hxxps://gofile[.]io/d/CyYx0E

Analysis

max time kernel
267s
max time network
270s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
05/10/2024, 15:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gofile.io/d/CyYx0E

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
122	discord.com
123	discord.com

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133726155131553647"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1735401866-3802634615-1355934272-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1735401866-3802634615-1355934272-1000\{6E140172-BADB-49FC-AF83-F6CBBB99A26C}	chrome.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
5372	msedge.exe
5372	msedge.exe
4012	msedge.exe
4012	msedge.exe
380	msedge.exe
380	msedge.exe
4916	identity_helper.exe
4916	identity_helper.exe
5912	chrome.exe
5912	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe
3812	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
5912	chrome.exe
5912	chrome.exe
5912	chrome.exe
5912	chrome.exe
5912	chrome.exe
5912	chrome.exe
5912	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5912	chrome.exe
Token: SeCreatePagefilePrivilege	5912	chrome.exe
Token: SeShutdownPrivilege	5912	chrome.exe
Token: SeCreatePagefilePrivilege	5912	chrome.exe
Token: SeShutdownPrivilege	5912	chrome.exe
Token: SeCreatePagefilePrivilege	5912	chrome.exe
Token: SeShutdownPrivilege	5912	chrome.exe
Token: SeCreatePagefilePrivilege	5912	chrome.exe
Token: SeShutdownPrivilege	5912	chrome.exe
Token: SeCreatePagefilePrivilege	5912	chrome.exe
Token: SeShutdownPrivilege	5912	chrome.exe
Token: SeCreatePagefilePrivilege	5912	chrome.exe
Token: SeShutdownPrivilege	5912	chrome.exe
Token: SeCreatePagefilePrivilege	5912	chrome.exe
Token: SeShutdownPrivilege	5912	chrome.exe
Token: SeCreatePagefilePrivilege	5912	chrome.exe
Token: SeShutdownPrivilege	5912	chrome.exe
Token: SeCreatePagefilePrivilege	5912	chrome.exe
Token: SeShutdownPrivilege	5912	chrome.exe
Token: SeCreatePagefilePrivilege	5912	chrome.exe
Token: SeShutdownPrivilege	5912	chrome.exe
Token: SeCreatePagefilePrivilege	5912	chrome.exe
Token: SeShutdownPrivilege	5912	chrome.exe
Token: SeCreatePagefilePrivilege	5912	chrome.exe
Token: SeShutdownPrivilege	5912	chrome.exe
Token: SeCreatePagefilePrivilege	5912	chrome.exe
Token: SeShutdownPrivilege	5912	chrome.exe
Token: SeCreatePagefilePrivilege	5912	chrome.exe
Token: SeShutdownPrivilege	5912	chrome.exe
Token: SeCreatePagefilePrivilege	5912	chrome.exe
Token: SeShutdownPrivilege	5912	chrome.exe
Token: SeCreatePagefilePrivilege	5912	chrome.exe
Token: SeShutdownPrivilege	5912	chrome.exe
Token: SeCreatePagefilePrivilege	5912	chrome.exe
Token: SeShutdownPrivilege	5912	chrome.exe
Token: SeCreatePagefilePrivilege	5912	chrome.exe
Token: SeShutdownPrivilege	5912	chrome.exe
Token: SeCreatePagefilePrivilege	5912	chrome.exe
Token: SeShutdownPrivilege	5912	chrome.exe
Token: SeCreatePagefilePrivilege	5912	chrome.exe
Token: SeShutdownPrivilege	5912	chrome.exe
Token: SeCreatePagefilePrivilege	5912	chrome.exe
Token: SeShutdownPrivilege	5912	chrome.exe
Token: SeCreatePagefilePrivilege	5912	chrome.exe
Token: SeShutdownPrivilege	5912	chrome.exe
Token: SeCreatePagefilePrivilege	5912	chrome.exe
Token: SeShutdownPrivilege	5912	chrome.exe
Token: SeCreatePagefilePrivilege	5912	chrome.exe
Token: SeShutdownPrivilege	5912	chrome.exe
Token: SeCreatePagefilePrivilege	5912	chrome.exe
Token: SeShutdownPrivilege	5912	chrome.exe
Token: SeCreatePagefilePrivilege	5912	chrome.exe
Token: SeShutdownPrivilege	5912	chrome.exe
Token: SeCreatePagefilePrivilege	5912	chrome.exe
Token: SeShutdownPrivilege	5912	chrome.exe
Token: SeCreatePagefilePrivilege	5912	chrome.exe
Token: SeShutdownPrivilege	5912	chrome.exe
Token: SeCreatePagefilePrivilege	5912	chrome.exe
Token: SeShutdownPrivilege	5912	chrome.exe
Token: SeCreatePagefilePrivilege	5912	chrome.exe
Token: SeShutdownPrivilege	5912	chrome.exe
Token: SeCreatePagefilePrivilege	5912	chrome.exe
Token: SeShutdownPrivilege	5912	chrome.exe
Token: SeCreatePagefilePrivilege	5912	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
5912	chrome.exe
5912	chrome.exe
5912	chrome.exe
5912	chrome.exe
5912	chrome.exe
5912	chrome.exe
5912	chrome.exe
5912	chrome.exe
5912	chrome.exe
5912	chrome.exe
5912	chrome.exe
5912	chrome.exe
5912	chrome.exe
5912	chrome.exe
5912	chrome.exe
5912	chrome.exe
5912	chrome.exe
5912	chrome.exe
5912	chrome.exe
5912	chrome.exe
5912	chrome.exe
5912	chrome.exe
5912	chrome.exe
5912	chrome.exe
5912	chrome.exe
5912	chrome.exe
5912	chrome.exe
5912	chrome.exe
5912	chrome.exe
5912	chrome.exe
5912	chrome.exe
5912	chrome.exe
5912	chrome.exe
5912	chrome.exe
5912	chrome.exe
5912	chrome.exe
5912	chrome.exe
5912	chrome.exe

