab778b2ce0d9

SHA1
5e5341bb8fa7305a0712075a32f6fb25af8338e6

SHA256
8cf57f8d3df235a96978ccd1e4059f314e4193cd46bd2794f5d1d62683d9f840

SHA512
6bd0ebf28e08a04a610b0b7e02b9615dea276439ee96066977493e0289a1ac4a2928505399c6dab96e923ecf2f263f8a4364adc6e65ce921c989ebb3fddec918

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5fa2849f8bda57aca34db1a7d462ead4

SHA1
ebe545920f5fd88113af481381bc1517b3e6ad30

SHA256
207e47b9d883a6a07960c686f49cce00230f559a3828404032e81f69d2964a97

SHA512
ab09dccd48606e7b70beb5ae3a24b1d7e759e94067d019372567646fa17c50652b482cf3a51e9f4beccade5ae7572c7097a328274fd4e4ddc15cab9220cd9996

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c771a656e3d81a0dcb10167d208fe4b1

SHA1
8ab692fba882525b4459291e21d55d2e0da1703f

SHA256
6e3cae3b548ca3e8c622064d8080e7006128cbc9b4ddea9ec3c240425f862a71

SHA512
29f92295eea35ea348b2d8355c8e73fc115106ced449a7834bd819a36e92e9d1f6bb33899a50456262fb89d27d987945364fe4c7adfba542e832a32247efb41a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
017ee1799d30123cbe90a3aeee0f716e

SHA1
7cea7a70e04abf321b664a5d35d588a2bade2d8f

SHA256
d9251c27d7e19cf0f306a72e0db57b6b06af675484160cb7386b21209797af8f

SHA512
40801e72606a3170bbd490a4e9cf3e2b7671eb345971c7332fdd1b4a9c65a0fde7fe2f4ddb7edd027983307430f80b571225cd7175df362a13f6d3f5a49b24f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
95b5988437ecb8f578cbeb71fa7ec502

SHA1
7e77fcd16b3cc212e6c49f5e3e9d95d4fceb856d

SHA256
4939db7527601849082fb28b2f063453cf5025ae9c22cb0c98313ac0d62d8c52

SHA512
8b86d74c5441cf5322821ee88d73d373e3017fdc3911fe446a3ab77d89413e62d6cb8513fc5392012921cfe6f2a89dc6d29d02fc9d968567fbda3ce497be53e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
45188530614ff498b3e5b6685eaf7848

SHA1
7da393ba71a9d4ef4813f26e98a1a92e7df35bbc

SHA256
607c689bc9371ce9f6a19dee1d4c4dd039bb2d4e0e1f330d24d3caaeb607527f

SHA512
41fdab298aa2b24f5be03ecfca1452dcfe392a2bac26a1050d61567412767f434e37cd035889d59614709ef12821d25c6de107db87bf6ff9321842306dda2b3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4045c0857a4377add8e40e092ecb372f

SHA1
b7ba3d6fbcb06183be84273fef8c749e2999dd01

SHA256
3a9bb109b90786f670fe1a6a75b55f797695dd4ac573005de8b50e8a67082ab6

SHA512
44a308e260d13e8508f5d23523ac7c938d9f1bace6e7122d5c46064138116e3f0142c5b71c14489c4bd39c9fd6e17d68093fdfb5fed1dfe1ca3c5a01129815da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2d749dde0bdceabb6a3cd4e25e04760d

SHA1
2326e7126e71cb6fe4f6382da8669dde6059c416

SHA256
0a2c16f453367e02e0ec5131e3c802c18b9c4b73b4d9617ca95608cadc3176ea

SHA512
df4e47b8aedf2dda124ef03dbf0d96eace0d28cbb6993212785a22122a51cf7d0ae3fd30ea482856d27294ace5d0a2b5e8abd9b26a903408156e0fc6c2f53fb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
47e61c2579f01a1f56d314ca22fe934d

SHA1
b0c8027750dbc12fce5229121f50cb9e710bbeba

SHA256
05c1bf3500ed318ea3ec27a355c0c0df6e6ae1b354f183cee8c2e22ba8fd6c76

SHA512
3740c1d7b40e19cd1609b9287461a4bb650e184c2a2b73e5a6408eee68bf475f53861a337deea1b5114e6fe74d7447367ad9b635461eca8afb5404921e9a79e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6bfd3d888c18afdaa05fcb21782a9156

SHA1
132625881fc142fece0ce64f96d1f828a3af7ae3

SHA256
324e2ede51d23749163a00a21b737ed3668b0fff765ebdf6f257d3bdcd0263e9

SHA512
10168e34d10d9587db8133a19f57204d0e86f5d8950e0174cc049f3ba41b20a4b9975d1df2fbaa3ba35c6d7869f674115596e9041e7cee4137d0bac6184bd8f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
74d985e2ed046e816dbece664a44e395

SHA1
82ed42659753443cd5a7e72aa7b020262b9c35f6

SHA256
55a2935bae72f77a7f91cd51b602a349a2ebb838d55a606d86bbfc8b36128551

SHA512
ee550ea18f5c89e10c660710d9045778fb5448f390e5f308cd0c12a024ec54713e328a5ec1e67797d2522dd04a07d88d67dc86d00ab05fb85ab08a74a36ac107

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
62df169a9ec940acf2dd5eccb4effad5

SHA1
67779b7722643796e4985c19b8242cf29f54b728

SHA256
97d4b9841d557f804b364116a8d0d28067fbf826489baa159fc12438764211d9

SHA512
eb81fcc63a0988fa40493aeaa035aef6dc8736f1e6a3d08498b35118d7345b380154ccb87a1a696b3d79cb71b564f848b35b3524c090b47a9278d79f79f47d7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
40a38219afa1c9ee8ac65f95d10a180d

SHA1
fb80d05f917d719a61f2e56e5c66e52bac9784a8

SHA256
dd680c8b6cfab92e818fca83df22da2327636ae88d0a825868586c9f2150ae52

SHA512
685c4afefaa399cab815f705a9c1db7022ce8a21e584b8d27f89a1aa37c3c4a40b7a48a86247b7c27a1bfa37f16b21fe93c80f5b34b3dc460097ca88c605343f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ab338f918b1b5aed67a937113ab1841d

SHA1
6a6dcc17d46c3ff0b2dd0010d1cb0ba5641afbc2

SHA256
d1d7ec2e3b4f601a3d3d3e4cb93c5b626726ab031949a30ff61f219094d466a4

SHA512
69956d85d81b0c4aa97d703684505d4c3649e593efaac604c863e2a3f464ddb6fc3d16c56739eddfa20317d4ff782cbfa0cbc4cc3a18f36013d88db6ef8eef14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
926599c04b20fb7c28a45212efba60c2

SHA1
a465e015a7dff29ed1a12b9ef05dfd9802169173

SHA256
05e514f7089957afc12dc67af6ab7aa89f0e4fbf5fe4b4c4796839ca7b8d7b18

SHA512
8af29645a24d598ef7c88113032cce48a8c7b6a46cb830f3838cba0ee7081c8ddb77290d11fbf3409c36d993dca0f6521f7685752c98c69f38944e7eb5f70277

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
accc6cc7b1a9a0c17a51f09bdab7b521

SHA1
41714d9c3b3da0565e0393c91d04e8bfa34054f3

SHA256
3bba7928cf96549f4b402a6d18269cf67ecfbd55b5d80042cfb9fa626c59f261

SHA512
6355325e27fd5652542f88d8c0d3f2bd86a5f7ac05af88f0d8fc0f2d5a65107c6e965af9b3ad9b52fc676eced77560a2b70bdb5c4094aaa682bfcb4b19317bc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ccd0d86cd1e85613429c39c53a7ddf12

SHA1
1d8849c355267a2ee6d1a44ab35ab825176d3bb2

SHA256
54f04bf8713fd5626172a3fe91a51feb15581786524aab4421081dbc710da28b

SHA512
78867a0af9989137696bfe95a3818d5d0e4f29b8b01cd0b806956ea421a1db1bbbdb6e282e198c2d972103fd2133107ff942679ff8b532345a9857f411f7a9ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
44b61b8502c1dbd87dc9afbaec5a04aa

SHA1
4326bface6ec54921541e93d0bf4ffe2cbfdfe09

SHA256
27482adc0f616929239c758c55221982276baf4c1fcd9fc04ea4e928982a4e0d

SHA512
5afb116596fb1edfc31cf8be569d3fa2fe1e74a54496f0e642436366138508fd1d287bf614bb5ff8de5ab9030585b9e59996932d77eb027cf49e6b49e98090fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e99362ea2e0e5898e7443dca5325f219

SHA1
38510f224ca5adeee134d8f5bc22249ac4665600

SHA256
b01ba04bc4f6feae7bd615f9e3a0dccfed73ecf012b4c9d484633a247b04a9b2

SHA512
ec0cbdfcaccc3ccad19ddc7abe3b867ed6f9f9d32b86c452a5cefc3203a60f9f4812f370f51af41654f10ecbcb08d6c92d2f3f579584233e79814937e4c99b88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\b42223cc-1111-4e32-9d6f-f57cc704241f.tmp

Filesize
9KB

MD5
857f81a7e14ca44cd202b03f444d2b16

SHA1
ebb79054fee24c9486d61a3923689117d21bb86c

SHA256
cb3d76a840b711b6340340edcf9fd57dddae1e41c39448cc9727f064f68e1714

SHA512
ca845291a3f3b61958359a9827cb0f491df500aeb8e938d2545852bf10f3cdd33ea49c9551b7bc47ca06fd0ac0b20119e34a306fb3a5f172665f11b31d837762

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
da585bf25bf66978e4298fe10df590b0

SHA1
2d4f2cdca1f19cd0a755dc26f6d0ca983ed3ef5d

SHA256
27b273d94a8a3511acfd53f91b7684bd2ab74bfe4d279c90f5661ad992a1ec42

SHA512
16bf04418b4cbe86317e29c65e7acc2555afac2334292ee677dde2d3a94644aa37260917c2abc6b0571103516f7080ccf195ebddb3b9a63167f359cf300cb88e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
f2ebce947734c5e361bb41a42c99b4fe

SHA1
a57b9512b1321a1926406c48fcedde49ca5cff67

SHA256
219ea1cd536b7754698306abdf5a8d436be0a3474f9098acec391d45a8735e0e

SHA512
4dfbd3757804598270019c04a56be448056a8d8b12da054f2a52bd45ce39ff8420c9f765be98c70f82884f7df31f7af34fd70665d688fff15341537b3d6189ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
6934ef21dcab8585d9e4c950757a4fe2

SHA1
cf4ac2b0bd7e19d7010a70e837896a6afd42e686

SHA256
6c601a3ceaa4cbf82e49b0a5de742120d6661b84b62e7d463d93236315783125

SHA512
6a29508c663f9ab7b3d9b8c816d5d0eb5fd5bcde61d9238476e68d6da6bed0f85c8b384864a538275ffe758174fd744568fca5ee550298388c7f47e5e7ffbfbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\d46a640b-a593-4643-9be5-6f555073d888.tmp

Filesize
195KB

MD5
b78f1fc8b6012dba076e73471ad621c4

SHA1
e2e38c9e265f6f2d34ff5c672dc4db47c0dcfa64

SHA256
79bc4e4c2ba323880bcc315d865d39af7232477e0874810f1e17f4bb2166eea8

SHA512
489b681a7ec9e905491a0fb43378290f021e621ba274d40376278b20a9de55346bbe6e383584d9330dc624ef2890c24c3a89ac6675796682a842941d9da81ded

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\1d06c67c-b911-4561-a3bc-e340f96d3404.tmp

Filesize
10KB

MD5
fd29af6b2a26b880bbc486defa56b1e6

SHA1
a833eec1a37008f3e7c83d336434cbf856f5672c

SHA256
4d5ee429391c0bb029591c2548785bfc44e9a0f08bf01c852cfcb739d0b6b7da

SHA512
68f56db6862dabd16e288d79962da12cef3debcaaa37508acb7ee58585d13e64da527d55dd80de9ab73695571f423d320441ec85f68ca678c2feefdef48f13b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f74f80cd052dc4903da98dd6916f375d

SHA1
3e3512884ee41291824b30b256670b3d0a1c8d40

SHA256
d9589878daebff7c0991b2007a7af982f4760512545b4e331708f3f3308447ac

SHA512
bd186699a85c91cda88df15ebee640f99b55ff168e228dd0de8d7416d62de1bcb57e88beb3b12ce74a54a9c7491934ef3dd5fdd6b92ab5c909f129b419d96b77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c32b6fc873c040253034fe4bf5037bd0

SHA1
fc58579eb5bf46c8d5246a45abae3566898c2e27

SHA256
8d59014ec29aebf56b641a018b29b6c64e33764d7a2262283ce51319071f930c

SHA512
e8ba0e9e78bc58b3d6d671a1e693cbe81745f000daaf281cc6aa6c591ae261b981f704e3dcb32f0fef87424aab0f42e4cfe40e445d8ef5a529c7bfda8ac510f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
4385f12b57fc978ee94351f713f2eb11

SHA1
7d1da4010f386ab427df834675592882b8e82021

SHA256
fb960a1f609d8a78f2ca62e64440f87739a7b0f9af2709d7c5ecb242c8c55bf6

SHA512
be79abcdd744c91b019c9e5e3f601ed24381a54457b718ed7447a09adee1c5d7392e735af6d4d646054579decf6d9b5d51dd3474dcd8dcbc33c23afb756f9fab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8c92091efa9bec79fb4151f4bbaa95ea

SHA1
fd293862771d392c4c64a57ea17bd5b92df1943e

SHA256
938546c130a72fe60f31cdc162503583aeb71d027fe51990a0f1cad8d0075f5f

SHA512
7ab3bfb18452cb95ce72c75168dbbd7d2dcbf1a1cb0c7780b98f11bed0165cc6a4493760fc979acb2f396ee9fdd8b74e66bd3a923841c85bbf9f87925abf2203

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1a47d208a295c53e40a65ea6ccc31525

SHA1
29def63498ebfc33a0f138d68e96fad855e1df6e

SHA256
f05a6ed5b6bc401433bd64d6f31f759656ead8e2130505c0499590131251c712

SHA512
3939943d6aa9e220ce45f8bf0b821181062b36cca501b9fc5f2d8cde5cc6d507cb93bcc62b9f06de0be2d7689bf8b79c7f65f376fa7cb30632cda0b0a0be60b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4245a257fff946ae978bd4795de8cee1

SHA1
fb4a0dd691d5e84cb21dccb63e1a7e7cb8722aee

SHA256
82caf4a0e00f1a34e92077cb6116a5b1d3a9671944475ad035a91f782dabdc46

SHA512
e21ef2aeeeb13a27b462f942e25cf09ce47f78d323fa5adb9fe12e7ea87d86a3405fe920a2316945d55e5bebe216d43bcab00465035779118e067007c892c093

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0d293fd97b08362e8affc9bedbc3785d

SHA1
5cf62d0c2e4c3990c7b0d5c79c089a5f11b3f984

SHA256
e393df055f1b5a260d9cc54e259fd3d145a85adda9de83472bd0cd23d7fa1de0

SHA512
6cec394e53ae35a4572172849dd1478ec7904914af8eadb289e75ff7b84c8c62f46ed8b591de138b4f90959ce9ab9f22cc3c464a184c807e19ccfbb01a595752

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
25KB

MD5
5c3d7765ba43bd1edee4b831682a4b15

SHA1
85b74a85860b724221380ac36104c4cee5ed4b38

SHA256
c5f1bd264450e4e5abbc92baa64264e8621ffc3dc7ffe360145958651635b186

SHA512
9e6977b042efa5eb699dcd81cb8246309dc51e89b4e90ad752d4dbafba629c2f55813da36959e4489cae1f738f28c9e1bb976bc030b34e0c956a7656defeadf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f1cb7ffaec8e96c87d196fe4fe42b419

SHA1
46c02b532c4dabaef75fc4a2a599100889f05103

SHA256
1356a45da708794c4bb2041933964fe944fc7fa41c4e60f9816ce28b0a909ef7

SHA512
af5c64bc283f99f42d8d40bdc8458e163fbbfcea78d8804f1f3d3723bf1ead4d2dc84e7f19bdf8b8dcf90ef2e84201b4eac724db129124076641478cc997c62c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
045a9de39e965105490a0d7ec21b15fd

SHA1
1873eb1f8bca079e91aa77353e346dfcd75bf25d

SHA256
7f36d48a477f4c82f13197190f1293e7df689175d1edfc767beab37c097785d2

SHA512
80ac1a6abdd6ef9723ed45a6734eab36026a66b1771b61f3e1100c5ef30ae01ff2f4b1a645325dc745a54f509b97229ed9fc5eae4cd2634abba126c98e1fa836

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5950e5.TMP

Filesize
1KB

MD5
3e791db911ec97cea0bde8c9a17edd71

SHA1
c15b81a410ffe9fbe7d639ff456f2b0721a0cbb4

SHA256
9e4e4f2db1b068bf56251dfc0a66b658d9d84419e4c1a27464d95f42922b4ba7

SHA512
df3f042de0328142f4229f97ea2eab49e8bd3e6df1ba0e7f5875ce38c14a104e2509a391855e2fc3074fd4c51e60e217ba0c8494d49c865358e79a67094ed62e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e30dedc9-1f02-45a7-b51a-0fad66fa2091.tmp

Filesize
1KB

MD5
e348976b8b1baab9b2b1313f8a2b298c

SHA1
dd0f496f9d5753031f131b5beda5c96c035946bf

SHA256
e6cfe971f6be9b7fe0ec9983828fa034f4ff312ce1b8f63e277906ba256084a1

SHA512
ef76c36c9954869e5e6f54a41fb27df27e6811f1d9092b945b4b0504447398b5d687676ff1be00a788a6ca62f9f7a356eee10d26b67c78218c91b65eaccec790

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8c79cb6448f3fdab88a5a27b11b18732

SHA1
f635d87f6e1aed2bf1f9f5d94375ebbcb017bce2

SHA256
6167d4f7ecc55c25e0ef782ed6cd4078498fb825203aeafe3e3c73165763cb88

SHA512
42ddbc9d2aa4070f068381c203ced72ffe42b455cae318701f0c6aab81a700176fdff706fbab7d9a2ee6dadc6bfee09c8654511c810c9749f75a57a953ea019e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6a973e3f81b07af2422c57b26096a1bf

SHA1
6788ebb27dc8bb430a372b617af5d8c1209e42bf

SHA256
7fd499f4faa01268d5be189c7aa87f536a47023a9d54f83d3f2bfd3e356ff939

SHA512
9475fffb1524a27949441b8da69034b2a5c88bbc4862f8ff7b1366b210360d7afec85e8c91cb2021c350523a1564c3f412ab40e7b3d2b6fd6a9ff5090213c14e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2024-9-21.125.3164.1.odl

Filesize
706B

MD5
bb86968d9b21ec61800d0b6213eed209

SHA1
28e1692c4de9200eed13cf650e23cff8aab3437b

SHA256
19622ec5596d34768a8fd36f12a3a5684868c757b5af3f0bdf99b1daa22057e0

SHA512
d2a1ba79f0ae7d3e0b38fd5bc93e503d13b8134fc6a387dbb9e2c72fc346b7efd75e88d6dfce5574c3872f3548a2265e290d43cfe6c6cbb8e69904ee9f9d43f4

Download Submit
C:\Users\Admin\Downloads\Watch Dogs 2.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit