quasar | 9261f3eefa0aef107e865784d8b8b62d4e7213056dfe535893920a344fa0d908

Analysis

max time kernel
167s
max time network
169s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
05-12-2024 04:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Panel Ejecutador MTA 3.14.zip
Size

1.1MB
MD5

d345c2eb24b0d3806865fda604ad1cc8
SHA1

6b813317f6108f2c242babda58097070503df242
SHA256

9261f3eefa0aef107e865784d8b8b62d4e7213056dfe535893920a344fa0d908
SHA512

76c941b833ffcef6da121c2e2735952ed81cbf7c6a6260a227040d37abf0adaa41461045c69710331345d52d95aac89ddf0a256ebc85fbdb2ed703106999ab74
SSDEEP

24576:ioRau4l48JTUIlfSsqFDxCs3+UgQYuX370FBZa:ioRUv5UIYsqOs3+UPY234m

Score

10^/10

quasar office04 discovery spyware stealer trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

azxq0ap.localto.net:3425

Mutex

e51e2b65-e963-4051-9736-67d57ed46798

Attributes

encryption_key
AEA258EF65BF1786F0F767C0BE2497ECC304C46F
install_name
WindowsUpdate.exe
log_directory
Logs
reconnect_delay
3000
startup_key
WindowsUpdate
subdirectory
SubDir

Signatures

Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar
Quasar family
quasar

Quasar payload 2 IoCs

resource	yara_rule
behavioral1/files/0x002b0000000450c5-2.dat	family_quasar
behavioral1/memory/880-5-0x0000000000070000-0x00000000003C6000-memory.dmp	family_quasar

Executes dropped EXE 5 IoCs

pid	Process
880	Panel Ejecutador MTA 3.14.exe
1984	Panel Ejecutador MTA 3.14.exe
2488	Panel Ejecutador MTA 3.14.exe
2456	WindowsUpdate.exe
4956	WindowsUpdate.exe

Reads WinSCP keys stored on the system 2 TTPs
Tries to access WinSCP stored sessions.
spyware stealer

Data from Local System
T1005

Credentials in Registry
T1552.002
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133778474765707471"	chrome.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 3 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
4112	schtasks.exe
2092	schtasks.exe
4332	schtasks.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
2488	Panel Ejecutador MTA 3.14.exe
4956	WindowsUpdate.exe
644	chrome.exe
644	chrome.exe
2452	msedge.exe
2452	msedge.exe
2504	msedge.exe
2504	msedge.exe
5336	msedge.exe
5336	msedge.exe
1664	msedge.exe
1664	msedge.exe
4408	identity_helper.exe
4408	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
2504	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeRestorePrivilege	3784	7zFM.exe
Token: 35	3784	7zFM.exe
Token: SeSecurityPrivilege	3784	7zFM.exe
Token: SeDebugPrivilege	880	Panel Ejecutador MTA 3.14.exe
Token: SeDebugPrivilege	1984	Panel Ejecutador MTA 3.14.exe
Token: SeDebugPrivilege	2488	Panel Ejecutador MTA 3.14.exe
Token: SeDebugPrivilege	2456	WindowsUpdate.exe
Token: SeDebugPrivilege	4956	WindowsUpdate.exe
Token: SeDebugPrivilege	4680	whoami.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe

Suspicious use of FindShellTrayWindow 31 IoCs

pid	Process
3784	7zFM.exe
3784	7zFM.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
2504	msedge.exe
2504	msedge.exe
1664	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4956	WindowsUpdate.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 880 wrote to memory of 4112	880	Panel Ejecutador MTA 3.14.exe	93
PID 880 wrote to memory of 4112	880	Panel Ejecutador MTA 3.14.exe	93
PID 1984 wrote to memory of 2092	1984	Panel Ejecutador MTA 3.14.exe	95
PID 1984 wrote to memory of 2092	1984	Panel Ejecutador MTA 3.14.exe	95
PID 880 wrote to memory of 2456	880	Panel Ejecutador MTA 3.14.exe	97
PID 880 wrote to memory of 2456	880	Panel Ejecutador MTA 3.14.exe	97
PID 1984 wrote to memory of 4956	1984	Panel Ejecutador MTA 3.14.exe	98
PID 1984 wrote to memory of 4956	1984	Panel Ejecutador MTA 3.14.exe	98
PID 4956 wrote to memory of 4332	4956	WindowsUpdate.exe	99
PID 4956 wrote to memory of 4332	4956	WindowsUpdate.exe	99
PID 4956 wrote to memory of 4372	4956	WindowsUpdate.exe	102
PID 4956 wrote to memory of 4372	4956	WindowsUpdate.exe	102
PID 4372 wrote to memory of 772	4372	cmd.exe	104
PID 4372 wrote to memory of 772	4372	cmd.exe	104
PID 4372 wrote to memory of 4680	4372	cmd.exe	105
PID 4372 wrote to memory of 4680	4372	cmd.exe	105
PID 644 wrote to memory of 3384	644	chrome.exe	107
PID 644 wrote to memory of 3384	644	chrome.exe	107
PID 644 wrote to memory of 3748	644	chrome.exe	108
PID 644 wrote to memory of 3748	644	chrome.exe	108
PID 644 wrote to memory of 3748	644	chrome.exe	108
PID 644 wrote to memory of 3748	644	chrome.exe	108
PID 644 wrote to memory of 3748	644	chrome.exe	108
PID 644 wrote to memory of 3748	644	chrome.exe	108
PID 644 wrote to memory of 3748	644	chrome.exe	108
PID 644 wrote to memory of 3748	644	chrome.exe	108
PID 644 wrote to memory of 3748	644	chrome.exe	108
PID 644 wrote to memory of 3748	644	chrome.exe	108
PID 644 wrote to memory of 3748	644	chrome.exe	108
PID 644 wrote to memory of 3748	644	chrome.exe	108
PID 644 wrote to memory of 3748	644	chrome.exe	108
PID 644 wrote to memory of 3748	644	chrome.exe	108
PID 644 wrote to memory of 3748	644	chrome.exe	108
PID 644 wrote to memory of 3748	644	chrome.exe	108
PID 644 wrote to memory of 3748	644	chrome.exe	108
PID 644 wrote to memory of 3748	644	chrome.exe	108
PID 644 wrote to memory of 3748	644	chrome.exe	108
PID 644 wrote to memory of 3748	644	chrome.exe	108
PID 644 wrote to memory of 3748	644	chrome.exe	108
PID 644 wrote to memory of 3748	644	chrome.exe	108
PID 644 wrote to memory of 3748	644	chrome.exe	108
PID 644 wrote to memory of 3748	644	chrome.exe	108
PID 644 wrote to memory of 3748	644	chrome.exe	108
PID 644 wrote to memory of 3748	644	chrome.exe	108
PID 644 wrote to memory of 3748	644	chrome.exe	108
PID 644 wrote to memory of 3748	644	chrome.exe	108
PID 644 wrote to memory of 3748	644	chrome.exe	108
PID 644 wrote to memory of 3748	644	chrome.exe	108
PID 644 wrote to memory of 1748	644	chrome.exe	109
PID 644 wrote to memory of 1748	644	chrome.exe	109
PID 644 wrote to memory of 2132	644	chrome.exe	110
PID 644 wrote to memory of 2132	644	chrome.exe	110
PID 644 wrote to memory of 2132	644	chrome.exe	110
PID 644 wrote to memory of 2132	644	chrome.exe	110
PID 644 wrote to memory of 2132	644	chrome.exe	110
PID 644 wrote to memory of 2132	644	chrome.exe	110
PID 644 wrote to memory of 2132	644	chrome.exe	110
PID 644 wrote to memory of 2132	644	chrome.exe	110
PID 644 wrote to memory of 2132	644	chrome.exe	110
PID 644 wrote to memory of 2132	644	chrome.exe	110
PID 644 wrote to memory of 2132	644	chrome.exe	110
PID 644 wrote to memory of 2132	644	chrome.exe	110
PID 644 wrote to memory of 2132	644	chrome.exe	110
PID 644 wrote to memory of 2132	644	chrome.exe	110

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Panel Ejecutador MTA 3.14.zip"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3784

C:\Users\Admin\Desktop\Panel Ejecutador MTA 3.14.exe
"C:\Users\Admin\Desktop\Panel Ejecutador MTA 3.14.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:880
- C:\Windows\SYSTEM32\schtasks.exe
  "schtasks" /create /tn "WindowsUpdate" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\WindowsUpdate.exe" /rl HIGHEST /f
  2⤵
  - Scheduled Task/Job: Scheduled Task
  PID:4112
- C:\Users\Admin\AppData\Roaming\SubDir\WindowsUpdate.exe
  "C:\Users\Admin\AppData\Roaming\SubDir\WindowsUpdate.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:2456