Suspicious use of SendNotifyMessage 36 IoCs

pid	Process
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
4012	msedge.exe
5912	chrome.exe
5912	chrome.exe
5912	chrome.exe
5912	chrome.exe
5912	chrome.exe
5912	chrome.exe
5912	chrome.exe
5912	chrome.exe
5912	chrome.exe
5912	chrome.exe
5912	chrome.exe
5912	chrome.exe
5912	chrome.exe
5912	chrome.exe
5912	chrome.exe
5912	chrome.exe
5912	chrome.exe
5912	chrome.exe
5912	chrome.exe
5912	chrome.exe
5912	chrome.exe
5912	chrome.exe
5912	chrome.exe
5912	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5460	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4012 wrote to memory of 5872	4012	msedge.exe	80
PID 4012 wrote to memory of 5872	4012	msedge.exe	80
PID 4012 wrote to memory of 4320	4012	msedge.exe	81
PID 4012 wrote to memory of 4320	4012	msedge.exe	81
PID 4012 wrote to memory of 4320	4012	msedge.exe	81
PID 4012 wrote to memory of 4320	4012	msedge.exe	81
PID 4012 wrote to memory of 4320	4012	msedge.exe	81
PID 4012 wrote to memory of 4320	4012	msedge.exe	81
PID 4012 wrote to memory of 4320	4012	msedge.exe	81
PID 4012 wrote to memory of 4320	4012	msedge.exe	81
PID 4012 wrote to memory of 4320	4012	msedge.exe	81
PID 4012 wrote to memory of 4320	4012	msedge.exe	81
PID 4012 wrote to memory of 4320	4012	msedge.exe	81
PID 4012 wrote to memory of 4320	4012	msedge.exe	81
PID 4012 wrote to memory of 4320	4012	msedge.exe	81
PID 4012 wrote to memory of 4320	4012	msedge.exe	81
PID 4012 wrote to memory of 4320	4012	msedge.exe	81
PID 4012 wrote to memory of 4320	4012	msedge.exe	81
PID 4012 wrote to memory of 4320	4012	msedge.exe	81
PID 4012 wrote to memory of 4320	4012	msedge.exe	81
PID 4012 wrote to memory of 4320	4012	msedge.exe	81
PID 4012 wrote to memory of 4320	4012	msedge.exe	81
PID 4012 wrote to memory of 4320	4012	msedge.exe	81
PID 4012 wrote to memory of 4320	4012	msedge.exe	81
PID 4012 wrote to memory of 4320	4012	msedge.exe	81
PID 4012 wrote to memory of 4320	4012	msedge.exe	81
PID 4012 wrote to memory of 4320	4012	msedge.exe	81
PID 4012 wrote to memory of 4320	4012	msedge.exe	81
PID 4012 wrote to memory of 4320	4012	msedge.exe	81
PID 4012 wrote to memory of 4320	4012	msedge.exe	81
PID 4012 wrote to memory of 4320	4012	msedge.exe	81
PID 4012 wrote to memory of 4320	4012	msedge.exe	81
PID 4012 wrote to memory of 4320	4012	msedge.exe	81
PID 4012 wrote to memory of 4320	4012	msedge.exe	81
PID 4012 wrote to memory of 4320	4012	msedge.exe	81
PID 4012 wrote to memory of 4320	4012	msedge.exe	81
PID 4012 wrote to memory of 4320	4012	msedge.exe	81
PID 4012 wrote to memory of 4320	4012	msedge.exe	81
PID 4012 wrote to memory of 4320	4012	msedge.exe	81
PID 4012 wrote to memory of 4320	4012	msedge.exe	81
PID 4012 wrote to memory of 4320	4012	msedge.exe	81
PID 4012 wrote to memory of 4320	4012	msedge.exe	81
PID 4012 wrote to memory of 5372	4012	msedge.exe	82
PID 4012 wrote to memory of 5372	4012	msedge.exe	82
PID 4012 wrote to memory of 3748	4012	msedge.exe	83
PID 4012 wrote to memory of 3748	4012	msedge.exe	83
PID 4012 wrote to memory of 3748	4012	msedge.exe	83
PID 4012 wrote to memory of 3748	4012	msedge.exe	83
PID 4012 wrote to memory of 3748	4012	msedge.exe	83
PID 4012 wrote to memory of 3748	4012	msedge.exe	83
PID 4012 wrote to memory of 3748	4012	msedge.exe	83
PID 4012 wrote to memory of 3748	4012	msedge.exe	83
PID 4012 wrote to memory of 3748	4012	msedge.exe	83
PID 4012 wrote to memory of 3748	4012	msedge.exe	83
PID 4012 wrote to memory of 3748	4012	msedge.exe	83
PID 4012 wrote to memory of 3748	4012	msedge.exe	83
PID 4012 wrote to memory of 3748	4012	msedge.exe	83
PID 4012 wrote to memory of 3748	4012	msedge.exe	83
PID 4012 wrote to memory of 3748	4012	msedge.exe	83
PID 4012 wrote to memory of 3748	4012	msedge.exe	83
PID 4012 wrote to memory of 3748	4012	msedge.exe	83
PID 4012 wrote to memory of 3748	4012	msedge.exe	83
PID 4012 wrote to memory of 3748	4012	msedge.exe	83
PID 4012 wrote to memory of 3748	4012	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gofile.io/d/CyYx0E
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb422a3cb8,0x7ffb422a3cc8,0x7ffb422a3cd8
  2⤵
  PID:5872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1868,7738497157690226635,13233361463286999930,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1904 /prefetch:2
  2⤵
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1868,7738497157690226635,13233361463286999930,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1868,7738497157690226635,13233361463286999930,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
  2⤵
  PID:3748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7738497157690226635,13233361463286999930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:5368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7738497157690226635,13233361463286999930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:3400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7738497157690226635,13233361463286999930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
  2⤵
  PID:1424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7738497157690226635,13233361463286999930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:1960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1868,7738497157690226635,13233361463286999930,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5532 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7738497157690226635,13233361463286999930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7738497157690226635,13233361463286999930,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:3800
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1868,7738497157690226635,13233361463286999930,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4344 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7738497157690226635,13233361463286999930,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
  2⤵
  PID:2132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,7738497157690226635,13233361463286999930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4408 /prefetch:1
  2⤵
  PID:1252

