598959308399a249c33e9249cd7511fa9c0c23df00b56ac1d71a7b9743bab1af

Resubmissions

07/11/2024, 17:46

241107-wb98ysyrbr 10

07/11/2024, 17:39

07/11/2024, 17:38

07/11/2024, 17:38

07/11/2024, 17:32

14/10/2024, 22:45

Analysis

max time kernel
371s
max time network
372s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
07/11/2024, 17:39

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

mxbikes.exe
Size

3.6MB
MD5

49ffb1b624e1746698c05aa962353768
SHA1

94f4083ddbfa537e08aa1f0de55a56146a8c6351
SHA256

598959308399a249c33e9249cd7511fa9c0c23df00b56ac1d71a7b9743bab1af
SHA512

8dab9e208003d37993b978a9e2e6cf1c5354c4e3300db97a4d1850227a438af28796b7f902f7c05b9251ea604fbb1557f6bdbb25c4bb4ba43f3dc009e5842862
SSDEEP

49152:eJRTFGeek0zge76irmN0v4Ck1HpDDCwo40mjwrvX6OpePuboh0DW6NnCn0hFToSJ:duupCHlmoSDW6NnC0h68b

Score

8^/10

defense_evasion discovery

Malware Config

Signatures

Downloads MZ/PE file

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
120	raw.githubusercontent.com
121	raw.githubusercontent.com

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\MadMan.exe:Zone.Identifier	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 17 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133754747966486391"	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "183"	LogonUI.exe

NTFS ADS 4 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 536526.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\MadMan.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 243155.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 909605.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
3012	chrome.exe
3012	chrome.exe
236	msedge.exe
236	msedge.exe
864	msedge.exe
864	msedge.exe
4548	msedge.exe
4548	msedge.exe
712	identity_helper.exe
712	identity_helper.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
3964	msedge.exe
2296	msedge.exe
2296	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs

pid	Process
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe
Token: SeShutdownPrivilege	3012	chrome.exe
Token: SeCreatePagefilePrivilege	3012	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
3012	chrome.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
3012	chrome.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
864	msedge.exe
3060	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3012 wrote to memory of 2200	3012	chrome.exe	82
PID 3012 wrote to memory of 2200	3012	chrome.exe	82
PID 3012 wrote to memory of 4592	3012	chrome.exe	83
PID 3012 wrote to memory of 4592	3012	chrome.exe	83
PID 3012 wrote to memory of 4592	3012	chrome.exe	83
PID 3012 wrote to memory of 4592	3012	chrome.exe	83
PID 3012 wrote to memory of 4592	3012	chrome.exe	83
PID 3012 wrote to memory of 4592	3012	chrome.exe	83
PID 3012 wrote to memory of 4592	3012	chrome.exe	83
PID 3012 wrote to memory of 4592	3012	chrome.exe	83
PID 3012 wrote to memory of 4592	3012	chrome.exe	83
PID 3012 wrote to memory of 4592	3012	chrome.exe	83
PID 3012 wrote to memory of 4592	3012	chrome.exe	83
PID 3012 wrote to memory of 4592	3012	chrome.exe	83
PID 3012 wrote to memory of 4592	3012	chrome.exe	83
PID 3012 wrote to memory of 4592	3012	chrome.exe	83
PID 3012 wrote to memory of 4592	3012	chrome.exe	83
PID 3012 wrote to memory of 4592	3012	chrome.exe	83
PID 3012 wrote to memory of 4592	3012	chrome.exe	83
PID 3012 wrote to memory of 4592	3012	chrome.exe	83
PID 3012 wrote to memory of 4592	3012	chrome.exe	83
PID 3012 wrote to memory of 4592	3012	chrome.exe	83
PID 3012 wrote to memory of 4592	3012	chrome.exe	83
PID 3012 wrote to memory of 4592	3012	chrome.exe	83
PID 3012 wrote to memory of 4592	3012	chrome.exe	83
PID 3012 wrote to memory of 4592	3012	chrome.exe	83
PID 3012 wrote to memory of 4592	3012	chrome.exe	83
PID 3012 wrote to memory of 4592	3012	chrome.exe	83
PID 3012 wrote to memory of 4592	3012	chrome.exe	83
PID 3012 wrote to memory of 4592	3012	chrome.exe	83
PID 3012 wrote to memory of 4592	3012	chrome.exe	83
PID 3012 wrote to memory of 4592	3012	chrome.exe	83
PID 3012 wrote to memory of 4396	3012	chrome.exe	84
PID 3012 wrote to memory of 4396	3012	chrome.exe	84
PID 3012 wrote to memory of 756	3012	chrome.exe	85
PID 3012 wrote to memory of 756	3012	chrome.exe	85
PID 3012 wrote to memory of 756	3012	chrome.exe	85
PID 3012 wrote to memory of 756	3012	chrome.exe	85
PID 3012 wrote to memory of 756	3012	chrome.exe	85
PID 3012 wrote to memory of 756	3012	chrome.exe	85
PID 3012 wrote to memory of 756	3012	chrome.exe	85
PID 3012 wrote to memory of 756	3012	chrome.exe	85
PID 3012 wrote to memory of 756	3012	chrome.exe	85
PID 3012 wrote to memory of 756	3012	chrome.exe	85
PID 3012 wrote to memory of 756	3012	chrome.exe	85
PID 3012 wrote to memory of 756	3012	chrome.exe	85
PID 3012 wrote to memory of 756	3012	chrome.exe	85
PID 3012 wrote to memory of 756	3012	chrome.exe	85
PID 3012 wrote to memory of 756	3012	chrome.exe	85
PID 3012 wrote to memory of 756	3012	chrome.exe	85
PID 3012 wrote to memory of 756	3012	chrome.exe	85
PID 3012 wrote to memory of 756	3012	chrome.exe	85
PID 3012 wrote to memory of 756	3012	chrome.exe	85
PID 3012 wrote to memory of 756	3012	chrome.exe	85
PID 3012 wrote to memory of 756	3012	chrome.exe	85
PID 3012 wrote to memory of 756	3012	chrome.exe	85
PID 3012 wrote to memory of 756	3012	chrome.exe	85
PID 3012 wrote to memory of 756	3012	chrome.exe	85
PID 3012 wrote to memory of 756	3012	chrome.exe	85
PID 3012 wrote to memory of 756	3012	chrome.exe	85
PID 3012 wrote to memory of 756	3012	chrome.exe	85
PID 3012 wrote to memory of 756	3012	chrome.exe	85
PID 3012 wrote to memory of 756	3012	chrome.exe	85
PID 3012 wrote to memory of 756	3012	chrome.exe	85

C:\Users\Admin\AppData\Local\Temp\mxbikes.exe
"C:\Users\Admin\AppData\Local\Temp\mxbikes.exe"
1⤵
PID:4348

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa07c7cc40,0x7ffa07c7cc4c,0x7ffa07c7cc58
  2⤵
  PID:2200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1776,i,5283561297831931382,1619653680490480614,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1768 /prefetch:2
  2⤵
  PID:4592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2092,i,5283561297831931382,1619653680490480614,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2100 /prefetch:3
  2⤵
  PID:4396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2164,i,5283561297831931382,1619653680490480614,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2180 /prefetch:8
  2⤵
  PID:756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3088,i,5283561297831931382,1619653680490480614,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3128 /prefetch:1
  2⤵
  PID:1068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3244,i,5283561297831931382,1619653680490480614,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4452,i,5283561297831931382,1619653680490480614,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4504 /prefetch:1
  2⤵
  PID:2308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4268,i,5283561297831931382,1619653680490480614,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4528 /prefetch:8
  2⤵
  PID:3540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4632,i,5283561297831931382,1619653680490480614,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4400 /prefetch:8
  2⤵
  PID:3284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4368,i,5283561297831931382,1619653680490480614,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4788 /prefetch:8
  2⤵
  PID:4556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4480,i,5283561297831931382,1619653680490480614,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4724 /prefetch:8
  2⤵
  PID:1732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4328,i,5283561297831931382,1619653680490480614,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4984 /prefetch:8
  2⤵
  PID:2788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5084,i,5283561297831931382,1619653680490480614,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5092 /prefetch:8
  2⤵
  PID:488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4696,i,5283561297831931382,1619653680490480614,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5052 /prefetch:8
  2⤵
  PID:3064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4812,i,5283561297831931382,1619653680490480614,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4788 /prefetch:8
  2⤵
  PID:3804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5128,i,5283561297831931382,1619653680490480614,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5108 /prefetch:2
  2⤵
  PID:5024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4332,i,5283561297831931382,1619653680490480614,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4240 /prefetch:1
  2⤵
  PID:2944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4708,i,5283561297831931382,1619653680490480614,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:3488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5012,i,5283561297831931382,1619653680490480614,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4340 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5076

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3236

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4228

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9f3fd3cb8,0x7ff9f3fd3cc8,0x7ff9f3fd3cd8
  2⤵
  PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,9044499444567087714,9146734393938178657,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1948 /prefetch:2
  2⤵
  PID:4956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,9044499444567087714,9146734393938178657,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,9044499444567087714,9146734393938178657,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2504 /prefetch:8
  2⤵
  PID:2464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,9044499444567087714,9146734393938178657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2036 /prefetch:1
  2⤵
  PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,9044499444567087714,9146734393938178657,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,9044499444567087714,9146734393938178657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4568 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,9044499444567087714,9146734393938178657,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1924,9044499444567087714,9146734393938178657,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3936 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,9044499444567087714,9146734393938178657,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,9044499444567087714,9146734393938178657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,9044499444567087714,9146734393938178657,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,9044499444567087714,9146734393938178657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4576 /prefetch:1
  2⤵
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,9044499444567087714,9146734393938178657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
  2⤵
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,9044499444567087714,9146734393938178657,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:2136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,9044499444567087714,9146734393938178657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4520 /prefetch:1
  2⤵
  PID:2004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,9044499444567087714,9146734393938178657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1924,9044499444567087714,9146734393938178657,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1752 /prefetch:8
  2⤵
  PID:3428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,9044499444567087714,9146734393938178657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,9044499444567087714,9146734393938178657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2484 /prefetch:1
  2⤵
  PID:2736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,9044499444567087714,9146734393938178657,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5984 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,9044499444567087714,9146734393938178657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4032 /prefetch:1
  2⤵
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1924,9044499444567087714,9146734393938178657,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6444 /prefetch:8
  2⤵
  PID:1048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1924,9044499444567087714,9146734393938178657,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6472 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,9044499444567087714,9146734393938178657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6584 /prefetch:1
  2⤵
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1924,9044499444567087714,9146734393938178657,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5828 /prefetch:8
  2⤵
  PID:868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,9044499444567087714,9146734393938178657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6604 /prefetch:1
  2⤵
  PID:460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1924,9044499444567087714,9146734393938178657,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6808 /prefetch:8
  2⤵
  PID:2696

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:428

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1984

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3a33855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:3060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
01865eb63c5e609db1fe2d2477110472

SHA1
8e70304dc5f4502687d76e0cd9c9c86c2a62f785

SHA256
25f15329af5e60320dd7ec6dbbbd31505a179b2b9a8752ab9e4db207d93c05fe

SHA512
bed8f5ca2220e52378984175c1e41b39a2a2d7106dbdf2800cd85d0af195eecc5fa1b11192394ca529f9362f55eb5f40b54911b91be106fb91b33808867acc6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
215KB

MD5
e579aca9a74ae76669750d8879e16bf3

SHA1
0b8f462b46ec2b2dbaa728bea79d611411bae752

SHA256
6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf

SHA512
df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
70d6975fed4765dfe369a6d5663a7931

SHA1
3732618be486feeb0dec970913d346665815c87c

SHA256
c2ab45aa04199536706ecd27a7b0b9c389d69dfab64893a7643830bcf1872741

SHA512
8cd7ca8739614bea3ed7e6e449f1738c79b71f529c43bcf90001411a26c273cbd0b6c2dc0e4e58d8e2845d543ed9d456d78973fad5a85ebeda60e0518c1570a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
ccebc7d68462e976ccbfc5b87c8ee29a

SHA1
284d52c7aa44e8e7188d91ba29ca10e6919bb3f0

SHA256
564d47d03e606d46a9fffcd3dab02de4ea2b7b5d00e98df6046ed130efde2299

SHA512
a4d26ff84af25a7df52526dab8a8dd4327a2cfae5d3fe9509e7534e8ad94d5f5b0fb2ced79e9d5bd931ed94667a3557d695118d80dd8ee8d8a6bf3762285ee70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
8d43101e1055b3db7a7b490f1cc49cf7

SHA1
7532e48e56d5213ee3405e9cf49629f0dd6ce312

SHA256
cdb7b7793e9924cfb4dfe95cc18324cd1b319abfc0878cf152ccb64179ba29f4

SHA512
412aea65a3bc4d05aeacd268aaa46eed067cd13a651c45839191e804e755ef5e9d7808e5efeb07c622c72b8bb5290c71b8df9eeca026bd71b2063ccff54e7601

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
6eb07629b8900dcab091d3830824ec0d

SHA1
c16fff99e1a8f3255b8e366b121c7a956775807f

SHA256
48e4c873a160a3bacb2ba710048aed5ad4d0d9fed62350723a76b8403ca41e5b

SHA512
d54140ec5f649d38dc919156592a47d32461143935bb822cdb170ba088cbab0943bf379c80b7520efc1482dc2f555b344f96f65da28c7acedfb2fa8435ce2ff2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
90e786aca794be1649961457cd4e492b

SHA1
a3a57231ea48f1af79b479c9a4b715da5bd11eeb

SHA256
8edc3021d4182294f12e3bc370e1b88ec2808f7540f6b5aaf12dc379cb5ecb7b

SHA512
eec7324da9d4b160b67807e0a5288347440fba7cde10bf30fb2bbfc260c525a9c0faffd6d4c791b1d87b9c91906335dd9b0b80faad2e2563adae3760735bc87a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
192e87f58d0096df51053f2589f65f78

SHA1
24643336a867007fcc443317d3f3dacd5505d52e

SHA256
d062218ddee26d1f18011aa0e1756d7847540e9a936aebf788b22800ddd61072

SHA512
1f58b15831a7c0548dc0aec7c73ab80ac0c2cca9b0959e2617e03fab6674032499ff5e2c79600034a3663dd21546e064e60aa48d6ebd4f870143ae0b64b1f88f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d3e44942189f3dfc2e0a6a836f4def9e

SHA1
b45a5e43cf3c51d05b7922a156790cbaba582b0c

SHA256
b08c53487fe01b1c0c21b7d603730ee4d0f6fc8d7e3586e0faeee7376d544680

SHA512
2cfbbb7154f13d285f18855ba3cc272a0dfeb01d77af18b5439d39e0a9097d1627bab5cf9a78cd026bda12bb7cf3130d76f1646b408b8974fcff01371bb72c5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c599d3d2b54d140c96d0c2a3d93c0907

SHA1
2954775b2334eef1ffed0cc264a5c2ff512cad90

SHA256
d7f503e5639238a9ea79ea5c8d5d5e890cdebf842bca46d159c7f9e98facec77

SHA512
91a3624ab5125801e70ef0935cd5d207a1eebe8496b4995e5585c6f888fb7c54da6b01b3a7f61c57e25491e494000e03c4370bb022b1091b9bc80ceac860e112

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
69e340cc8f08dea84fab6bdcafe16d34

SHA1
33a5cc986eb56033b1c57ee40c36c510ca97d663

SHA256
d013f422e77573247e578d5ad00cfadcbfe8d6893551d686768805a29b7078b2

SHA512
9eaced494dbf3413c5d983a24b6e480c7db17aefdb8ea2cbc24f8e6c9b58c64969094b8016551f1a8fe90d4d4680d63f79b06f557afbf1ea9413faf330d48c5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
413bebe18c3690f52c835d29578fd05d

SHA1
bfadab52bd1508f38590778721a42d5c8f6a845e

SHA256
2045890060488e28f965853e9810031dbb3ad8915a70857c591e3a0d6d9a01b0

SHA512
fd3e14ed6076de58c7f0b31134060cf6606f6bc8eb35fee4d650afe7f9068a7c62a30b967b4eaf541ae2cab86a6a60e710722804053f986710e47544543bb50a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2e9468f88e580edd928c8fde72d06d2a

SHA1
6a1c6e91ce2c96835b142f04271502ed52a4bc26

SHA256
4fd9cdee43661ddbc513eac5a8d3d1f1658b57e7d597f15c6739486f152fa6de

SHA512
99bd2cd788dfbb8c7b1fe27867c0c9808a8ccb2d2fac8cae7bc9075c7c5ee46b65ec8246e7940d57f8ea5c95ad81b88deb2af09029c123bf128411308c710fc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
70d88490796aac77dba47452ffce2ee6

SHA1
072eacfafd6cb43f2855b8906d04bb369a3f9cb3

SHA256
68bcd51ba2dce34f8d909310bdd1deba08f2c39bb99d4ce2113cdee8724c19fd

SHA512
f595d84961ac6db258617b60a494093a5615af8669876613dcb973d45ab851128c065e4a52edccbf376f9248abc60497c5e3dbf9d5e5597ad1fd90fa4aa39528

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7f63f6bf0729b48b9bb7e44e0db86894

SHA1
27d4ea583ac457aa27e0ee9d87f38f9c71f84da8

SHA256
11e303f1597ebc822c05a63d7b2e1a3a00fc8996a045abb4e24ee8213ecfe578

SHA512
b9b759a1907d32de35e6bbdfff800fbd612cb45d60b2502daec5649769567ddcf0b130515dd72c797cb75c0e9b0a1bfd6a48d31b9111fc573c20072b42f2a47b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
46e469db1249b480e9e46008665c6eb3

SHA1
d6645cf42b65f440395061a3dcbe40d185cb3d97

SHA256
36f04175b313bf8d8056c347e0c031222071625f4e40bb8f52ba5fc24bd9c028

SHA512
a111e0e79ce18af44053570758542b4de0b1b78825c80a9cb59c59c12e71f53273ffe567ec49284408538cf813775126553f44efad2b5b60ab22638b2f56524e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
642d5ae6c76c12296a0bc55d81792fcf

SHA1
5316c00c70c1a19f423f12485728f0a9cad232f9

SHA256
762708ffa2a94a4020015333e041f68d5827f3445e2e77e29901d63c0c7c0482

SHA512
7c14f05c2b25fd9dd28b60f1a72b555df835975792851a9f04cfc455dadc48f7ba63a9e27ab70cfcd647bae22e0bea984a73d5b1f754a32c037d97a980103d93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
27a04e7d98f4eca26abb8ea5ac9cf3e2

SHA1
3af5f1e8eec586638933f577ea9cb009215aaf5b

SHA256
851b5c98fa44bfff19e3370babebe69d0e2e2b6870dee100986e04ba6f21452f

SHA512
4817117ccf099321e556c33b0bf49c8708d60a34d59f1ae69dfe1a049ea0f56d3b275c22b53081cf5a05fa956d0bccd77b39da1a2b59511ab24b20789997ffba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d85f0067e5a6d55a1b5d52087d8562a2

SHA1
d5ef202136612c208d187c3c857f5ee6b5f72f83

SHA256
37aa1b9ed8d839cbdb5c063f1c4166b28e6279ed1110e72aaa3c51825e269f32

SHA512
b75ed29470d27b6881ea680b11ce789d23c082b4a9aa6f71de18527f8ff992efca46e9247bd391de67bb0c6ebb7520f4366386d1bf8fc596ce09ba95874bbfbf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e08eefc4ae53de2c171cb12d1629718f

SHA1
98033e5caddcb9ba32ecfda1f878ace46b4d5b45

SHA256
fddbc4daf68f1bf6b2f390ce1bd770478e729fd0677bf8fac9169e7936046761

SHA512
812fc13d2c3c636f13f5ca016fdca1956bc4422676a7ea16b7bc50abaac2908db839c8bef244c856221dec21ef5885886f747fc6c56c084a23e7492ae670edfa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f143b802b362efe044cfb1cd47e68656

SHA1
bb3b50e950e009c7a8e971cd45397dd3fbd602a3

SHA256
0982637bf0ab5728024887a74ad10189c3942df4714182b9229a0fde690b5aeb

SHA512
7d0d9e14aef29f71b730f1e2673d95cc16243d1f75c3a918cfd0e231d54d4eb781c101c57a055e1b1b658912c7e18ce56a75343171849b25e029b31fa204d87b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
085b673e3f9b5a38c0b7fc358ca9771a

SHA1
7edef6d4486777ec3eb58facde02377868cdb7de

SHA256
58c860ba8dabcc462e98303de5db0eb31d9bb53d1fee582c95bfad15296511f9

SHA512
928ebfbbc1d89cf4e8d5fe44be20c432cf908f5996f9512824ef6a0aebd5de6cd455f97870d3dbbcb4eab0f878867d5a91180c7a8ac679ed714c437e53039c14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b50ba50d1d448ec19a345f35563230a8

SHA1
4a8c8668427c54b8045379a2c938c42f8c3b3ab8

SHA256
d3826a9b7aaa6749d44bc215ef4bbe0fee78b5c493cceae70f810e48f3db658b

SHA512
8f55d70e5488243895b6578e8bba06af883a5bf10acb0f45af7adb4d95c7f7d0ae79d0f39a6db924414ad2e6297afc3b4a2611ca32d639410e7a6f0f8fb2f509

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2e985e281f14df7a0f57765df671e969

SHA1
6b454ec752e4565a68ca9a0d6260e1515d2d0a5b

SHA256
9cf406d8c698be3613b96b070c5b4a39ad9afa4fa5109a643d17d4f94c1d7276

SHA512
aa94493c00a032a7b590705e792303c1eed927dc88cd5678af6e4414d2729c79555d96069c57bfa3a31fd02fdc323ad7f29fbfb594ef701c2926b80c12951404

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
a4eed1ac78664eb055949b6b59711e20

SHA1
58cbabd788e16bf24b0743e6698b3f29d30d839e

SHA256
dd10c8e34ddeed8b2e58d0a624c265a3ca09a247f26287f508f60c465dcd6e1e

SHA512
dc9ab9607a26fa7d549ef9649cd79facfe1926b1f875e9f422593f7d0d5b12ed41e2facba19021fa644b36a04cc1eb6b793d81393dbd9f4d84413c0e67252cf3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
3ad6a0ab4d617732a6aaeb3b48a74042

SHA1
dbf016082ec8c02b1dd618f447f1a74d093cc2b9

SHA256
6ff4893cd25b0e6795c3b12c6a4c433cd0417abadb9fb8b044a4f89ed7b03fd2

SHA512
602a926fbad33c8cab71b2864a64a3ebda4921b264ffcabbfd14f4cb602ff3f49f4d08755a2496bb5f624110ac825072af4be0d6a2480d624a1fb64958cacd81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
4a0beaf62bf46be9f566c0e17c7686ad

SHA1
e3ad214db39b1aeae0baa3c0ec6410b85bf5ab76

SHA256
6f359a08de708a0af57d8acc304b0635532b4c0aeb0e33d3a33aacc09f213ed4

SHA512
8acdb0dc2d2e163eed443645643234c660efb6c4f182d974d41ddd7e81108e278f984af40cd2a54c47b1d06204bd2a22b63a1d26c06810ff02c6bf3e1d47a376

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
58a7477cd14a1e0222d7682d71064d50

SHA1
fce9ef0167ef2e5c4cf1cfd0544e3159ccb85632

SHA256
c39f08bdea8fa314fea1767062f92837b5ec3f0458507ef5ffdd7b168f5b1fcb

SHA512
66d4fb602d8969fda5c24eaef873c449e3c43858f0b9661dfaa1b4bc7c89cd1772533e6a8d05d7cfa9b8638d2b6499a3b37f374799c7378fbea9dbb8b87cd25e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
e8afc7a37048e238671bd1b8fab67f21

SHA1
95f45170e362a138cf7ce5f230a46647ef5241b7

SHA256
c65988b9953c7121c18bd6f5a135a7f67e7e8d9fc9f7bfc777b6a50252178805

SHA512
cd0a38e40a53e12e003d4ac49ec1df53f393c0c22f48e2e637c3a49eba95c79aa946ea576a999e7048bed262e95a379e53fa5332ea49c79a79ce09ab9caedf96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
6221f74e9f1740f4e22febea7b28b586

SHA1
10e751794fb7feacc436e349fa8c0bea182f6886

SHA256
c45116efd97f37492ae47140d45173a40f60a1a737cc31e0d50ea0d04fadbacc

SHA512
00fd5948683e97d26ff063b2467a0405e47556719d9e0e8736c99e396ef1b1f218fb7aa168cb90239debca3d1e02936c4dbf7ec70a123ec0e0787f28673f309c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
46e6ad711a84b5dc7b30b75297d64875

SHA1
8ca343bfab1e2c04e67b9b16b8e06ba463b4f485

SHA256
77b51492a40a511e57e7a7ecf76715a2fd46533c0f0d0d5a758f0224e201c77f

SHA512
8472710b638b0aeee4678f41ed2dff72b39b929b2802716c0c9f96db24c63096b94c9969575e4698f16e412f82668b5c9b5cb747e8a2219429dbb476a31d297e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fdee96b970080ef7f5bfa5964075575e

SHA1
2c821998dc2674d291bfa83a4df46814f0c29ab4

SHA256
a241023f360b300e56b2b0e1205b651e1244b222e1f55245ca2d06d3162a62f0

SHA512
20875c3002323f5a9b1b71917d6bd4e4c718c9ca325c90335bd475ddcb25eac94cb3f29795fa6476d6d6e757622b8b0577f008eec2c739c2eec71d2e8b372cff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
63ba9cbf6804482996a0ece8c9c4eac5

SHA1
a3c0d06fa1e2cd8c9d807a4656e11d3e67d36428

SHA256
3f72dba4cecadda610499130839f2c82567e25ca35ee6451bace8bf812eba577

SHA512
7e450cdcb19278c4fdbc7a7203cf09521d32861bd6802a2658ad3eeddd51464979ed3bf109d2514f5328340411f19eab047079c64a7ef5b7ebf18f4156afc3c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
d554076437353d759e565d336f3540c7

SHA1
0ec0b4828453e4adf1d7b7d141d8205698018b16

SHA256
a3eeadd41be932007320ada61af9a5beef5711653e63ffd84d75c87045defe14

SHA512
bc144b536a62f9ff2004f9e512a672638a8d6b72002fc132ec4d7ec053afb3c1993cc9717b122b592035039386ecde73bdfd71979d95c9ef3f0342d60067cda0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
cea962df8f7f6f0b3fc11739193b7be4

SHA1
0ff819a7361e35989fa18d28685b40732c58f8ee

SHA256
1a8a02ebede8541037999f144b62691814960fb54d3ac6898238301a5783f1cd

SHA512
931b4300b749ab7f3d3e0b9b4969634652a0dc5627776d9ef6901f5af6486bc7517cbe05a72c10057ebec8a0b756ec2213a29fc1457d1a4981b347edcb40418e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
264B

MD5
b7462b5b0c07dae4962b6ac27485a096

SHA1
e1962f779520bd69ee35ecb4e8fca98e58f54358

SHA256
9663887c61f7b3525525aedfc89b34e660f13637a97a113a6f543afe7e3f8a13

SHA512
b133bbaacce23abbc57c25b26a55fe250dd369a9c0ad03c285c5e7ff5629752be70ffa586031bff3582f06bbec0b9dfd557b227c65ecff4ead1b86aea037177b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
650B

MD5
fd1b0ee799d5768c3cbb2bbd8f236845

SHA1
141c8316a1695968e5bf91d5305a41c9ea5b7173

SHA256
d6e8e000923668bb13e7c564a68390327be474610d0491c743f67432fe7950e4

SHA512
9a642a46c167a1fb87a79d0ea575509a04247b90753a8a59268297038e3f82bf0e294df367674f3a81ad1b2eb1562c637d520ae54b045c85c679323502e12e47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fff628add787d30e44990a253254847f

SHA1
3ecf6bb15d2797e645ed2e1486aa917ce68261ef

SHA256
9af6c73543b1685e808768009c0890241ee944604f186fa5c55092a21a57c9ed

SHA512
d17c77ce0d7aa9c70a39cb28129399f6fe218c210ddcd390907871d505bb341c879dd19a7ec5ca42831d5116550dd28df3236e77e5c7c7e2581218e099cdd465

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8ce4860338bcc76490196c640fd735dc

SHA1
562ef6c0ed1bf4e61717a9ad92c61da58010c176

SHA256
89d9dd594d2a6189381e96bce60b2215373ac39988df2e46d541928aa29364f4

SHA512
4d2d313d3e86dd58a41de5a07a1e2b38e47f74212281154f2ea6f732727106f23961b9ee477294d2051eb61d39df14cbdf4e6148c1adc1b0a20e215dd3cf114d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
10615f109e11002da2d22e72373e7a04

SHA1
0420ff99dcc60494c459699022ac7fc3cd42d07a

SHA256
219912e97e830d74e32c44948aa40b873804ad43663561ed7aa9b87657ab52e9

SHA512
6e45e55a95f26adf5db37442d661884a5a59cbb95154e79354da0d9b49badcf5dddf968ba869e25bf5f5eae19cec45df4d9e735450cfc3dad3d52ca473e34ea1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
13c941e97891d492b24f228f414f09a4

SHA1
1360bbd5dd39fbfe59b385a68ebff918617de4f0

SHA256
3f9ff33e538899e415398cac391f56221c400bbaf4583bd8f3473f9400cbd718

SHA512
98e33fdc7aa00d02096b1fa296d6e606fb5c32467e20d61ef44159a07bac95764b19ce62c3d8c58406ea23a0c8bbf1db5f7774bcc1bfdeac1ab8e46318e6f09c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
44ad2fe848b8d3870d888ee72e958caf

SHA1
a21383541d980e0f0fa43bf59f6544bd4cd10c6f

SHA256
2c9559edd8b310764f67c76643ad7374b1003880aba502beeb4cff45c7c6a46c

SHA512
64c12cd0d8f3058029c7461c97915fdc4bed80e0ca66bc3879a8841db3d5d9d562d6aacfebb8bd7643dbfa2eb34249bd0545744a4ec91e8eefdf8a837e371483

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c60cb02fde41a5637de60f7d309b0734

SHA1
0879054bee56b7bf6cae36f4cdd6f2f50b2a6cc0

SHA256
e3a5c7e987226cd0dfa0d4cd180f1e54121e190eb41cee6caa458095c288ffc9

SHA512
a5df62f3038ea5877a27dd38061ea190bd5f34140736da6ac655febfb90f906e5fb9e3799db72c441e430dea0d57bf29c25966a2fbd5f3db4f2b54d43c172986

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
0e7dcbc7c85bec0da951d79414d429d8

SHA1
3ffbdcafa9c581d2ab04c5f5dbb261975a625217

SHA256
54f48e0c8d743ca811f760648090c5b761030e1176901860364b8a5724964332

SHA512
3822dbadb3e787233cedd288e1a9adc943b4a67468538256106a70cff6a72483e0d00c128892ac409e83ab58da70a60087f88cc7b8f8b56553ff56efb7998e16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a7229b838a8ed405c81740e880926e89

SHA1
4d69c4fdcb40bf11fa87af4c33bf936ae2ecc7dc

SHA256
0124151cbd9283f34fbc46bd8a725ae1f787aa6583a13487f4d2261667da5e57

SHA512
aa077569cf845043242d72b0d851cdd4f9748377db0d7177542f2206d87e5123f7eb54e4c8c823926cbcf49e43519994bed4c883cb199842f37c21875c3c1d08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2f97f3a0fd2a8962d5edd51a2d3f6cd5

SHA1
3d99b8cc50aefaf584f9f27371ea6b8771827b3b

SHA256
ba343d01d91955abadaae8dcd4b751b1a7d4d16e342ee4002dd1462c7fee9dd7

SHA512
0ae193e4bb5d4a2025ca72c3fe2d869e4bc829e7968777e9c093ef238562b3dd3def1b78b9c819d11591c39b7dc2654c8d077f1d1ed08096726d1ad8e5bdec4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3f93524ffb8d3e92672a6b148e34a295

SHA1
48756f693dfc3c4247bf7c2935386b6c539096f5

SHA256
9f04b1978975104357f96140b1bcdb6ca40993c74f4632e452c8ba9c34c69952

SHA512
b2a3f67e2d1675abbfea36a8c761b035f08b42dd93320a808575d73f3bf140bab197de2d1f4342722d71c68972b7a818313b0745c615714022104b9290200941

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a62e9a8a1b5cc42031490bf51259c0dc

SHA1
5b3dcc34440face967f5b4cd5be7a4f59ad2e156

SHA256
71873ede82fe0b94398a02e0546db0f936170ba87e480d541ab05cbb4ef005e2

SHA512
a8eacb58758c3ebec435e1a24721a31db824b75b391bfcae2a613c1d6aa577e4691a8b874e333c21a733bb3b96589bc3825433bd10d5769f76da3edb463f392d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3b13ce2c7be1f41188da9d33d8696972

SHA1
40e285e4ba2d9507fcaef26cb288feca594ea161

SHA256
eaadd750470d6a661929544e825a82c075f0bb798da736fc8efb7c6ad401408b

SHA512
9dc7ba3fdd8669d908565a000a9f0e203660756751e151898e7c4678378c182c9f0417e4acf870abe434fc44bc04536a0010201640a39f877c4071514ac22ccd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ee7da186fc354d0e8c4ecbe228c452ff

SHA1
2de7f2bbdddb1f824f1a4730da54d4d2bdd0ceb6

SHA256
fb481a0ab648083162cbe4b9b47107b8d56bd0260d1d27b14d18f3dd4bef1a95

SHA512
5f812ce51046c52d33df884e8912fafdbe167f93cd5b5dc0a022dce984c4b8aa2f6a2432cf6f0e2447b4ad9d0c4a20fd15a852f183236c0fb16ca205487bc115

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58b224.TMP

Filesize
203B

MD5
0f321df9c7b3c4f64f8bc3387e043627

SHA1
cc955c6d55937ab8678637787e914a6c9da28227

SHA256
be6e44ee6afdc2f956bac1d70339c49e44df9d7c72242179373a9ff434d079d1

SHA512
eb66fc31f33f8c7dc5336f3365046d1f3bb60c913f8a5254e0119a050bcf9a9335f22489b0d9e0798421ba5c808cf98e18a043db7325bd2cb9cef36e0f00ef7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ea2a41b1-3de6-478c-93d7-4ed0cd3a53ef.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
36a72e49061393418f40f29a7dd6a8d4

SHA1
e6f82dc83b92a004d39a0056769f737eee1f8f6a

SHA256
ea57b27710518950d0acf14c2477d224f6ea0d3252e80e8904c8e709032278b6

SHA512
b4b6f63c6dcd5c024d50a462964be03f31c571a05c1949724f7377c54ebced98806b7d902273b35278d53665103b0462e61d5cab9413e1c3e524c56c5b692c6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
296d1f0d8d1e97f45292b2490c8e25d4

SHA1
23e8264e8dc1ebf042c37ac74716cdbe86b3dce6

SHA256
ee2836ab54442d1115d03860afdc227b3eaf66a49e3e201ea5bc5653682879d0

SHA512
0a0b6eb2cb13c36ae7e3cb497a3eb4c3a9c9a8a1d9e4a3e2ee47a0dec80b398cf20869a53c68e48d0598fbb93b8b95e29e254a01a0dd4b030dca7d4c427d302a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
3ab507fcc5302917f87b3b00a4206b63

SHA1
6c9e2665de538014331b0626bc03d03b637bea9e

SHA256
8d187740b9bc08115165c519073f22a1a7596ab18ee79a05b115b1f47619cfa7

SHA512
ab77103425fd7a3f2462da75fe88add6a553514eba2f4af4d424dfe8b8c9593ddec3218a9a7ea3793c048ce50f0ecd4e2fd0de83d86a8fceadb57eca13282083

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
317eafae4cb8dea8fb7e3a3283a435ef

SHA1
d7750f0f8b9a65fb9cad93d7000b61f47bd3db63

SHA256
36504e7f692567fb6cbe03cf6510754687bd7e9db473068f03304b6cf69a3404

SHA512
a974a34fed939cebbfea1afd734b475d4b9c31aaae4136c975469355a26125529d29677759980a7a2c67a7a6262ab54e032c344da6526f3d6a59215fcb4818ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
4b405dad53340c85b947f6e629123c9a

SHA1
c42b5618bdfd0211ea757f84eee59379226b14ef

SHA256
161fdf18e0bcdc2989722f077364f3194bd2217f34c30a77dc9393ff3feeb144

SHA512
908e1f930b790cf7398d2019a8b7e0242b011abe7d4970438a6be19eba2f5fcaae1a408de723070a9104b0c0e4cb212cfed4bea18a9121b46cab4504f34c20fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3012_1003483547\444ed226-2206-4758-b9f0-e7bc02e871c1.tmp

Filesize
132KB

MD5
da75bb05d10acc967eecaac040d3d733

SHA1
95c08e067df713af8992db113f7e9aec84f17181

SHA256
33ae9b8f06dc777bb1a65a6ba6c3f2a01b25cd1afc291426b46d1df27ea6e7e2

SHA512
56533de53872f023809a20d1ea8532cdc2260d40b05c5a7012c8e61576ff092f006a197f759c92c6b8c429eeec4bb542073b491ddcfd5b22cd4ecbe1a8a7c6ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3012_1003483547\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\Downloads\MadMan.exe:Zone.Identifier

Filesize
55B

MD5
0f98a5550abe0fb880568b1480c96a1c

SHA1
d2ce9f7057b201d31f79f3aee2225d89f36be07d

SHA256
2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1

SHA512
dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 243155.crdownload

Filesize
32KB

MD5
eb9324121994e5e41f1738b5af8944b1

SHA1
aa63c521b64602fa9c3a73dadd412fdaf181b690

SHA256
2f1f93ede80502d153e301baf9b7f68e7c7a9344cfa90cfae396aac17e81ce5a

SHA512
7f7a702ddec8d94cb2177b4736d94ec53e575be3dd2d610410cb3154ba9ad2936c98e0e72ed7ab5ebbcbe0329be0d9b20a3bcd84670a6d1c8d7e0a9a3056edd2

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 536526.crdownload

Filesize
2KB

MD5
a56d479405b23976f162f3a4a74e48aa

SHA1
f4f433b3f56315e1d469148bdfd835469526262f

SHA256
17d81134a5957fb758b9d69a90b033477a991c8b0f107d9864dc790ca37e6a23

SHA512
f5594cde50ca5235f7759c9350d4054d7a61b5e61a197dffc04eb8cdef368572e99d212dd406ad296484b5f0f880bdc5ec9e155781101d15083c1564738a900a

Download Submit