C:\Users\Admin\Desktop\Panel Ejecutador MTA 3.14.exe
"C:\Users\Admin\Desktop\Panel Ejecutador MTA 3.14.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1984
- C:\Windows\SYSTEM32\schtasks.exe
  "schtasks" /create /tn "WindowsUpdate" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\WindowsUpdate.exe" /rl HIGHEST /f
  2⤵
  - Scheduled Task/Job: Scheduled Task
  PID:2092
- C:\Users\Admin\AppData\Roaming\SubDir\WindowsUpdate.exe
  "C:\Users\Admin\AppData\Roaming\SubDir\WindowsUpdate.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4956
- - C:\Windows\SYSTEM32\schtasks.exe
    "schtasks" /create /tn "WindowsUpdate" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\WindowsUpdate.exe" /rl HIGHEST /f
    3⤵
    - Scheduled Task/Job: Scheduled Task
    PID:4332
- - C:\Windows\SYSTEM32\cmd.exe
    "cmd" /K CHCP 437
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4372
  - - C:\Windows\system32\chcp.com
      CHCP 437
      4⤵
      PID:772
  - - C:\Windows\system32\whoami.exe
      whoami
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:4680
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    PID:2504
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x104,0x130,0x7fff068646f8,0x7fff06864708,0x7fff06864718
      4⤵
      PID:1676
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,15846293072123166445,4726813521789847280,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
      4⤵
      PID:1260
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,15846293072123166445,4726813521789847280,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2452
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,15846293072123166445,4726813521789847280,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
      4⤵
      PID:4288
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15846293072123166445,4726813521789847280,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
      4⤵
      PID:2940
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15846293072123166445,4726813521789847280,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
      4⤵
      PID:2332
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15846293072123166445,4726813521789847280,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
      4⤵
      PID:4344
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15846293072123166445,4726813521789847280,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3792 /prefetch:1
      4⤵
      PID:5420
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2156,15846293072123166445,4726813521789847280,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5420 /prefetch:8
      4⤵
      PID:5620
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.porn.com/
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    PID:1664
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7fff068646f8,0x7fff06864708,0x7fff06864718
      4⤵
      PID:4388
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,157591244543257354,11117887088220168224,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
      4⤵
      PID:4808
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,157591244543257354,11117887088220168224,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5336
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,157591244543257354,11117887088220168224,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
      4⤵
      PID:5824
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,157591244543257354,11117887088220168224,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1
      4⤵
      PID:1088
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,157591244543257354,11117887088220168224,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:1
      4⤵
      PID:5240
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,157591244543257354,11117887088220168224,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2612 /prefetch:1
      4⤵
      PID:5740
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,157591244543257354,11117887088220168224,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 /prefetch:8
      4⤵
      PID:4884
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,157591244543257354,11117887088220168224,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4408
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,157591244543257354,11117887088220168224,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
      4⤵
      PID:884
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,157591244543257354,11117887088220168224,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
      4⤵
      PID:3292

C:\Users\Admin\Desktop\Panel Ejecutador MTA 3.14.exe
"C:\Users\Admin\Desktop\Panel Ejecutador MTA 3.14.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2488

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7fff069acc40,0x7fff069acc4c,0x7fff069acc58
  2⤵
  PID:3384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1896,i,18283787510361830893,17258312396934917302,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1892 /prefetch:2
  2⤵
  PID:3748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2176,i,18283787510361830893,17258312396934917302,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  PID:1748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2276,i,18283787510361830893,17258312396934917302,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2408 /prefetch:8
  2⤵
  PID:2132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3136,i,18283787510361830893,17258312396934917302,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:3716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3144,i,18283787510361830893,17258312396934917302,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:2500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4576,i,18283787510361830893,17258312396934917302,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3716 /prefetch:1
  2⤵
  PID:3192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4824,i,18283787510361830893,17258312396934917302,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4840 /prefetch:8
  2⤵
  PID:648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4840,i,18283787510361830893,17258312396934917302,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4876 /prefetch:8
  2⤵
  PID:4596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4844,i,18283787510361830893,17258312396934917302,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5164 /prefetch:8
  2⤵
  PID:3040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5152,i,18283787510361830893,17258312396934917302,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5144 /prefetch:8
  2⤵
  PID:1676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5292,i,18283787510361830893,17258312396934917302,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5024 /prefetch:8
  2⤵
  PID:4796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5176,i,18283787510361830893,17258312396934917302,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4848 /prefetch:8
  2⤵
  PID:2684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5256,i,18283787510361830893,17258312396934917302,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4876 /prefetch:2
  2⤵
  PID:4800