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3080

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1828

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb41e8cc40,0x7ffb41e8cc4c,0x7ffb41e8cc58
  2⤵
  PID:4824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1916,i,13525926010696745255,1778836131828347928,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1912 /prefetch:2
  2⤵
  PID:5592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1696,i,13525926010696745255,1778836131828347928,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2012 /prefetch:3
  2⤵
  PID:2860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2240,i,13525926010696745255,1778836131828347928,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1684 /prefetch:8
  2⤵
  PID:5352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3060,i,13525926010696745255,1778836131828347928,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:1856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3088,i,13525926010696745255,1778836131828347928,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:1508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4464,i,13525926010696745255,1778836131828347928,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4508 /prefetch:1
  2⤵
  PID:3484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4680,i,13525926010696745255,1778836131828347928,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4696 /prefetch:8
  2⤵
  PID:6116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4628,i,13525926010696745255,1778836131828347928,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4532 /prefetch:8
  2⤵
  PID:3348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4892,i,13525926010696745255,1778836131828347928,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4448 /prefetch:8
  2⤵
  PID:556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4904,i,13525926010696745255,1778836131828347928,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4840 /prefetch:8
  2⤵
  PID:4492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4472,i,13525926010696745255,1778836131828347928,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4672 /prefetch:8
  2⤵
  PID:5056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=1160,i,13525926010696745255,1778836131828347928,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4684 /prefetch:1
  2⤵
  PID:2888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5280,i,13525926010696745255,1778836131828347928,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4476 /prefetch:1
  2⤵
  PID:5852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5208,i,13525926010696745255,1778836131828347928,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5380 /prefetch:8
  2⤵
  PID:5948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5504,i,13525926010696745255,1778836131828347928,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5384 /prefetch:8
  2⤵
  - Modifies registry class
  PID:3700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5200,i,13525926010696745255,1778836131828347928,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6016 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=6088,i,13525926010696745255,1778836131828347928,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=6076 /prefetch:1
  2⤵
  PID:5616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5544,i,13525926010696745255,1778836131828347928,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:2360

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:2276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb41e8cc40,0x7ffb41e8cc4c,0x7ffb41e8cc58
  2⤵
  PID:2500

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1408

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2192

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5460

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004DC
1⤵
PID:1676

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:2824

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
8c70a081513b9b6b57176170ad4631f2

SHA1
1fef79c42e99fcdb28e4032cc189ae07a043bf23

SHA256
da3d4c9598cc59f71715904a8aae6fe3caf08f8e6230e086e6a63d7c44036c85

SHA512
14a64ad5052b86ec163da43beb47044818da8742db259eccbdb2b98f9bdd211717bd73367dba1f5c229f6470c67d3af191ebbd63767d045a3eca446a7a25a478

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\0c481f42-8356-4322-b0c6-bdb0369ead06.tmp

Filesize
12KB

MD5
24f04ce1479670082d90e02907643b2b

SHA1
20ff3ef459d632161589edc6aa487c363e8531c6

SHA256
cbf13217d042d63e92643ef0485fa9621c492387bf0c3622cc7741ab096288f8

SHA512
430e7dae86275a8a1fcc8ddb6427e5339fdb38b4ff89d79b3f11fe4169bf2306a60e5bdb00fb1daeb0e453f8a72d8b5f5f1533c943c8843454d78c06369c148f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
f15987c0d09df557a29cb36c1f0f4a26

SHA1
ef92673eae998d035590248a19e88ac4255ccd52

SHA256
792c37b7ae22424fcbf3cf72ec8723e439653973cacf88ac370aaf24ec773389

SHA512
a8c61dbc4b259a37d6b394903c47b026c4b4addbb68d522a4ff7092ebd3921b98f21197db2d56806f223fe2bef920c1a553b35b1d4de31d79f4618b9b0dd1727

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
233KB

MD5
6446a11e503a678306ea9653aeffb08e

SHA1
b774ce5a88202a719e6a7be53bf3373473de31c7

SHA256
680d8582801792b0578b94bacf2a68c231bf4f970d00b8f92fa85e32c6ce94a1

SHA512
3f282eebb712ab6aee8d47222af9ad05cee7b292a0e463cab8ab5999db5a727dba80aab6e98aaf2f8d4c3932daaeff08ec44562287b786868d631d4b295de6cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
33KB

MD5
0ceb818a26c32ccc800255c207c0afac

SHA1
ecca1bec3f2eb5c5c444eb86a9835ed4ffd9766e

SHA256
b8f195a536a61525543f3a65ec2d11ec9cc27c2c18b74def7ac218ef4fa41124

SHA512
8f89398cca104d6fe7b4c3e7d86cdb6b401f1368ee711b7650c19a688dc616c36093aed2bf0a4dd27a269cfd6946bd3b4a435d4f9d6f2f48eab8ceb3803695f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
32KB

MD5
4165e15c0e8e7f5313aba85f1fa09233

SHA1
15566d6448757cbbf77ba502d1451b9751a9de0d

SHA256
cb66c6e5653cc31df85d918477a83b8ce0e896f5bdd5878a09d00810eaf9ec90

SHA512
ee14c5f30f35b0e40d8fa082fbbbba642943d1c1039f7bf8c37ef83fedd15495946150074a1c4b603e581be3029ef9fa1e78e235286aaf276899823ce025bc19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
37ba7b4bdbead8d07380353fe0b3f4f1

SHA1
5070d6242d5eef510855b88fa639e0488d4f89ae

SHA256
ae21ba05e14ff241c749fdd9416d020c4c25d05a15b5001b33dab5aee9317084

SHA512
054f9c5cc1ca6f44269508832d5c244a12e5ab02e07d94feae955402836dd46499a2381f6d9b6d3b73c23688fb17f350d2ca2f638cb502d3483c42a75807fdc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
688c143117d4483ff0dc51431b1bfa74

SHA1
e98fb708e9d22d40ded32aa2eefa8e39bd2150ab

SHA256
11e837d8d5411568949134a1f57e48f38cf6da8a5bf446cd1fc2b35fc5c24586

SHA512
7541ce7da94de5057beb19d199535867fd55752fa0e8c332b35226def382fd3e990d9968e296ce7395a6d1943947b1a3ff5bea78aae018abc1f951fe73d7f854

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1018B

MD5
5e24d368e4c8a382b569910b4125d685

SHA1
71c97513a60b2eaec7707303aa5cb56068bac0eb

SHA256
5a1cc2cdcd8a37e2e33f65772461e6a537082a7c1f36cf26b6c5299eeca50ba8

SHA512
208ab7bf1a827d5ebecf2ac28a00b8ddfd9f419600098a31725fd735787bad59d9efc77fda8545b2c1b9073a933fab6923b365f2f883122c8c64d711d9cc9569

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
919b892badaf7966b9e8ad9e8493f927

SHA1
3983b4379d33e685e8769dad178f6ee03467a7be

SHA256
2a5015d6d76594ac9dce603da2be8551c9075f723f9cbf07e03b63b2e4c32e19

SHA512
7ace0df71a58e27ff68fc474969d8cb4fd0b56105bb92814a0dd882165df28c6e4fa65ddf08c561a86644b3e5b73333d3425a0e32e9f4d35c4fd0356e5b5e9d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
fd3a00b2a6d0c4439b57b30b2c2f4065

SHA1
7dea64d2b51dce5473b3b11f931d55d196bcce29

SHA256
9ecc4bf31c618e017bb732efb0fddcd370dd6cf54bbb135c01e54ec2c59f71e5

SHA512
98aff42a2c026ce33a1a1cbc1a9bc341102a6fe919ddf43aa0ace754606d4c0d8db4f5ca07aab88f72c9c220602de2a7c14a5bba517701e1cf3333f5640bc62e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
350B

MD5
c507604e6a541133635d23e1901ab41b

SHA1
f79723513e29e89308b480fb9784331aed422442

SHA256
4528bed3839ec8ad3d70bfbb9f335943ad2925c70bc7dc6095bea916f981a116

SHA512
381ed0d5f95fca39269e462f7ce888ca523641a484641153c20f70698e17765cb4b0d35f0ab7dabf134506d223a6a37b1b2614184e141026bfe006123ab274aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9b54a1a9cb970e9f5811895f4d4f9624

SHA1
e56bea1164cf29aba237b94c9dfab13061933aff

SHA256
b68b6d611ff56b53fb6d2eec24e69a9067743e8943c987018af8234c7096e45c

SHA512
410d62e5398eb39e52e6bf88c6ccea1f59cd771326e388ded59e61ffa1a4e67241e5945f05f15629a81d8dd2044cfc45fe8143d46a48fe0b3828e1edf29776f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
849B

MD5
0676673ebc96f81d8da213be3b2e0f4e

SHA1
5e1163da625e3645a3c551ce4341f50e8c582e4a

SHA256
f860e354319238e46bc45bf194ed69387c08a760d8bb929d22537c28dcb7c617

SHA512
da291b2f6a394ef58bc3604b3a0de7279b5386c73b526bbeb6e97a28ddde9dc871ebc360cdd71dbc35854b8bfddcc8ad26d9c7cca11b5daf8b1a0f5a7018bb31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
350B

MD5
5535b0cd3a8eeee9b5e79aaf97252f85

SHA1
82b33df367256e2bfd689869328cfe559684d7b1

SHA256
93d6e3dd3196efae44322f071462255f0f67627204d67eaf4e811cd2d07abf4f

SHA512
5fb4ec8407ac60f26c221df48e08bb0f22fadd1a6a6d342f55dbb0a2c5f8709bd699414540ec2da3003c53f5f4059c65289e57868e022bbeb6521d1590cb5ec1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
72e50a813d2da94fbf2fd501d999778a

SHA1
93f0a3d9b8c883df4e790faf6375461645416112

SHA256
6d98c032969dc903a58af416b9005f4f796d60c9d364655c3638b7c8e0b6c051

SHA512
248293c7d63b270c233c90bacb83c768a4c873c242d1adbdb1cf4a04123467473060499baf3f2944deffb6dc24c15800d5e6efdb6364d4f3cdc371f10643bfde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
55cdd21c305f3ddda79a5095f71bb39d

SHA1
451f5a7ebc0e4221a675fb0aed3425c719749820

SHA256
8b2d0763bbab9d8b9f5663d55a1c29df6f371ce4d5b63469d2905f856f1443f1

SHA512
64f18554cb079325884c736b75a7f5a1f6ab8741a35bb6e3c01c43fe838bd57e11a8e45c8c7cdbb3a4da5511d86e61c888feed7e71db859082ae83fb761cb19d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
1fc397c33c208dabd4f1d4f20dfaaf96

SHA1
c11d8d2a26b9d1b8fd5af1b757dd210028866171

SHA256
fa6bdac2d27cdf9105fba1cf800d5de520b76f793326fee0d06a18f5537fb1a1

SHA512
ccaf8d9edb4c25136d8ce86cd18663efb2b2814152791f64bcbde8c0d32817608e0376e44b800a8c89d2884c3e032663f38dbe7717bb5ccc58ecddbea678a729

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
1fcf90f40e21c361a56cc8ef6daf182c

SHA1
2050bea867cbef7419800d5ea712a56e29bf6f82

SHA256
2d990d46b482d5123e1567ae78ccd8d22a4d684da1907795d662afe5d25d9da5

SHA512
e742e62d9b1b2130ee1b9394232fb42c934c5447aee325342d13adc4004e45497fca57da542305542d59f629759f234b3565281d8a5603af3c333f3ad006a280

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
7a51bd6f128e84d20c2a5401ecce8963

SHA1
68d77adb7583b789441028db1298a8883f8830ac

SHA256
1d52c0c230e0d22695a326dbeb620d8257131cbdf609f176b3039c66f3a1ebb8

SHA512
280e45228624cb34d6370126e3aa978de423b6ace0ff22e2d545f5a5349f7c9284014c76c129b23759aac994ee31be064c1b1a176250c57377cc92e8e5c43894

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
332f3439ff18d4b285808856588bd1cf

SHA1
5141d6e05f9ccd17d33b5030b3cccfd926e24bd6

SHA256
ddefcb929cc78e2a28836f74c9dc65fd742c6a9abfe9e8b288f54c56e6b53048

SHA512
2743d080bc350d7a1c7228c2b50a65b918ca684ed2cad1952e6219878c05b1d1b0d6a6d5d253573b2fec61cd9b3da6e539a3a05b668803613eee01f1c18fd251

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8ea8448e6a5501e7d089f45f153d9809

SHA1
37af8226aa03685b42811687054cda9bc11dbcf9

SHA256
81bbf1d07948a2b884c79eb1d9a307f2e3c1a8e3f3247c66776baf7f8c54c377

SHA512
a91aac5371240446cba7e60af0f302d2dc4c109d5868a9cd33954fa0d2e3c857573bea2f3692cd1891cd2dd0f82b9877447edac592d2bea72e7378161a99e73d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d6b08c458051067741e2b045c04d9f74

SHA1
322d6366fb5539b855ab073ebb32d8a62044fe7a

SHA256
87c630903a22c27f4d55bed243712af9f5da43461bc9e1e59ca294671ace09e9

SHA512
017bf4291d8cd7ed4ebd270fbc1450da4d77dfa932427405e7494720da4447dbfa2edbc5b967cfb7cfe558034ffe9e2a553fcf66089887daab7e782e049a1c68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a3867920d138d8d7ecdd421dc46df512

SHA1
58b9bc34262c896f3b0acc1afd9feb5304e059d2

SHA256
1b5360a0c0d34331024cc382048babbb5ab810c5ab2e820730d86016cd1d34fa

SHA512
60e99ff96750eebc68c3d4f3b8a59e8587b65ada8e8918de626e806b1bebe1a4ef7a2bffc5f1f0c6d1b452da6a48ba361c8b6ccde6ab7071770aae97f4d4290d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
568f13878b0493515f8c7d6cf3facc8c

SHA1
b1f8070e743f8ba3c41a13ab601a2762f34ab612

SHA256
6e35472072274db556a776e37b7d7f112377bb089171a9dfc8c81e2ee8fe85b2

SHA512
762e5a4de355cdfabba3bb54cf35da0b4d91083d6b309d8b7f3bae9905813ffcbacabc69de05fa55cdefe439867352e1ab671d8a099597cb487a9c025c0d50d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
58c4261f459f3036dfc30d5066b5512d

SHA1
a7689f279476205fd46bd16d5583809a30c16815

SHA256
d8791901d09a1c08d26585ac379a72a222f0d80adc77623b044ba67e77af6d5b

SHA512
ceb27d206c289d8e42537f4d7945b343ad1c8e062ff3d0d1671c1716d40ed3bcd1a541608f637dbdde3df73a03cf8ab0fda8ebacdd8615cc9d8ec45de417cd04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
300e9661c6db091d0a0d051637dc4e44

SHA1
4edc61de3e1c36316c0ee86fe803989b0288300a

SHA256
af1d91b6b605a3216d372723a21771fbe4506feadb2d1a97aaa66f26d80d6128

SHA512
ad539c2c8954954b9b6594860b49bd373def758a0c561998a6f481e4dd2c4210e704e430976aeb6b1d8d76977fc8c4d0c39b1afe2735b79f994315333455ef59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
d5ae4604c8bda3f464bd16df5eb3ab2e

SHA1
e19d11b280f483677dc2413fd89c55bdc02b463e

SHA256
42e7292046e5cf6f5d83552704ef2dce10e232a4be7c2fab8f83431b130ea886

SHA512
82b91bd82cb04e67683cae36ca8f5c2795b13d6cc8ac7ee86d468b1634e5805db18b6aab6e408bedc329c41f054c343955b79949f12502a5c7b0d5fab7550a05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
788509bb7d820aef4f339f4233fd88f0

SHA1
f4792515597063a6d54e89aceccf4d5cab3f824b

SHA256
62fa99c2ee85a5de501d9ecdbe8c6097251b4982611b0ad4799a6c737308aa6f

SHA512
12af3316b0b2066ecbb858c49285b2e80d574a07cac38ac0065497c070a79973c5fc8808a0119f2a6c01ccda4f533eb4a42bda364a4276f05857847664cc1782

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\1d74deeb-77d7-4d99-bc36-329bae7f8ad5\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\1d74deeb-77d7-4d99-bc36-329bae7f8ad5\index-dir\the-real-index

Filesize
624B

MD5
f344d7074d5cb5a2205f28350d41d8c8

SHA1
a1a85934360e76809a7ed99955bdf290e890a6cf

SHA256
9faa23c15cf27d41a3229162578d494346141fb5ed5dfdcc066717c5d620e083

SHA512
76f5b2328063f069ffbf8e77d00371e1e96c14b3681c8d3d763789befb56a29ad674cb069fa8e7d4c0049d0d7548f5dfe94913fff1f6b9ec7186e90f8817faf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\1d74deeb-77d7-4d99-bc36-329bae7f8ad5\index-dir\the-real-index~RFe5ad4e5.TMP

Filesize
48B

MD5
1c19f44d03aa71de57a69c2e56a56a5e

SHA1
ea6a62a739611f3e71d53650fa0c42b6f181ae77

SHA256
be7e7caaafc9a3edbf3559e946149ca19a6b9cd6af77ab6013883dd3db2de681

SHA512
0096ef967ae7dd7b4522ff0ca4d9de7d7212843670e6b0dca00fd575bb6f6b052378dbc3a05f3bf866b868e371a4eed86e4522c1e5b9b1dfdd6f2b3100154c6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ddcbfb0b-cd5f-4b26-a474-a1e135069bb6\index-dir\the-real-index

Filesize
2KB

MD5
e98532c0fbd038a41a78f124e0085dea

SHA1
94fed5081db573f79513538f7bb4a70033164424

SHA256
503dd912d8031728088467549db56d7bb2353caf9eff0c9733c5eef5dde34844

SHA512
937d7a5ba64fc47b34f69b97e21b8d771e0d4d5ffbc67ec56dae58b63db18acbaf4f199ca5997bd378dacd2b7f1e894a1f6308609c11c98f39a64216ed7dcaa2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ddcbfb0b-cd5f-4b26-a474-a1e135069bb6\index-dir\the-real-index

Filesize
2KB

MD5
5c3cc883e079b50d8686a36e55d4cb37

SHA1
d0c0660fc233fe919c9aba4d8cccffb64724e57f

SHA256
ca2e992630e1d39872056dc9a02c6568efc1f1f3239648ff6e79ad8229671179

SHA512
69cca0699c7d4a28def11ba3b173b4458dfbe46154b546ac33370caadac31e6bbd2f30fba6d012caf98fb982529b4913df0647628f7ab5ec8eb9e184537a007d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ddcbfb0b-cd5f-4b26-a474-a1e135069bb6\index-dir\the-real-index~RFe5a73e9.TMP

Filesize
48B

MD5
f7f1dac493e9e1a34531c70449ea1a5d

SHA1
7e5929eb79496470ffcd34c06f8d13459b47d12a

SHA256
7f599dc155ffaea4b206e95fb4563429ffc76df563c3fecc4c7aa1be45d0b986

SHA512
28dbb65b891e7bfb05df4c06f2c4ab80ad1c5c1b331ef1ebf401226cab1ad08984bfb398e5a5c358701c0315bf053e1c84b70e87ead06cc12127d6b2a0d0705c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
178B

MD5
9cf75dda5905b1f8d760b4a3a08319e2

SHA1
33a14dd9ba974d7cde4faae61174de7e1d83d1c8

SHA256
4ed9e059341f1dfc75ae409ca837e32221b38564186c6d3c0838839fb6affd5f

SHA512
747e9ac7e0061fd85c0bbe0e1aa175c86c89c135084dca09074edde3ba40d226e2d22aa7f5dc3f96e142c15677778ab548a6eedc5392e9005997207384f5f743

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
187B

MD5
71741c34f1983fd11eceb9deebb6757a

SHA1
8a539f11f56aa0b8adac441765a40d7d3deb67ba

SHA256
42d4e7c60ed612a0c2c47917223e45b8cd6145715ae54b6e5e6e680fa517de2a

SHA512
80e87fb0759a86e78a3aacb433b07cd3722e2f20611cb5b34d95d35f813f6271724f457f8fe63a9cd44a97d6e8649a504e0c379b40ea7e2cc5c3eb2c916a02f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
9ee358f1798d4c104cf6efdd19d64ac1

SHA1
943e96dac1c7e78d32a87fdce48ac7504fa33365

SHA256
29e928f95f1a7624c29aca77d577a2b696f9bfd366e247d8b302b98cda87784e

SHA512
21e02da39206cfedff4d1da135443f16c4a40ab9d6d8a8bdd19d1fca557c2cd8f033ba87e400408386287fdde0705f546c09e926874d5170547d7f2ec328af5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
b0f59a1c5f337981c5f68ffeebece33b

SHA1
50bb5060dae1952475d2be33e68a2353d0c57b9b

SHA256
1859b5b3ce6a6b6cec99f281cd92bb946759b2ae75f3314bc4f88a73ea3c0563

SHA512
0c362f1fb134d4c3ca590a218b4447c8b84d5dd9543feaf49273809c7a56868505358ebff0d44b9611935738748c734349392ed6429e35e8e292d07728be3071

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
183B

MD5
7830e08bcd3d76f9290679c9e33f081c

SHA1
69970cced7c512b2a2a9c71fa20b1080d1e65d28

SHA256
19af096c4cac5f15196cf23ceea9ea55a1581f30cd9cbb65ff25eae667f6fdba

SHA512
33681b1227d90b2e435817f4d9b2ab650e97a07575f78a771eeff990c47853e7271a8d044c771279ab034a2d53a4ac6c04f3b4d61a471aa6883721b61a77f070

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
a8ce7611586ca8191b6c2ce3025667eb

SHA1
ce292dd21ff86f950ee869139e56c8ddb55c31c0

SHA256
a58f7107d8b8c7877a9b2c123f0e6e5fb17f4d16a9077d67d9e3f276495e1040

SHA512
f857f5a2943fa20b4282b10072c610a5326e9faffc2be89aeb91d1dbb2cd5623413f904a92f5354f97826a9c63c404864baf3a82f7360322b8e4b1d7fc4dd53a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5a5cb8.TMP

Filesize
119B

MD5
88d17b7dc6aea0d721ab83ceb6e793df

SHA1
24d260cc750e289197c14fd4db30124ac7bc1e2e

SHA256
c588ee7391d1a5a89a1eee81b6b00b658c1cae6559c3a783beac371be41a5293

SHA512
06f8663782323e4e8eb48601b3cb924137a32766c2a8bb90488a1baff31a231bb7798e4f2208d969faf66eef1f0e6e404ea5e42255eb26503edff15a3bc6c7f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
e4e6cd89fcb660cb14d500e51317b6ff

SHA1
f5c367be26bb20db606902fb923018afa355ab54

SHA256
0ebc69d81af3d75996729eb4565927d1a4ae2ad492f131987eea792e1d1ffa70

SHA512
f9b7908e121b10c7c9c45f4a4d5ae5de8dfa206fb490e8d37c0e233f275d58c5790955b139f598e72afc6dc93eb476cb33d9132178174910e5a1a54c2228e37f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir5912_1230650405\Shortcuts Menu Icons\1\512.png

Filesize
10KB

MD5
529a0ad2f85dff6370e98e206ecb6ef9

SHA1
7a4ff97f02962afeca94f1815168f41ba54b0691

SHA256
31db550eb9c0d9afd316dc85cdfd832510e2c48e7d37d4a610c175667a4599c6

SHA512
d00e2d741a0a6321c92a4aab632f8f3bafd33c0e2875f37868e195ed5e7200a647b4c83358edcef5fc7acbc5c57f70410903f39eac76e23e88a342ac5c9c21cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir5912_1230650405\Shortcuts Menu Icons\Monochrome\0\512.png

Filesize
2KB

MD5
206fd9669027c437a36fbf7d73657db7

SHA1
8dee68de4deac72e86bbb28b8e5a915df3b5f3a5

SHA256
0d17a989f42bc129aca8e755871a7025acb6292ce06ca2437e95bedbc328fa18

SHA512
2c89878ec8466edf1f214d918aefc6a9b3de46d06ffacff4fdb85566560e94068601b1e4377d9d2eabefdc1c7f09eb46b00cf4545e377cc84a69edf8e57e48b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir5912_34363429\Icons Monochrome\16.png

Filesize
214B

MD5
1b3a4d1adc56ac66cd8b46c98f33e41b

SHA1
de87dc114f12e1865922f89ebc127966b0b9a1b7

SHA256
0fb35eacb91ab06f09431370f330ba290725119417f166facaf5f134499978bd

SHA512
ce89a67b088bae8dcd763f9a9b3655ed90485b24646d93de44533744dfcf947c96571e252d1ad80bdec1530ff2b72b012e8fff7178f1b4e957090f0f4c959e0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\de5e371d-ec57-43aa-aaa5-8b1176112c25.tmp

Filesize
10KB

MD5
6c04d3c862bbcaae69e9f3ce695d211d

SHA1
5ef725d4d84a8e46ea40ce9f8c84b815411d9255

SHA256
644dabb73f6f8935de2a874dca4d2b270444dede898e1ec23131773387207db0

SHA512
64fb0fd9d390e48633fc06c765d11344c5e70113cf1a3323fda7f4971914eb2a708307e546317bbc4bd0ae555c8df2a2464db10d2b1b29737db95d9b90358a8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
212KB

MD5
59934fde48ee227056e19f2e130e5a0a

SHA1
168cd8e5d896506a9cf8fddd32608b5d9acc52d1

SHA256
36cd756cf0dc946b6a6bea0fc07e1ff4e6b361974cf2a31a147bbb2952fd7365

SHA512
2c2b1b2633542fa00902d534bdcd55503328c1c200c0bd4b67ad37d4ca20cc8292de4bd05322b1724b9d32d2bb13a5eebf8ddfb9595d3d16928b3965b195cfab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
212KB

MD5
e3e92f221b8c5f1ef3c318863c40eeb3

SHA1
bfc641af45ae8f0b300c3a767df3377c982e86d5

SHA256
f7158d815a24ec345d303cf72d0f2bf4c3542f2edabc50db6777d8fc3471d3cc

SHA512
7f396b4d75c5c5cba16bb320a93697444b90f7b0799480f3cb7eab0edcad84d26628bba82e83526663ed48b9339d73dfe8e33a06301d19bc1dc3f9bd47b3c7b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9828ffacf3deee7f4c1300366ec22fab

SHA1
9aff54b57502b0fc2be1b0b4b3380256fb785602

SHA256
a3d21f0fb6563a5c9d0f7a6e9c125ec3faaa86ff43f37cb85a8778abc87950f7

SHA512
2e73ea4d2fcd7c8d52487816110f5f4a808ed636ae87dd119702d1cd1ae315cbb25c8094a9dddf18f07472b4deaed3e7e26c9b499334b26bdb70d4fa7f84168d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6fdbe80e9fe20761b59e8f32398f4b14

SHA1
049b1f0c6fc4e93a4ba6b3c992f1d6cecf3ada1f

SHA256
b7f0d9ece2307bdc4f05a2d814c947451b007067ff8af977f77f06c3d5706942

SHA512
cf25c7fd0d6eccc46e7b58949c16d17ebeefb7edd6c76aa62f7ab5da52d1c6fc88bde620be40396d336789bd0d62b2162209a947d7ab69389e8c03682e880234

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d0d1a2d897273e94b801ca493c383050

SHA1
72436891c5ab51eac8803127fc23f0a68ed6fcc5

SHA256
ea730d5eeedf79ba9bc74ab039c19019807922695b3e23c1698991df24d5fefa

SHA512
e5009a683d619ac55e0c7b37bbef8814954b468219a309c938a188d121e535aa73c9a244c1a221fce4dc8de1f807c7f40d4b598a39df3004471c82bdc063b66a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ecfec728f84b79e6b301fe3819bd56c9

SHA1
183e997eeaef9f97b9d16ddd148acb5588b49fdc

SHA256
68302cf6362f58ed88cb3ce1542eb798715dcfe1a74faddebef0f178b7c0cfd5

SHA512
2d8db7025dac7dcf1af5c9799bfbae065bd1e5639176daa07c462616346b178a729359388e835b90ce607f1b78755305519858b2f237a6666a939a95df4a4fcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0b2f3c236cfc9910326b8fb187c99f0c

SHA1
e8e2484c5a0a1bd2c984b462274b1103aa8ff9eb

SHA256
c24932b03b3a9661499356a0997fd72bf784f154fcfaf37a20c07f9b0ca2c412

SHA512
f697c8d05d8bd5bae6c7c7c43d14bb67a581605099fcf9e215eb4f4776cdf3449746dcd79de1116439910db4c8ccc7decde00c175cc7e6864db8472dd78cabbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e110a07c83a14b19be53db05beb25b3f

SHA1
fa8d9aa2fa3501df5c38dd5323c67f77cacb36e6

SHA256
8728f3de6551e9ea9a9ece13f85941f483c3d6e97f4b14dea6cb673fdd0d6087

SHA512
a596c2a3f77127515d989f5486f25880074cb9cab0b88f811a0e248914700e423337c2b90aa33d72dfdc8045b928a556f584996f88180eb0a5bc1fcd17ab7f1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b6770a61-c79a-4a4e-811f-acad825d2baa.tmp

Filesize
180B

MD5
00a455d9d155394bfb4b52258c97c5e5

SHA1
2761d0c955353e1982a588a3df78f2744cfaa9df

SHA256
45a13c77403533b12fbeeeb580e1c32400ca17a32e15caa8c8e6a180ece27fed

SHA512
9553f8553332afbb1b4d5229bbf58aed7a51571ab45cbf01852b36c437811befcbc86f80ec422f222963fa7dabb04b0c9ae72e9d4ff2eeb1e58cde894fbe234f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2c5c9079fbae978a2b416d6b672b65c2

SHA1
28e07e838a47710e9466ad7ec73373c4d7697696

SHA256
6b588c2d835ccecc5560eaf483d00f70a62dd33407af85a2fad55fd933a0e2f2

SHA512
9b3e15481ce6585378a0a3e89338b4bd6e943f8206ed2db7876b84a4aa7bcd057b2a990920b1e706eb33b2fa0374c05341ff5ef844b2200a4eec9050bd76ffc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
875a5f8548d4b986d534c15c88cb036a

SHA1
4bb866f7c75d1998f2a5402f68b115d6f0101b75

SHA256
34763f70456e5257dea99c9a905bd6387cd0d7b43ab5045c7438596e8fd7ba28

SHA512
6fdb2117444eb240bf0616c967d64f2a89c23dcd9e77af41dc7fedb9544aaf5b295032d85e0a15e1afedbd0f29798432e8c57c634cc53aca454455d47421193e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c2435882107c194b71c75eb016edda95

SHA1
0002f6fcf7367a1252579cca57f88765dd96176a

SHA256
1409e2ab0ddd70f9f9d30ce75fc94d5ea869a13fa40e040905f747af581eb16d

SHA512
1e9312cec2e18d6e532a3ea222da816d98dc1f6c4c495d2150ab68066886c23f38388765a83f9e4a71947182c319aaa7b752231fa0ea59e5e0d671ee741ef3e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9effa233cc5fa83c0ba4f60cc8b47481

SHA1
cdcd8e168cd1703af12ceaf5490aaeabb7ef9d8e

SHA256
2361263533c65638a10f18f9f5f4cfd860b4223a326414c88ea6cea4c194a483

SHA512
2fcbeaae7750ecb9414a0926b532d29432b0ce29708249006b9c697c41ce53a3b9126569f81b94a550014d3c59ecd0ee3c060f7184acd30440a9b36d9b44984f

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
f065a39d7e06597189e073755a0c1719

SHA1
f2ce3c9d697f40ab82ec0fecce46de6b354b4c54

SHA256
5ce6608613c37cdb3b66ddee4db699f41b06bb3906301b29c5f5039b8ce6356b

SHA512
c361ae3950de1fb738ef9b18d58786819ae246c21631bdfe4c392a41a859e25fabbdfd473d42d875846cb4a1abbbe798b29512264f9aa3f9558e067795468e20

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
4d52399020a24c1f6b4254cc7252504b

SHA1
2afe0c8994c64898d5fe16ca68811438ef19b0ee

SHA256
e75a14ce8abaea1788c4361552ef9ef2b86ea02485eb4ad5f8c22c9c49ece3e7

SHA512
a481726d4ef1dfd67a86ae79e16abda87a0f370310758cc8a1bb2516a69557129e9612b9430c0ae11d7ddf72e1afc3375f5649a09bb53febe5cc16718ba976b4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit