Resubmissions

02-10-2024 01:14

241002-bl45gazcnp 3

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-10-2024 01:14

General

  • Target

    http://clicnews.com

Score
3/10

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 52 IoCs
  • Suspicious use of SendNotifyMessage 48 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://clicnews.com
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4172
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff5b8946f8,0x7fff5b894708,0x7fff5b894718
      2⤵
        PID:4328
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,4141594706362140946,9659472659138116591,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
        2⤵
          PID:60
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,4141594706362140946,9659472659138116591,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4444
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,4141594706362140946,9659472659138116591,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
          2⤵
            PID:4772
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4141594706362140946,9659472659138116591,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
            2⤵
              PID:3556
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4141594706362140946,9659472659138116591,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
              2⤵
                PID:4752
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4141594706362140946,9659472659138116591,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
                2⤵
                  PID:3788
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4141594706362140946,9659472659138116591,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:1
                  2⤵
                    PID:432
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4141594706362140946,9659472659138116591,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
                    2⤵
                      PID:816
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,4141594706362140946,9659472659138116591,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6128 /prefetch:8
                      2⤵
                        PID:3692
                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,4141594706362140946,9659472659138116591,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6128 /prefetch:8
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:3288
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4141594706362140946,9659472659138116591,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1
                        2⤵
                          PID:1072
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4141594706362140946,9659472659138116591,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
                          2⤵
                            PID:4500
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4141594706362140946,9659472659138116591,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3936 /prefetch:1
                            2⤵
                              PID:3400
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4141594706362140946,9659472659138116591,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:1
                              2⤵
                                PID:3816
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:2608
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:3628
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe"
                                  1⤵
                                  • Enumerates system info in registry
                                  • Modifies data under HKEY_USERS
                                  • Suspicious behavior: EnumeratesProcesses
                                  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                  • Suspicious use of AdjustPrivilegeToken
                                  • Suspicious use of FindShellTrayWindow
                                  • Suspicious use of SendNotifyMessage
                                  PID:3916
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7fff4c47cc40,0x7fff4c47cc4c,0x7fff4c47cc58
                                    2⤵
                                      PID:2396
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2052,i,2108631658200992238,8424133339828319358,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2064 /prefetch:2
                                      2⤵
                                        PID:5108
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1720,i,2108631658200992238,8424133339828319358,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2176 /prefetch:3
                                        2⤵
                                          PID:1588
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2292,i,2108631658200992238,8424133339828319358,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2496 /prefetch:8
                                          2⤵
                                            PID:1636
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3140,i,2108631658200992238,8424133339828319358,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3160 /prefetch:1
                                            2⤵
                                              PID:4244
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3192,i,2108631658200992238,8424133339828319358,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3348 /prefetch:1
                                              2⤵
                                                PID:2952
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3144,i,2108631658200992238,8424133339828319358,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3752 /prefetch:1
                                                2⤵
                                                  PID:444
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4596,i,2108631658200992238,8424133339828319358,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4592 /prefetch:8
                                                  2⤵
                                                    PID:428
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4712,i,2108631658200992238,8424133339828319358,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4836 /prefetch:8
                                                    2⤵
                                                      PID:2100
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5104,i,2108631658200992238,8424133339828319358,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5116 /prefetch:8
                                                      2⤵
                                                        PID:3928
                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4916,i,2108631658200992238,8424133339828319358,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4928 /prefetch:8
                                                        2⤵
                                                          PID:2192
                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5292,i,2108631658200992238,8424133339828319358,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5296 /prefetch:8
                                                          2⤵
                                                            PID:4144
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5244,i,2108631658200992238,8424133339828319358,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4928 /prefetch:8
                                                            2⤵
                                                            • Modifies registry class
                                                            PID:3684
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5276,i,2108631658200992238,8424133339828319358,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5208 /prefetch:1
                                                            2⤵
                                                              PID:860
                                                          • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                                            "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                                            1⤵
                                                              PID:860
                                                            • C:\Windows\system32\svchost.exe
                                                              C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                                              1⤵
                                                                PID:1592

                                                              Network

                                                              MITRE ATT&CK Enterprise v15

                                                              Replay Monitor

                                                              Loading Replay Monitor...

                                                              Downloads

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

                                                                Filesize

                                                                649B

                                                                MD5

                                                                ddf1f789266977fea804404b7b1d2e76

                                                                SHA1

                                                                7a7500c5b8fbd05025ddfc364405a61f2d5a2d9e

                                                                SHA256

                                                                754eb80a7097ff8105895889060d286637f7558e7bebe3e2a123048ccb2ffcee

                                                                SHA512

                                                                e0297f54edf24d750b3a01eac824db5c9e57f31becda91b19c6b4bcd52ba7aa33a6e7a199a259656386ca44d8a8e664d62e50a7127c5421be4fdd4f9fd5b7562

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                Filesize

                                                                264B

                                                                MD5

                                                                1ddddc1541fc36160531b69e40abba1d

                                                                SHA1

                                                                8f36bb1f11ce83a7f3454767bb5387e20deb2a72

                                                                SHA256

                                                                eefa05e4a14394288b326bdf5ee342bea0b148f864fc331daba36913464fa382

                                                                SHA512

                                                                369b2aca0eb4042043c095bd63b4e204e69b0ab94c33e1aa6d5605d317b90bef2cc0bbe2b1c06393d8a4b909999f43eafaa3cebcb7eef7d3b59aced21faaf004

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                                                Filesize

                                                                2B

                                                                MD5

                                                                d751713988987e9331980363e24189ce

                                                                SHA1

                                                                97d170e1550eee4afc0af065b78cda302a97674c

                                                                SHA256

                                                                4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                SHA512

                                                                b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                Filesize

                                                                1023B

                                                                MD5

                                                                bd5021d8280b2e758a7a155bea46ac6d

                                                                SHA1

                                                                cd1d14f1df601c1e35fd8fc15c693c89dd9cd974

                                                                SHA256

                                                                fe53833687b943cd0c1016082d46f54c75e713fbf75b732becddd5aaa9c11153

                                                                SHA512

                                                                2e94feca8cf8a99af9f3e921d8c07062d32be9ad4f5587dc00bbdea5851677357a41af417d4343da4edfd8767f09443b82b156ca037b937350c05a797eedc516

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                Filesize

                                                                354B

                                                                MD5

                                                                516096c80b619b1619f54b94a994430f

                                                                SHA1

                                                                37b81d660b7d4f550af61946c476709315b030af

                                                                SHA256

                                                                63848e3b3f1a6f4bc4df9e0c28e697bb4f4932a98c08e89b50fc51770d5d79f8

                                                                SHA512

                                                                4c63e772df37de8abf37c1e34dfe9c5766b771f085a6d2a36a80d4d62a1e7ba13229f6f847aaf74ad534c761b1e6491c53bdc6f646204791b93f21f81fb546b4

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                Filesize

                                                                9KB

                                                                MD5

                                                                4099c91736da1333888ed51194526dba

                                                                SHA1

                                                                d8445b32cfd8ad9c8a37475a839685e93142e0e4

                                                                SHA256

                                                                154b7516759249f717b66a976676e057fc54e169a13f0c4aca7d0dc1a2c80186

                                                                SHA512

                                                                7a9ee48a06e5e35e7f743785c570de41000b951c04e0777e5ab851cb2f47522d9d9f4fe823fa60a4a88f62f9a5ae6cd2370f549bfbb1349edb670550a966be7f

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                Filesize

                                                                9KB

                                                                MD5

                                                                dab9c3d3670d0049b505608cb941cb25

                                                                SHA1

                                                                f6515c569236aaa9cff6871a7fc22b3c07c27b38

                                                                SHA256

                                                                93fb8d82f61d77787e836ecc319982db5eec62cafa52023f6b7f5064278bae83

                                                                SHA512

                                                                b805dcf1dce33d56be3f80cc1c6aea9bc35550d3f2bd441413d5aa1e6bc872f9f17f074fe1d2a3d484d5afda0946f5a13d0acf918b9232a40b9566bd787ab751

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                Filesize

                                                                9KB

                                                                MD5

                                                                551b213cd076d9091a50f7225fd14615

                                                                SHA1

                                                                455d15db1ef6842b0c1107ec4a7730046d005461

                                                                SHA256

                                                                48873844ad45449d851654894cc7c41951d7fcfc02085647e9f4f7c48ab15aa1

                                                                SHA512

                                                                16885721e6abaf2a7ac6d2e2e73024939a656ac92eedcde05a4a39848d830a94646ee158c7d0b15d9118143b11dd3fdd36fe86b5f43f7872cdf660697fec1785

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                Filesize

                                                                9KB

                                                                MD5

                                                                c9f4e3d8ad96197274894b1f621ca706

                                                                SHA1

                                                                a4c1790debfdfd5ae64e97b3ca4114e8b0fec59e

                                                                SHA256

                                                                66bc4f104690cc6d8bae0043852bfa7e1232d382e7cc83d0ad0e2323b02a6d63

                                                                SHA512

                                                                2d5af0096427594b2be35ffd205f2464374fe9c3797477144a2d36a156fcb070f2d69087109b935b30589712fb06c9a78214fcf7ee021f9cb4a9f4cf6a2429f2

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                                                                Filesize

                                                                15KB

                                                                MD5

                                                                f6dd16bfaea6e05f3ac5a16c677fe236

                                                                SHA1

                                                                875fff6f55bbeed07811fd3773acf4696eea6cf3

                                                                SHA256

                                                                3862efbafdb7508f73c73e10bd3663d2c6561185a09c5ccdcc75bc9f8523aa7b

                                                                SHA512

                                                                cbc54e26649bd82a281178ea2ed3dfd648a7591a166025f4ebb7e84d46ae58cf597521c91aa5742d34c1275c4652128e6ed67ebe1147ff5b7f949a6235b28ad5

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                Filesize

                                                                211KB

                                                                MD5

                                                                362d764e76f9d7ae4c029c46f732cea6

                                                                SHA1

                                                                dae59fb34e256ef20141156078f1c079a8be9777

                                                                SHA256

                                                                c5165570aee9553b614afc77f5f1729a37bebd773bc53b992cb04ef89d50e5f4

                                                                SHA512

                                                                141d7ca69c7aa200f914bcd2d01c440eeb18183a96aa126840e509119c2fc4b8af11bcd345932a99bb457727d056b166887e938b3547ef8d566572f1bde3a75b

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                Filesize

                                                                211KB

                                                                MD5

                                                                d89de11c91d3f81fca0afe2881326ce4

                                                                SHA1

                                                                57484bab1cee6836617439e6c721bfcf6067c063

                                                                SHA256

                                                                d2387ff3b4b240d787605930335ecfbf66278b3990f0ab02456c5f97547d60f0

                                                                SHA512

                                                                53f021d95d62d3a05d27b5e9f78574823e38fd6189cb32b73d404ef4657e2f441de3655c21348aefdb948b916b647f62dd2118eb125873c26bb5a6f096593f2e

                                                              • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                Filesize

                                                                211KB

                                                                MD5

                                                                6224f29bf4e39137d1269e3d509b537d

                                                                SHA1

                                                                e210304344508935aed398f9144364c1fce218c6

                                                                SHA256

                                                                8a9a9f319674c53ef63521942d577820fe59089db7f092f1704efb7da7cc3b74

                                                                SHA512

                                                                f4e070f2986704d963566ad0e1cd3cafdc66497518327d2c60a1b1f52375d5070eb83a40ef85506457362f94638abc0b3f0b6e6aa5a8cc52ddc42fc3d2a838b5

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                Filesize

                                                                152B

                                                                MD5

                                                                9e3fc58a8fb86c93d19e1500b873ef6f

                                                                SHA1

                                                                c6aae5f4e26f5570db5e14bba8d5061867a33b56

                                                                SHA256

                                                                828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

                                                                SHA512

                                                                e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                Filesize

                                                                152B

                                                                MD5

                                                                27304926d60324abe74d7a4b571c35ea

                                                                SHA1

                                                                78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

                                                                SHA256

                                                                7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

                                                                SHA512

                                                                f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

                                                                Filesize

                                                                213KB

                                                                MD5

                                                                f942900ff0a10f251d338c612c456948

                                                                SHA1

                                                                4a283d3c8f3dc491e43c430d97c3489ee7a3d320

                                                                SHA256

                                                                38b76a54655aff71271a9ad376ac17f20187abd581bf5aced69ccde0fe6e2fd6

                                                                SHA512

                                                                9b393ce73598ed1997d28ceeddb23491a4d986c337984878ebb0ae06019e30ea77448d375d3d6563c774856d6bc98ee3ca0e0ba88ea5769a451a5e814f6ddb41

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                Filesize

                                                                648B

                                                                MD5

                                                                a20cdba39e78fe476c5ee906fc571dfe

                                                                SHA1

                                                                e4c237de843a048c656e66574c2fc7db94e9f732

                                                                SHA256

                                                                ccd04b1ef0134540ba6f28619887b4d2d69f51ca30fdadaddf6d6f72bfc88b24

                                                                SHA512

                                                                9a794543853cfe6b3a25d2b9c1f883464751558442ac20632700c41639a234bf02ac63463ac5fc2c150fea443796d6de1d51029fc79c2e3b6e91c7f883adb48f

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                Filesize

                                                                1KB

                                                                MD5

                                                                146aa3031bd2a63d82eb4c4ddd1c750e

                                                                SHA1

                                                                31afa1b0cabfeb742136a24d0dd7acad74349b35

                                                                SHA256

                                                                0cfa3c9d99977e07455b2da2bf2a9865683115286240fa37faa01ddb6078ee82

                                                                SHA512

                                                                59cff35e28a68909cfc619266a5dfc4955930d35c660b21609c47b78edb82b1dd92b3d483ed4a5206abcbf0e27cc5014ef4deb9ea4bd5b77c99bf9cd2bf04f34

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                Filesize

                                                                7KB

                                                                MD5

                                                                c9083b1c7dc7346e3ce66d62f3432b2e

                                                                SHA1

                                                                35197f0dd2e4755507f71217689ef7f89fa5f8dc

                                                                SHA256

                                                                47df5cf2db6a502c9bbc8295c767763d44ac2063afe1df44cbce601e4bc17bdd

                                                                SHA512

                                                                8f9f60d732cd5e6516f3ca1c0d8b8139fb2accf4f6b1abb9dad2d1d3441d40f625de1afdb618855b14cff84d6b3478b367e4612202b1ca1d264f946f2651078a

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                Filesize

                                                                6KB

                                                                MD5

                                                                4b022e3f2569ad4e3f5305a7a30d4c18

                                                                SHA1

                                                                57048e997f82b08e0f6647d9ddeb698b6d51b4a2

                                                                SHA256

                                                                e342ac1aaf93d9e1a57c006ac4c8a106ec1cefabbc4b84a7e41a4347220143db

                                                                SHA512

                                                                eedf3294e9397b05979cfe212a78a83a3352b67b94a37226fb43f066535d74dd744ca3bf772e3df90818f1305cb02f43eba412c7e9cd3f98308d7e0fc8b2444f

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                Filesize

                                                                1KB

                                                                MD5

                                                                52de790b99a3d21e6c7303eb92c88122

                                                                SHA1

                                                                e4b06e4910008c6d43d9c29265aa2f8fddba02df

                                                                SHA256

                                                                0d68e9c5720f434d1862bcfe64c3ff21406ca201eb216346e51a55eecc84941d

                                                                SHA512

                                                                b482f75cc9275692b43ba35d4380601cc9d1230f74dedffc7db7b1b9b93711f3df353afa646539e5acf8d7d6d3d9ac188ba420817ff64714b0764ea696179713

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57db9b.TMP

                                                                Filesize

                                                                1KB

                                                                MD5

                                                                4a14db5ea39414ac9bababcc6371c394

                                                                SHA1

                                                                9f800929478aec83260465e8f8d347b5e3a4d7da

                                                                SHA256

                                                                b88a2208cd081f16c9a0db34f894b7e160e1b8f16a6a8354253b86e5dd1790d8

                                                                SHA512

                                                                5ada1021b4f7d03df31221bf10969c1cff4fd736beccc5ff3292f4828695dad6712ac5c2d4a46aad5f252db3057552216835c94b27a021516dcb0c9f515d12e1

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\cc077a57-8674-4bd5-85be-b2b2e41ecee7.tmp

                                                                Filesize

                                                                5KB

                                                                MD5

                                                                88b30e42e1cb6c884035c306994be174

                                                                SHA1

                                                                f3bbc56b10049a69a6d1bb09346d23fa39dd3cae

                                                                SHA256

                                                                739ad398034b23b0d39331cb61653ed69532f3a00595637a74ef595a550da42c

                                                                SHA512

                                                                73bb6c30393c3cdbf0603ba03cd5464e5f78e0caa62a5915b1f0576856473ef11d8e73733f1e626b9eee55f79f93d04ff85a7d98e23fd90034f49939b4d04776

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                                Filesize

                                                                16B

                                                                MD5

                                                                46295cac801e5d4857d09837238a6394

                                                                SHA1

                                                                44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                SHA256

                                                                0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                SHA512

                                                                8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                                Filesize

                                                                16B

                                                                MD5

                                                                206702161f94c5cd39fadd03f4014d98

                                                                SHA1

                                                                bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                                SHA256

                                                                1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                                SHA512

                                                                0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                Filesize

                                                                10KB

                                                                MD5

                                                                2e1f76f12daa42877a4a5ee5f41a1795

                                                                SHA1

                                                                6b0e85e065ae3818b3595e246d1dbef8f84ef5b4

                                                                SHA256

                                                                3eb95e772e3c092c5c4b838b6567951a2e9297108a86dbebe816e6008777975d

                                                                SHA512

                                                                7fb6818e8f53e92820d51a87aa9674db7c889651742faefc7ad0eb05588be1a846cd0d3f0cb4c5eb65a745edea80fc9502862c3f238ce6a1ac10a979f54ada52

                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                Filesize

                                                                10KB

                                                                MD5

                                                                7d37d00727f8a17b182f503f27a69b82

                                                                SHA1

                                                                304e3b0d7b2a043b501182163ce59eb47b0848a0

                                                                SHA256

                                                                36503cd89c28db9b11fdc3875dbcc3301814d3fe4f278579597508ead96aee9a

                                                                SHA512

                                                                18b2895ede97752303d463bbe945fad035a6562937c4b7a62329472258edb01010de275567819d48684c0aeb216865eb21e8bbd97bd637fc9b43f40ca4c7085c