redline | hxxps://download1590[.]mediafire[.]com/wwan818ym6ngV2UAcgiUqbZ7f45gbV-8JRb8KKHPpn1zgswvE7BJ2EF8Alxk4vvL0XqQyfyN5siKl3QZkS3p0A4nTC1EWjYMVC_k8DjeNHWKQLj_Tt8CcY82w4Qa2CNzVCbZKxk0nGBe5Cr1nGJlnv4-NFYXxfxD5iK0sKNa_uM_rQ/p0km9ne321dgyw8/launch%D0%B5r-p%D1%81[.]zip

Analysis

max time kernel
409s
max time network
411s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
27-11-2024 20:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://download1590.mediafire.com/wwan818ym6ngV2UAcgiUqbZ7f45gbV-8JRb8KKHPpn1zgswvE7BJ2EF8Alxk4vvL0XqQyfyN5siKl3QZkS3p0A4nTC1EWjYMVC_k8DjeNHWKQLj_Tt8CcY82w4Qa2CNzVCbZKxk0nGBe5Cr1nGJlnv4-NFYXxfxD5iK0sKNa_uM_rQ/p0km9ne321dgyw8/launch%D0%B5r-p%D1%81.zip

Score

10^/10

redline @miromistin0 discovery infostealer

Malware Config

Extracted

Family

redline

Botnet

@miromistin0

94.142.138.4:80

Attributes

auth_value
2ee380277e944675703ad248459af8c3

Signatures

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 1 IoCs

resource	yara_rule
behavioral1/memory/5696-831-0x0000000000400000-0x0000000000430000-memory.dmp	family_redline

Redline family
redline

Suspicious use of SetThreadContext 3 IoCs

description	pid	Process	procid_target
PID 3780 set thread context of 5696	3780	launcher-pc.exe	140
PID 4888 set thread context of 3152	4888	launcher-pc.exe	153
PID 2540 set thread context of 5160	2540	launcher-pc.exe	159

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Program crash 8 IoCs

pid	pid_target	Process	procid_target
3512	3780	WerFault.exe	137
1140	4352	WerFault.exe	142
8	2020	WerFault.exe	146
968	4888	WerFault.exe	150
3804	3860	WerFault.exe	154
2928	2540	WerFault.exe	157
680	3260	WerFault.exe	161
368	2592	WerFault.exe	164

System Location Discovery: System Language Discovery 1 TTPs 11 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	InstallUtil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	launcher-pc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	launcher-pc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	launcher-pc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	InstallUtil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	launcher-pc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	launcher-pc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	launcher-pc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	launcher-pc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	launcher-pc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	InstallUtil.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133772132527490728"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
4248	msedge.exe
4248	msedge.exe
3140	msedge.exe
3140	msedge.exe
3788	identity_helper.exe
3788	identity_helper.exe
4512	chrome.exe
4512	chrome.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
1220	chrome.exe
5336	msedge.exe
5336	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
3140	msedge.exe
3140	msedge.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
4512	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
3140	msedge.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3140 wrote to memory of 1456	3140	msedge.exe	82
PID 3140 wrote to memory of 1456	3140	msedge.exe	82
PID 3140 wrote to memory of 2776	3140	msedge.exe	84
PID 3140 wrote to memory of 2776	3140	msedge.exe	84
PID 3140 wrote to memory of 2776	3140	msedge.exe	84
PID 3140 wrote to memory of 2776	3140	msedge.exe	84
PID 3140 wrote to memory of 2776	3140	msedge.exe	84
PID 3140 wrote to memory of 2776	3140	msedge.exe	84
PID 3140 wrote to memory of 2776	3140	msedge.exe	84
PID 3140 wrote to memory of 2776	3140	msedge.exe	84
PID 3140 wrote to memory of 2776	3140	msedge.exe	84
PID 3140 wrote to memory of 2776	3140	msedge.exe	84
PID 3140 wrote to memory of 2776	3140	msedge.exe	84
PID 3140 wrote to memory of 2776	3140	msedge.exe	84
PID 3140 wrote to memory of 2776	3140	msedge.exe	84
PID 3140 wrote to memory of 2776	3140	msedge.exe	84
PID 3140 wrote to memory of 2776	3140	msedge.exe	84
PID 3140 wrote to memory of 2776	3140	msedge.exe	84
PID 3140 wrote to memory of 2776	3140	msedge.exe	84
PID 3140 wrote to memory of 2776	3140	msedge.exe	84
PID 3140 wrote to memory of 2776	3140	msedge.exe	84
PID 3140 wrote to memory of 2776	3140	msedge.exe	84
PID 3140 wrote to memory of 2776	3140	msedge.exe	84
PID 3140 wrote to memory of 2776	3140	msedge.exe	84
PID 3140 wrote to memory of 2776	3140	msedge.exe	84
PID 3140 wrote to memory of 2776	3140	msedge.exe	84
PID 3140 wrote to memory of 2776	3140	msedge.exe	84
PID 3140 wrote to memory of 2776	3140	msedge.exe	84
PID 3140 wrote to memory of 2776	3140	msedge.exe	84
PID 3140 wrote to memory of 2776	3140	msedge.exe	84
PID 3140 wrote to memory of 2776	3140	msedge.exe	84
PID 3140 wrote to memory of 2776	3140	msedge.exe	84
PID 3140 wrote to memory of 2776	3140	msedge.exe	84
PID 3140 wrote to memory of 2776	3140	msedge.exe	84
PID 3140 wrote to memory of 2776	3140	msedge.exe	84
PID 3140 wrote to memory of 2776	3140	msedge.exe	84
PID 3140 wrote to memory of 2776	3140	msedge.exe	84
PID 3140 wrote to memory of 2776	3140	msedge.exe	84
PID 3140 wrote to memory of 2776	3140	msedge.exe	84
PID 3140 wrote to memory of 2776	3140	msedge.exe	84
PID 3140 wrote to memory of 2776	3140	msedge.exe	84
PID 3140 wrote to memory of 2776	3140	msedge.exe	84
PID 3140 wrote to memory of 4248	3140	msedge.exe	85
PID 3140 wrote to memory of 4248	3140	msedge.exe	85
PID 3140 wrote to memory of 1160	3140	msedge.exe	86
PID 3140 wrote to memory of 1160	3140	msedge.exe	86
PID 3140 wrote to memory of 1160	3140	msedge.exe	86
PID 3140 wrote to memory of 1160	3140	msedge.exe	86
PID 3140 wrote to memory of 1160	3140	msedge.exe	86
PID 3140 wrote to memory of 1160	3140	msedge.exe	86
PID 3140 wrote to memory of 1160	3140	msedge.exe	86
PID 3140 wrote to memory of 1160	3140	msedge.exe	86
PID 3140 wrote to memory of 1160	3140	msedge.exe	86
PID 3140 wrote to memory of 1160	3140	msedge.exe	86
PID 3140 wrote to memory of 1160	3140	msedge.exe	86
PID 3140 wrote to memory of 1160	3140	msedge.exe	86
PID 3140 wrote to memory of 1160	3140	msedge.exe	86
PID 3140 wrote to memory of 1160	3140	msedge.exe	86
PID 3140 wrote to memory of 1160	3140	msedge.exe	86
PID 3140 wrote to memory of 1160	3140	msedge.exe	86
PID 3140 wrote to memory of 1160	3140	msedge.exe	86
PID 3140 wrote to memory of 1160	3140	msedge.exe	86
PID 3140 wrote to memory of 1160	3140	msedge.exe	86
PID 3140 wrote to memory of 1160	3140	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://download1590.mediafire.com/wwan818ym6ngV2UAcgiUqbZ7f45gbV-8JRb8KKHPpn1zgswvE7BJ2EF8Alxk4vvL0XqQyfyN5siKl3QZkS3p0A4nTC1EWjYMVC_k8DjeNHWKQLj_Tt8CcY82w4Qa2CNzVCbZKxk0nGBe5Cr1nGJlnv4-NFYXxfxD5iK0sKNa_uM_rQ/p0km9ne321dgyw8/launch%D0%B5r-p%D1%81.zip
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffa65946f8,0x7fffa6594708,0x7fffa6594718
  2⤵
  PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,12572583177937762139,10817851485386829984,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:2776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,12572583177937762139,10817851485386829984,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,12572583177937762139,10817851485386829984,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
  2⤵
  PID:1160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12572583177937762139,10817851485386829984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:3080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12572583177937762139,10817851485386829984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,12572583177937762139,10817851485386829984,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 /prefetch:8
  2⤵
  PID:4120
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,12572583177937762139,10817851485386829984,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2136,12572583177937762139,10817851485386829984,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5380 /prefetch:8
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12572583177937762139,10817851485386829984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:2700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12572583177937762139,10817851485386829984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
  2⤵
  PID:5320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12572583177937762139,10817851485386829984,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
  2⤵
  PID:5328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12572583177937762139,10817851485386829984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
  2⤵
  PID:5544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12572583177937762139,10817851485386829984,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
  2⤵
  PID:5552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,12572583177937762139,10817851485386829984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:5784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,12572583177937762139,10817851485386829984,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5680 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2136,12572583177937762139,10817851485386829984,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6900 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5336

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4232

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff949fcc40,0x7fff949fcc4c,0x7fff949fcc58
  2⤵
  PID:1960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1756,i,7807633241225458051,16196479113827903951,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1652 /prefetch:2
  2⤵
  PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1832,i,7807633241225458051,16196479113827903951,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2040 /prefetch:3
  2⤵
  PID:2564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2288,i,7807633241225458051,16196479113827903951,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2244 /prefetch:8
  2⤵
  PID:3400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3148,i,7807633241225458051,16196479113827903951,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:2520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3244,i,7807633241225458051,16196479113827903951,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:3772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4552,i,7807633241225458051,16196479113827903951,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4588 /prefetch:1
  2⤵
  PID:964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=860,i,7807633241225458051,16196479113827903951,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2936 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5136,i,7807633241225458051,16196479113827903951,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5144 /prefetch:8
  2⤵
  PID:2256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4828,i,7807633241225458051,16196479113827903951,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4020 /prefetch:8
  2⤵
  PID:1496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4480,i,7807633241225458051,16196479113827903951,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4444 /prefetch:8
  2⤵
  PID:5460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5232,i,7807633241225458051,16196479113827903951,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4076 /prefetch:8
  2⤵
  PID:5760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4440,i,7807633241225458051,16196479113827903951,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4764 /prefetch:8
  2⤵
  PID:5884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3152,i,7807633241225458051,16196479113827903951,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5088 /prefetch:8
  2⤵
  PID:1736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4416,i,7807633241225458051,16196479113827903951,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4492 /prefetch:2
  2⤵
  PID:3704

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3176

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5532

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:904

C:\Users\Admin\Downloads\launchеr-pс\launcher-pc.exe
"C:\Users\Admin\Downloads\launchеr-pс\launcher-pc.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:3780
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5696
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 568
  2⤵
  - Program crash
  PID:3512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 3780 -ip 3780
1⤵
PID:5972

C:\Users\Admin\Downloads\launchеr-pс\launcher-pc.exe
"C:\Users\Admin\Downloads\launchеr-pс\launcher-pc.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4352
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4352 -s 196
  2⤵
  - Program crash
  PID:1140
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
  2⤵
  PID:2088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 4352 -ip 4352
1⤵
PID:5984

C:\Users\Admin\Downloads\launchеr-pс\launcher-pc.exe
"C:\Users\Admin\Downloads\launchеr-pс\launcher-pc.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2020
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 556
  2⤵
  - Program crash
  PID:8
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
  2⤵
  PID:4476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 2020 -ip 2020
1⤵
PID:1756

C:\Users\Admin\Downloads\launchеr-pс\launcher-pc.exe
"C:\Users\Admin\Downloads\launchеr-pс\launcher-pc.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:4888
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4888 -s 556
  2⤵
  - Program crash
  PID:968
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 4888 -ip 4888
1⤵
PID:2576

C:\Users\Admin\Downloads\launchеr-pс\launcher-pc.exe
"C:\Users\Admin\Downloads\launchеr-pс\launcher-pc.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3860
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 556
  2⤵
  - Program crash
  PID:3804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 3860 -ip 3860
1⤵
PID:4636

C:\Users\Admin\Downloads\launchеr-pс\launcher-pc.exe
"C:\Users\Admin\Downloads\launchеr-pс\launcher-pc.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:2540
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5160
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 564
  2⤵
  - Program crash
  PID:2928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 2540 -ip 2540
1⤵
PID:5920

C:\Users\Admin\Downloads\launchеr-pс\launcher-pc.exe
"C:\Users\Admin\Downloads\launchеr-pс\launcher-pc.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3260
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 556
  2⤵
  - Program crash
  PID:680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 3260 -ip 3260
1⤵
PID:3224

C:\Users\Admin\Downloads\launchеr-pс\launcher-pc.exe
"C:\Users\Admin\Downloads\launchеr-pс\launcher-pc.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2592
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 556
  2⤵
  - Program crash
  PID:368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 2592 -ip 2592
1⤵
PID:5400

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
c495392f68d5979a026f6b1bbe024812

SHA1
fc9e3271375e017b5e3c5b234471fe30ca904a20

SHA256
00cc1fa958bd782bdf01964a0fac7248f434370621ac2e03a3777030bf5badb7

SHA512
8ac73e4a560f6e60c8b825498b4f3841565aa3f4ba797cde6c38cd9efe34e966d1d992adacbe664752bba84ca80676db2ddcf4fc1667cb3bd3b5f53b034e0221

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.84.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.84.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
c5ef692ad23efaa0a4ef52abffae31ef

SHA1
cf8a7950cff772579afca9b477dadc5a2292490b

SHA256
4b62158eef2a70db592c43a44e9db769cdc98d2857f075eacc1183441daaac88

SHA512
f70bf87ddd4533b98414fff98a29122a8920b09317dd249cf76db5701e5c5c2eae111652c2a325e7c0004bde185ef8d57b68e3ab8ee3650235916b7029e775c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
b7d354dd2e25a8a036bccd0687a3c5b4

SHA1
886442f9ce9c6b0f70bfd37039bf40c88d6f065a

SHA256
005bb23b8de3b53d2d77b0e93188d00e7c57aabf4676267f0e0355efcadcb8c7

SHA512
e4059ab97c2f10073376c0f8a0ec6c6cdafa2dfa6906f0536beb2371ac3a55643e69319b2afbdff471f644bb3480f99589a0847bfffe4fe5079c5141e268eeb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
7d1b1aaf366ce8f0827241ab19cb90e0

SHA1
2d47d0abe42ece2b91468fd635787171b0da4804

SHA256
722dbe210df6debd7872fabf8e07f3bc1b9dd0f55fad17f638ec61aa159ea8ce

SHA512
7443c167e93bef490b3c1bf8e423d66a566660eccb64be6d5053567222426f864aabe6eef979c20013b9ac094daceb217f56d2b81262e5bce090d9ab0b5a791e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5716026d1c3e8fbf3920e10e420aeb18

SHA1
d683d456e1fc56c12860966f57eacab6a50549d3

SHA256
37dfdadfe0be6eb734c06a0389ab04915d146e572c90fa697208e201807745e5

SHA512
851edc9c8522793c86087f46421ae62964f476cbfa04c1ea2b1b16399f3880e7dc9ed44f607c35da6f4ee6be7bb0f0906673907e986801258349406beda30d5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f7e63e37f7b6ab591eac15160ce08850

SHA1
eda5c52cd64b5daa400e36b4e5b0c03d175f0286

SHA256
5daf771e3ebf6f5a31da59745134e5ec4f9809a00609e8ae6034ad57d728c95f

SHA512
489a5577a5b281c342d8fd179b19c847735768be003419866652d020cc01545de45bf9c66fe063fe265fd13550a894ddc0e18e29c431c2740219d9ab6be1ac7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fda4f94b86d9ca4cfe8c676bacc98b22

SHA1
747cc45bd3163e02ec4aed82361057ddbe7c2185

SHA256
15e307b845c3398fc386c6bb0a4b14d2aa867ac4edfa07f5b0465de1d1978373

SHA512
f1dbbda89a0b9596d8ce47e6ed27aa2b28cdb3a02169776a10f12d849c2fc6e2671ea0d1d244e68febcca62fbc9477577fa10454d22cd04c3a4dc5f78348015b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0acf41cf15b6b06b3aa3a2d8133edd64

SHA1
7aaab8ac97876ac82ba1770e4d5e97198f1bec8d

SHA256
1bd67e478c0c08abf62721c5e3c096c6caeccd9bf4943a2e783c6d0d283f5327

SHA512
e7f0b54a43ebf0d5a61a9b61d87c861d742524436aabd3fab8f2eb1fe4852c663f5dea1441f44e56227cca794eddfdc1c1f56ae96ab2584ebe85d216a9ba0b77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e307972d1786fec2f84c3f293135f211

SHA1
5f6b1231380a4533f1a1522e657bbbb37b6b8bc7

SHA256
b2aa19af8adf5ff4f78f970e558cd42f161c09e7b148176ccd9063d1de96b6d7

SHA512
100c51db8bc2da8dd14c4b6b3afa9d6b0d1e26933a18fa7b46ee98b82b2f6819f8102fef07f70398425456e36eb93bf19093e2da59bc0e17a7d8b1cbf15ed269

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
160e22d17be999ecd1f77b3fe33d4c9b

SHA1
4eae126f8eecbb60dd3044872d857bce58de7ec5

SHA256
68097358684dc2251487c48cb17fe04b54913fd7e91ca2f52761f6a36d0dbc25

SHA512
42a79863667c22985b9f50a1b1e6ad466d20c5a1a6afd9be6d7d8b3b395196039f4c31d21c6442c62adcdbc7a4ff71cecd44a99c28c4ad381f3da5fc46130296

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b1bb52f34765450801660794b289ac5b

SHA1
a61e515027dcf7ba791b3ceff35def1ed36c561b

SHA256
16f5addccf6424d643935e545347f237f030b6f32c28f53b4d477a21dc739972

SHA512
d6782ca39550256c21b1aedde5534592956d672cf97e97317f55c3c359427a565e6621faeba335b8d6db6cd984e8574a6cc71b3d07aeef9cfba4d8a29ec1d726

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5fa3184e83b1b7202fb9d5e235f60abe

SHA1
2933ff159319e1f48fc527e9bbaf2cd72bda0567

SHA256
e9f5939e430a288c5fd64277ac2277b268873b602fb4042fadf3eeada25c5b84

SHA512
99d0252894e35a47398dcac4738b312e013d78981b0aba96e9f50a80611d697c3006b59da1bebad68c5675fb3d3608e5f2af3cc4a459492145e5bc31503f1dde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0762760a87aeb07f8826964699a094a9

SHA1
984fced7e7095b6f7dd36762eda2420fdfc42f77

SHA256
abf270d0adad3febe69cdd3592a8211817f1740c37b34f40a8bf93cddc857c70

SHA512
38c310327f032bb29425bd7475d2c0509a2eb140b2f7f209ad2651a825d05c06a431e21c0f6637a6971e7a5c95c8ff8d5096e99c47d8760ad9fca5dd3789453a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cccfdc47b630bfa19991ef329aead91d

SHA1
20ae8542f6852abd629aa7868611e8f86f57f439

SHA256
ae87a69aa054341f5850e7951f06c41a1737ca4b5db5fba0e3975d4eaf956f4d

SHA512
1017a15a58ff2beeba693780a3e56081a2d92b9166bea80ebf85cc302a4ad038b32d93a546b007683ad142e56a032ec04e41599dea423b5a8c2f62cc359a1970

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
851896c31140d03cff9d49785aa18814

SHA1
2a1de037f665f5f80852cfd43122c2806234380e

SHA256
21733d74c7470e4b7f855ef1803a199be9b9558612ab36afca030fd205012684

SHA512
5c741bfc42856bdcaedc301d71706698c42ec6e2de04d1de0e976f6149070e62fd8b3deaae40e983690f6d8b2ed801131384c258b70bbe2c9d1f7c6d573e1bf1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8ee4130cb701e0baaf5e0c7e9cdec958

SHA1
4844d601b616bde756db217388657bed88dece77

SHA256
4cab1b5166057396b124c1ff765a044d04a8fbca1d79179d095c42f4c891e37d

SHA512
cf1a4a0b0744ed079e2e6afaf3a5328455cd7d10cd1b1312e7c2c1c5d3b653692fc91307bf100db524b53892bf5b61135d27dbab5026b1d486e25a7fa3554d56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5c02ffe4ceed8f45428054cf434c66e2

SHA1
3f5f3b79415a8d6858f430d964ac15001e9d9faa

SHA256
2e6303648c1803b9eaa20a8f6f25aec7eb83237ea7bffda5d5f275f725badedf

SHA512
1be4c5dfffb1984661c582466dba3b17ec0bede809833568d5140172b1322c8a01f9b5b2d8bccbb79bdee6b049a5eacd53e18b22f2ca76d8357e2712fbfbe222

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5c1c5a7f3c5915d47a9721a92dace000

SHA1
edf0eb74e45bcabf799b486a569bd240f080168c

SHA256
51382380a76a2f63813867f601f1d47cb90ab387e51acb831b0a89612b6df135

SHA512
433dca8b2d2a5bbc879343d3920b1048e93afdf77d9d6472ed192b2dadf6f0f4e3d8fcc7c69743769ba86877f80ac3ab86e5228028ffb1410c3d1b254397a2b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ba982f46eff8ee75b3e30b5e89921fdb

SHA1
163b207c47563bac720ac45539b2309f8d458c9f

SHA256
8ca4f4dee7c9a0cfe7b694f1e6dd5f8926876a703cc9cea7d95c707108bb8b03

SHA512
eb13c67152617c37c00801202b08f1347393e9d706a8c5a209b8592ca122561525709a7b3b852f264863ddf0f3747f12eece7108226ac8a88b802018843d45ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
058d8d7b0b0385189d81912b8dcb0e5b

SHA1
e1554087b336d17fe9e59f4651aa13d61f1abeab

SHA256
ea9a5febe26575022d2811944cf432fc37fbbd19d89d34c0dbb86353c8aecd14

SHA512
1e03e6be7d475f553e278504dbb96b2513b5298ab17864bc17facc14a847ebe1e911338deaf8c6f6de253c6cd40e80b873395874538ad93439063c0b3743b9c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ecfea83eaff183c8f1160ea81611e4f6

SHA1
33fca8f3a7227c6a66e04379e76feb226bd6635c

SHA256
7de666a21630243a53045644dd04f9005a7ddfa3c94fbe46a64fecd0efe4a67d

SHA512
42cea52205bc5a85927e4acbd4b3454cd7cd1bcb7b62d2a31b886087548350bed535009e6e99bf13d288a30e61d126457cccc86d340736e23deb241b16f820be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6035481d76fa70e7e5cce994baedf2aa

SHA1
2d7f0ef5295352b2a454195b4081b29414d1aec4

SHA256
350f1deddd5a6241615535e16e06e4d07fd24b9729602ae4b4e7f1c0845a06fe

SHA512
2889497d4f3915ba0f6f0e4ef47c728ae151280a93619ff1a215792635239e1b162c842c62f0e37a644a58705bf3519c99e96d4c045ede2a8aeff8dc6bae248c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0d05074da9f12466187682f074d6cd74

SHA1
4f983739b6125cd8939edd51fdc0a9d21e209f25

SHA256
b9ba968e75f3b49d2bd3b10757cb205b5f8e551bcd3280e4e9af07a4c8258121

SHA512
a7498f958bc6c5eab8da6bb361d25487c8d7292fb92a84c7bededad25429414ab923194448f40ce1ae35fb9adb3d6a02d12d93606622892cceb43ed168dd646f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6e9afb68a9aa2fa0cd96b84ac1ac5965

SHA1
03e2b515ace481d48275382f50100820f8f1d8eb

SHA256
a1966db2f3a0e7d095c1d8ea9a86d6a2aa56e8ac6a345ebddefb36412f13d9bb

SHA512
3d6faed55575d60184da00169eedec649e8ef09fffb67d52cee89397a32d6134864d2e4d0935fcc190031298913e2074257f164e6b59b41622a00cae1744eb14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fad0aee2d01d2437cff31e9cd2309ad5

SHA1
dd78907dc6b2c0d9bc9e5200abbd9411335dad66

SHA256
42eb9ce307d9d9150801076e747702c88ced9b9b49a994f4902fb5277fcada88

SHA512
31bdcf53ee7e3c4d00de469645fc2d1e80fe905c58c0ce708d99b893cc6959c349f854d22eae185ce2e00f87839575482e7523987f48609d690579ea088b443f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b2d79790468d2a03c95a1956d935f1f2

SHA1
3a89b217d24f9e4a3e45783afcf5781b9ed14969

SHA256
72e0ac9bc6361b11e442a5a4eec596477527e40abb996b308d551690dede86d6

SHA512
f01c80e8b92eb44833e418133a0a3f92fad311ba76e5ecbe3a1fc80b538d8c435a72f7da99b8bcbfd35801e5236c337f4a6d1147b3767bbe457bf3a0e56ef735

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6c4a1e7b19b6185df84e04fa09397084

SHA1
75a0e71810edccadbbad4b9f546eeee878ac9033

SHA256
93b088e361e4964bcc80c685494aaec679ff6ba55a224877873a9b3d10c1c2da

SHA512
7e5f9d251b5b0c218de2f9191b75a2a1e408006c3d6c92347b4a8879a6dccb1421e02ba88363bbc80e48406340fb3d5a65bbdac9bdebbbf550557cfa18109bec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e79080c8fb8606fde385aeecd1af5542

SHA1
239368106cab51fb92b5a7263fa9bc9c53d0e977

SHA256
07edab05ac70f10205536c74987eb943a6cee38c3689b40e2169939d572ccc20

SHA512
96da62f97383f34be5518ba297b4f5c3f953693faf28d8f53463eedd03ee51f863a7708b53eae024c8a74d518c8e20fef2bc733afb91e3afd2483b3bcdb92d97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ac5eb6eac189cd8ce1039ec6d8f78b7b

SHA1
fd6d0633cfd883d438f238e84658919388447cbc

SHA256
266dcfa65348efd9666ac57af7eeb4d6cea786a85faf90640698eb45718f2ecf

SHA512
f6f037ecdc2a996a496bed204d50c00daf71541050d66136c7104c96b92074ade95b15811e09e25b79f2e0052409c7dd8f2759922b25e03b3a1ea58234bc7ffa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a63e0d24974ed389937bcca48ade7c6c

SHA1
7ee0b46836cbf762c4d0e62e1256a40baf197a7e

SHA256
e0f372569a2b1a1cd759dd12a910300dd6d26aa869f2edc3fe5daf266751f846

SHA512
09c932ca84b80f5db4b50f63df48320909a233833ec52d6f73716dbeb4abbfa8bd7e84002511c924afb7fb08a9d3980815fcc8672f7dfe788b8128172605abbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d1a2f99183ce780e7a06960fff12ca0d

SHA1
f32291dd4341cce1fabf21634b677a0a4509d0e5

SHA256
628d6f7c7abffa55a09c4fcdfee05b58ac5c3190f6c3ea4a922246aa222b4f94

SHA512
22994ae1a294996fac0153cd7850f0b1eccc2c865ce65e385ce46d2e35eaecc8166b06c2b426473adfae1432d7dd661dacfd80a27174d2deae719d617558a4af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
1e35027fe072c75389a0f41baa6c14c7

SHA1
fbf0c605f4fca5275319b16d88a3c59f500abd5a

SHA256
4527578fe480764091317fdd73edf9c3957c3faf04ce44b1affd510ba2340791

SHA512
f87fa4f53c2e6c740996df7a17bc257857e831fdf8b143e57ef30ed59698e9ff844cdc2a52d12a3764d914252656bbabedd117c03c87d80cf5ce5e425c8ffcaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
3ecf7b8fa243ddfa1579201499bbad35

SHA1
669087a09b790b527967fd0f1571f46a0637154e

SHA256
219de6ffdb6a8aaa5648699cf5ba107d11cac06a7daea20764e7e7c962014b31

SHA512
1a4fdc123350f4375a80547d0b16dbe8b327494141db0ce80fcf965fda109e3d60154673df55e38b20e5b49e055a338fcb81b37a4124b69b16beec3c71fdc4d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
dea6ec80edd136056447b2d8166a0221

SHA1
b2ef1330af93c90a7186fd4d094979413b1aa412

SHA256
3478911aca35c313c1cc5ff19ea2d6c1621641af0e1480866282ac593c26d3b6

SHA512
bbb6fcff75e9a603a0e9d045ace78621c25957329c0bacc9d9c4db0c0414919ce03c706a7e21226e81e884c6fe16050378cc9240e67dfb4dd03c99b90e9382d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
5359f148f9b1a4a1c0dee5bc77b8a680

SHA1
572d5d2e4a2aa5397ef238bc5cc61baa516379d5

SHA256
2495ed9f5c884df7209533ab4d969daa2eb4f40bdd7cde2d36e3a4f30ed99a70

SHA512
fb1e872f86047abd96804c40f4596c336b639ecf5a005056188388678009624edd0e47eca0e9b926718c5bfb44f565a43e2ed3e85fb3037468527629781c9791

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
ebdfb92826de4b20e44d6bac79480810

SHA1
0592d319095ed36eea6ef19064c0a6002c2d344d

SHA256
29bd1ed227a65122aa3fc16a42f1eb1d29538d32428bf93b54cee00b77f50e7c

SHA512
d7cb878e4f7977bfcc571a2acc9f02a282c0cab3e3fe69d6d510a0003f8500d92af2379747457bef01d92e8633c0b561ee93caf99ab6fefbc23774759e2bbc3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6960857d16aadfa79d36df8ebbf0e423

SHA1
e1db43bd478274366621a8c6497e270d46c6ed4f

SHA256
f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

SHA512
6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f426165d1e5f7df1b7a3758c306cd4ae

SHA1
59ef728fbbb5c4197600f61daec48556fec651c1

SHA256
b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

SHA512
8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3139a95c-a270-49f4-bcfb-4d2d00bd46f8.tmp

Filesize
5KB

MD5
933d8b78067ee61a90bfdafc2532b9fb

SHA1
9e92cc5a0b5994ea6e1e92dccceb9224ecaedaa5

SHA256
1d8aea27d6de3a6bb8b6a1a7aa69511d1a5f50ce03594349cb0de9019276ec15

SHA512
7643d402b5b04ca55169f187cd1d8b8cb9078b5bc7c49033cd36a1da6288947422a53cd2b79f7bc931db1d12c280d053107d970131c7aa064908148889717b78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f82e77cff20bacb4f5ea539ebe8888b5

SHA1
331c6c0d79334a109f1154264698fb0f8b8b941d

SHA256
9362a7248f3f941dcd845e33c7b2833d09709b6abcb0e3130c5a08c694e2c4d7

SHA512
181255c16116ce436a4cc4ab2969b242f7b266d884928e5a7a72c7c5422d0a33c844b1ad83a7abad6a9a28e1e9276d02331651882feea103d9be3de60e3c585b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
82cee033e5aa3dbc1baf17abf33f5beb

SHA1
202870da07395d008cc681443cccc90d18f10cdd

SHA256
26244c530e18d81b8684e6579d2e027e7d38a33c7d6e68f16fcefb58c1c0dd18

SHA512
237e3c05b226f71f91b56e1570d9aa75f49cb13fd5c3bd9560cc3844a8c75efb142e2f46f54982aafb477afec8f4d42cc84e6132933a379e7d66a36178e949ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
09bc0401ac11bc9e64700db905bb80bd

SHA1
8822cfe35cf97deccb54297b30622a765faff563

SHA256
8c240585716bd981c72444b1e42ffea262a7a4d3630224953ed9ed51a731568e

SHA512
184a210892932a7f6d32a0a54bebf2778af3597a30596a3f77be86dac736742d9676b091b80d51e0ba52d5a1116f05c37106e6c3701e0f0dda5e966631587394

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e10084b169a45c8eaf7e67cbd9f42c30

SHA1
846a910d10d11cba45d41c7dd4edda9518ec628a

SHA256
268d9a4ba7feee346653d2a07bf97c035c1032fe6c4051d42d876aafd666a311

SHA512
c2daddaa76f76c520c2d86ee6aa40d8d399bfb378f02a75f892cb9b4cfea83fff9e3e0f87ef903f02e671609a62cda05dfe038c93eb63a5f09e7c36468b3de21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8eff3b0e9899e865182dd10a2774448c

SHA1
c0a615359482953e918190a8ba232d65c9721393

SHA256
8aab62ee3d9a6f0fd6edbf27f5dd875ec0cdcf5bf68deb4ea59717f80d04911e

SHA512
159212f8457f983dc59e0820017d2b024d7a5c2f15946c96b23b35e5fb6818ff776d09e701b2cd2928b290509e4bd8d6074be9ffc2962e0b3b41a4a59f18d926

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
a13f0ee1b0e80c4efd189222d174ea30

SHA1
d7dc2e8087133fed3c02a570e22811e1722d232c

SHA256
0bc40e9d9f469943c769607f4968ec4b861b94393b2aa5067804664271bb10f2

SHA512
b3d38fc992e3aa5d40e2ed6864f48799462c75aec06460d714e1fe4ebe136163c51ed4c58b11d7bf778591b6726a0f2b152e5757e4e94e99233070d173f91fcb

Download Submit
C:\Users\Admin\AppData\Local\Temp\1e9807f1-2279-4119-98a5-53ee1d0ef34d.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4512_1249341866\16973f7b-c720-4771-b9b4-6ef36fc5785e.tmp

Filesize
135KB

MD5
3f6f93c3dccd4a91c4eb25c7f6feb1c1

SHA1
9b73f46adfa1f4464929b408407e73d4535c6827

SHA256
19f05352cb4c6e231c1c000b6c8b7e9edcc1e8082caf46fff16b239d32aa7c9e

SHA512
d488fa67e3a29d0147e9eaf2eabc74d9a255f8470cf79a4aea60e3b3b5e48a3fcbc4fc3e9ce58dff8d7d0caa8ae749295f221e1fe1ba5d20deb2d97544a12ba4

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4512_1249341866\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\Downloads\launchеr-pс.zip

Filesize
30.0MB

MD5
7814873eb175159cdecb6c6276737e2e

SHA1
ed4fa5112d9092b654c0bc4639ede789f2071636

SHA256
d3f7cb3de3822efc9adac2b898bae8078bdea2806b97a02260c5f10a47647460

SHA512
b02604c9311ed85923bc6d53ad1dd9ec6c93a8c4600986156042c9d7fbce5517a8d4157aa779450f1b8ed67fb75dd34a697eddec09ee25bb641d8d53db132aa9

Download Submit
memory/2020-849-0x00000000006A0000-0x0000000000910000-memory.dmp

Filesize
2.4MB

Download
memory/2540-871-0x00000000006A0000-0x0000000000910000-memory.dmp

Filesize
2.4MB

Download
memory/2540-873-0x00000000006A0000-0x0000000000910000-memory.dmp

Filesize
2.4MB

Download
memory/2592-982-0x00000000006A0000-0x0000000000910000-memory.dmp

Filesize
2.4MB

Download
memory/3260-972-0x00000000006A0000-0x0000000000910000-memory.dmp

Filesize
2.4MB

Download
memory/3780-836-0x00000000006A0000-0x0000000000910000-memory.dmp

Filesize
2.4MB

Download
memory/3780-830-0x00000000006A0000-0x0000000000910000-memory.dmp

Filesize
2.4MB

Download
memory/3860-861-0x00000000006A0000-0x0000000000910000-memory.dmp

Filesize
2.4MB

Download
memory/4352-848-0x00000000006A0000-0x0000000000910000-memory.dmp

Filesize
2.4MB

Download
memory/4888-851-0x00000000006A0000-0x0000000000910000-memory.dmp

Filesize
2.4MB

Download
memory/5696-835-0x000000000CE90000-0x000000000CEA2000-memory.dmp

Filesize
72KB

Download
memory/5696-838-0x0000000004EA0000-0x0000000004EEC000-memory.dmp

Filesize
304KB

Download
memory/5696-837-0x000000000CF30000-0x000000000CF6C000-memory.dmp

Filesize
240KB

Download
memory/5696-834-0x000000000CF80000-0x000000000D08A000-memory.dmp

Filesize
1.0MB

Download
memory/5696-833-0x000000000B5F0000-0x000000000BC08000-memory.dmp

Filesize
6.1MB

Download
memory/5696-832-0x0000000001320000-0x0000000001326000-memory.dmp

Filesize
24KB

Download
memory/5696-831-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download