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4848

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4144

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1992

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3720

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5900

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5580

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4532

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Credentials in Registry

T1552.002

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
752ce5e51c938420232087c8c4fccbb6

SHA1
3b1d05208279419f61f33821a35258250c381f92

SHA256
7d9d5c74ba5b7aba17a736416dbf6d94e9eb14d036863f0679cbdae615a263cb

SHA512
8e4c50020e8b74625445d4d391927315e253f836b127f1b19c3e2a56a34e1fa231fbdf2b9747d07c4f80d3dfbd1c00dbc147f2cf91b8b0faca56273e5c3a0a41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.84.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.84.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
dd8422e59bceccc65d47f2f95eaa1e2e

SHA1
0703e01af6c390077f04b2b2d1aa4cbe3ab6f31c

SHA256
4a8251204bdd85187bdbbd54c7d60903973607fb7480d0bb9fdf3f95153a6352

SHA512
ad0b0158af7a1b8a819284675e257b8fe21b9c1cd6d3c14641c4191b5c77434e024d922c97ec8149241fdbad1dc613bec1ea7ceeb729dc4a407a01a45a42b379

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
c8b222da65d971da3dda485bbcd6e335

SHA1
442647f87e506bd1a7806c5410ec51d352fd703c

SHA256
5d8f3eb738b1625a78715a879d7faae73e26767d6678b34c060168cbca7c7cec

SHA512
7a18f9253ffb02ff507979658f9340a43637cff12f3b38cf3defdd41ec184a84b08dbaff1682357f751ffeec18a020f2a75316c16ac6d77e83478f9516aa6caa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
be7d987f3de8b6e8e1b4dce1c658ff20

SHA1
a3f824d3c2edf0616527304d7d6fc3b531c0a44b

SHA256
7f51795bde9674d7fc177b0629dce9ed35d5f7888b2b568f99ab30cc54616120

SHA512
d2f099bcbdf9a019b409e3717b340b99d93468bedfc85bc8e11f2d7c58114daeec5c3c2f1c152865aa150849676f65e78cef70ab655a1e16eb38728dfda51e46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6a05f6cda0b5f0b3741a1d3592e7f1a5

SHA1
cd2902ba8681836584e262173e89fbb460d4a5a8

SHA256
63f2a7bc02b0559ff15d1a285029ab5986ec702e250052bbf7be36df1e6326b3

SHA512
14377813955a49c8fb86052e990a6451803fa97c9e0e0318cecea08ecde55c0e54a84ea1309023489648275ccf21c88c9ff834c9b13f9dee7ed16418992cfc99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ec87df0e8339406abe93fbb3649af77c

SHA1
64befd2810ae2964757f37a79623a7ef3be74bf1

SHA256
a462f28d97b86e6500666c315333c8c9a6da9078d7669044a248f1bac38a6e37

SHA512
f33cf66e91d6019e911e22d2afc7c611796f62ab6aa8884df531967404eab0744d3d82f2e312580b846c5b6756047fecec69440083eccbe99da55857953a6605

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8c851d33b22821c9959c0289d6164f40

SHA1
4d05e8df12f94109770a16c8d84a097914df5453

SHA256
c16cd0035c8bef2e679d9b08d6d52645cd0970006cd01f9535403e6f807f4064

SHA512
f330872676010b256b98168096cb12866f682615e3bb154c3d8305b251dffa809be55ecbc992d75bb31b0b647a8d7c4946b7441353640fe52e4c3a287dc9c485

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
407d777646598bc237b1f4d20b3db9db

SHA1
a9631e52f9e1ed1c1daca2d2c51b84aa1cd77ba3

SHA256
9994e9c664a832404d333ffb016b0c987ff92d9c1321fda18ce80c89f0c84797

SHA512
c741e3666a1a5a355d2e4f64583297b37b6709f265c4fc67e8c2fabe7d6df3d125904870961919b1a3572aac3f89c738c6c9fd767b89424d42197032fef55e3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
61fda0d3d69bf586f0c65f990e73512c

SHA1
cf9f5f3e3da3d46f7322b1632b273ab69c2ac608

SHA256
c853ad23e85006f347feca37801791ee92086c3208394af8d230cdffad9e4756

SHA512
0027b964832ca4ba57a934d2b0bb687709937096d7e05dc1e0972dc036aea14892a0348b5d7d097a9c6c5a197c26afce8eb5ff9b02c8ccc99cfe090e84436f7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
f26be230a9292b1fb3e3821ce12b3fae

SHA1
c2203b8c846465e8f588132edde357111902c5b5

SHA256
f0fe36d3bd76cc9515b74ec90f45a9f32c2bb0d7493b12ecff6297d248a1d8cf

SHA512
3e64ec3c5de461897d692dbe8407418aa5d29497990e5932eec4893d154f51c071443ca7d8be80e6ba26459b13ff0fd4098beb3f62e69c61de68235f1f650f86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
236KB

MD5
88fd276d0ba757ab9f9f18437c8e386d

SHA1
b4d48791dd84bc8edef5578b1c67ec15cfb62c7a

SHA256
f6a3a40c97d8cd8fde472322c078bc96a95564ddfed2ba75e5d945504fed00e2

SHA512
99d22b8ce9cc100c52655e26906b42707f3032b06b61e9794c68a5951f8137fb3930e6b5f756391adc4d49b8b87cd81c9e03d31775e5660372927fa93ceb90b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
236KB

MD5
b0f617641760ea2e2a47ab59ba0e5926

SHA1
2a280c02be94c87c5a64b162f173fb2a920ac062

SHA256
a78c2859c35e7cb11168a4702c66bbc6f7ec70afa7923a9fe1ac245813915ae3

SHA512
1f322d7556d726b627df03125d94557d8f3320ebee5445581e3000d5b7dfeca590bceea919811214a88b2dadcde0aa9f7422954d98ecfd0dd1a4f4aa7b65e8a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Panel Ejecutador MTA 3.14.exe.log

Filesize
1KB

MD5
b08c36ce99a5ed11891ef6fc6d8647e9

SHA1
db95af417857221948eb1882e60f98ab2914bf1d

SHA256
cc9248a177495f45ec70b86c34fc5746c56730af36ace98ac7eb365dbafda674

SHA512
07e62581eace395b0a9699d727761648103180c21155d84ea09140f9e1c9690705c419118545aa67a564334bbde32710225fe3aa92b0b4b4210cb91f0058b1ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cc10dc6ba36bad31b4268762731a6c81

SHA1
9694d2aa8b119d674c27a1cfcaaf14ade8704e63

SHA256
d0d1f405097849f8203095f0d591e113145b1ce99df0545770138d772df4997f

SHA512
0ed193fdcc3f625221293bfd6af3132a5ce7d87138cd7df5e4b89353c89e237c1ff81920a2b17b7e0047f2cc8b2a976f667c7f12b0dcc273ddc3b4c8323b1b56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
467bc167b06cdf2998f79460b98fa8f6

SHA1
a66fc2b411b31cb853195013d4677f4a2e5b6d11

SHA256
3b19522cb9ce73332fa1c357c6138b97b928545d38d162733eba68c8c5e604bd

SHA512
0eb63e6cacbec78b434d976fa2fb6fb44b1f9bc31001857c9bcb68c041bb52df30fbc7e1353f81d336b8a716821876fcacf3b32a107b16cec217c3d5d9621286

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
39e172e21217c0371738d7559f70a391

SHA1
404e8c79fa39d993a8002dfafdd8fec7abf8f38a

SHA256
83599797c28630630d73ff04bcba53fca86475204af5dc4074f8336713452dd0

SHA512
16fe59d18d3c200dad9224d6701abcc8a5e53089be7301d18d9adc0763518194e0aff038f1f2d294d9ca32e51b0d949cebdc5c9fd0d0a5b943d1c98c4fabe5a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d0a14ec7e85547461e4ce314b10229fd

SHA1
59b42353d76628c7594c2e2de87310d3b90b323c

SHA256
b82f4943893abc7a5415e9038add0c38398e9688c8c6d5b70724274ee9972fcd

SHA512
a8d9329320344af44acd31f567fe21a238412b381b8ff01e4762ca3cb723397cc3446a2f015fea7c6148cd7a27065713ef7a983ef5d0660404dbe736d0b6e447

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1bc40782-b601-4dab-b8d8-8aa2163c839c.tmp

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4283f15f-4b40-4123-a8e2-efeeea6b787e.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
8f45d2e0a9a757753d8ad8956c863242

SHA1
1741ce1dedf3ec02dffbb4adf937e08dd0b4f31d

SHA256
9b0dd7aa24754ed6d1404dc83b846a8f2311b9ab2d2bfc43d95ab71c87567650

SHA512
b17a45ef9c5ae082b3c505d76efda646d3b95172df9630ebdd5deea0cd8d7caf9ffa88432ca6de164cda40e5945c5fcf7a4170c39fdda469dd591cff8584be3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
a0a722691021ce9a34e5b0f145a9a51f

SHA1
de20fac3e6bd47d85753aa3d73fff600db943c9a

SHA256
9a2e02902a92779ec32804d3bcdefde23bcbf38d463dc384036ef1e83b69dea2

SHA512
b1f4387255fce4670b738263d929af2eb0e2d47b9780e4613039feb8ed7e844b8f0059992e4b30e8b397cf1cb1c7d69df8610ae410effb679e1437f30239ddef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
16d307290dea0b03a5a856f7f3178bf4

SHA1
a87cac25748243d58b4f45cad0da31fa8e76038c

SHA256
9049c9770cf0f15fccbb7ddb39403d576d2232da67e28430b873af5b4e97435f

SHA512
f684d16fd0423b17e254336b0a9520c6837a0ac93543714a7a1810390ae6bc9538ce741bb26e6a4131683c6785e555eccd306920025ef453ddcd7836f178b0cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\index

Filesize
256KB

MD5
ecf43e5efb2155fc44a6633323cbbaaf

SHA1
d9b3aa6a4f22853fa40e8cf4dc63fe896fe2637e

SHA256
50f2d0d1be8073de56a75693ea153bd9d69851e54ae266c70576a0990e397683

SHA512
3c840db39f12885a7e4a9df9bfac23019e623739357df9b9dd997508f47ba7b37b6533faeaee9b46adf2d3a5a2784e2ceedcb86bfcca0e83be9bdbc774d6f0a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
d12afd51d272d164e315c319d0591d54

SHA1
f8b565f8f24b4a5adc96da00e81ba4bd083219d0

SHA256
c4f2b1c421a825b9c500f84e756d64f2938b314d3a0d837fe39925c5f3cc4cde

SHA512
d180e96e972ae906026f739fe8d3a0855aa718052dc9ef8b15ca6900001d8c5a0722978cdefd785965e31f3588b48186b8e173831e5c02a5614fea77b9ea458b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
444B

MD5
1c19accf4e39947395551b4910f77415

SHA1
b560398f3d28c5841378212d309d4b40f86068e6

SHA256
cdd6c57482f9a8ffe7f985ece0843dfe9509ccb4c79e53232b6e99e39b7aef48

SHA512
84f4ce52c85bec8a782e1eb2b1f08658f2c2d6a507e312387442ce596eca50d586a4a5f82bcaf3ecb6a857f6835eacdce52534a864767f2b0bcf03dc9fd27376

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
782B

MD5
c5f68c0f36420f8ea6df2cc116ddc7ed

SHA1
46cb8705bf30cf94bdce69003d05ae383b21d681

SHA256
6c1745230072b0c23009fc9bbc4546830d8f392e55d0146108653c18fc05a025

SHA512
224fa64bd7b304ecd641097d3ef3546964a4cdc1868e29a386c770e7dbf4bbed4f136b9fb915e283551b422e9e4e74c8f9cce4a2006440fdaab93d9999cd056a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
293B

MD5
b850cf9cc900688ddc5c3de6b5454071

SHA1
d1826e63eda6a9b8e71c5c7ffb22a043a6361a24

SHA256
3d82063eb35219a4c8ef27935b554834e569fe4eca5785dff6af457b7083978b

SHA512
0cc4ae38b295880aa772350ca5be552375682af9ad327bda07889fec6d542c85257a2e7492de592817a84d7106364a2d490e1d9eaa5e1e048386f669ea82624a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
506fbe1c1548a62f7a541c6616464a35

SHA1
9f258f9fa93a3cfb875d0e7697d8995208f61df9

SHA256
4ed5ce8ee12c453492cdac656665d33e53d407809ed80310604e88fae67fc2d8

SHA512
bffb0c04d93ac8409cbd23f1a20be2be1d05ed3a7755d1249af8ce421f23c186a476c41c9f8d3566ffcd14aad63cdf80f5925fae196babf30aa739f3aa6cb089

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe598822.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4fc04d1b30cb8f31244664d878ca0823

SHA1
a56875ebf29794b63b7d04c8396696420d517ab2

SHA256
006b21d1da28bd6c41b9bfc3196caa47691a9f83c8c9f61e59171a1ed75bbf77

SHA512
c3a2402d055915addcba94d068b969a4a0d7b1f5a9d212d60752e4365d4b68d2b8119cb5d39b8dc7ed87fd1941a93cbccaf4f7a246cc21af1d4b5b69b534a508

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
76165b0f5fdb6a4d94394518cf9686d0

SHA1
1b1ab4b905db5b4ae46d255a9fbc6a403934a540

SHA256
910abcd1cbe90fb06f1b5cbb7e017ae5cbbd78d88e861ae176fddd374e9b7ec6

SHA512
60d882eb1fdcb739aba8103b5c697d6c92c4e48efd0261d6c5d2f35b308e204a05b49ff4489dbaafec1d39708e3fe70126d9dde9974f76ab0817e3761f96cc23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5ceef0a206559255a90b83abedd5a1dd

SHA1
fb15c260619e67c41189645382e70885fc05883c

SHA256
afc2f6c547012c9a6dd15a8259078d358e349e5d7673af120bfbdb89eb0655e4

SHA512
3673e41c901f1d1a34f89c8168222201cd1214f5bcd7c8c546925c34984af8e1fdbe8bc9e1ecd5117b3a4ea1d201b96b5ca578b35f76162916f1bf4753dff89c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
26f7df1d2a192af1021b0cdda56d0ae2

SHA1
43d952c6ce576ae2e67284b1300b50a25e83cfbd

SHA256
f6f1a0f8254306ce9d2bdae0850a204328d5c2e473db079421e9ad5b395294b7

SHA512
32ca90f3fb7181e028783d5ade959142eb9db9d6671b27cdcb6850a239c4ea3df85217fb214a70f26afb5acf2825de24cb7514265953cf4a185f14fdc939d7ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
a9e713ddf7f8d53d31e8a7ca80119b08

SHA1
d1f68b0398713ddb258f8bcdfc3b05dcd13882cb

SHA256
1a5d48b881939b74aeb40e2cdf56d7be873ef6b4f84c6bd108e735224ad7fab2

SHA512
f349d736c5ebd896c12f2029f9f3697df48455cc85e3dc01443e50e59cdd1ddc2a31dcc963d6401ff21ad699d9d38a10ab21048941284ee588788fc236c2e574

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
5c2d5c900312f44e72209416d45723cb

SHA1
68fb8909308589149399c3fb74605600833fbbc1

SHA256
56f7a77549e5fc45bd4b1f7c2db3e8b4bd1dd9234545207613a80342cee8e7d8

SHA512
07c2920cff7c1125e3a2fe66bf21d8606a1f2a3d36be2d8e136da0d2a21130242ac8324f18cedfb0040304cf804815861767c969a6923d8db851312bf9b4348b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
3b964859deef3a6f470b8021df49b34d

SHA1
62023dacf1e4019c9f204297c6be7e760f71a65d

SHA256
087debdcfba4666c03a5ea699e9bb31cf22ef4e0fad7c961cb0b500e5d262fb5

SHA512
c30b7e1b28820a5815b52634b46cb210c241704e33e41304400cb3ed29e82ec547a1068fc819350b368456bcabd27034afade5add3251dc74e4174f51b6c7adf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
9a29d9ddcb1d8b542a2c838e62d2a39d

SHA1
191ba35e7796fbaeea93878e7d0132620f33606b

SHA256
b8d2fc154885ac8bd970a6156104987fe076d48c35d7e4e0ecfd40013a4a7d7d

SHA512
c005c1308bb706a4dfe57025d53168b03cfd33157ae5da020200c3f68a70c7ca37d72fa5dc7de7b8d27522d4d689a2455d89bff555b7e66670d223d87b02133a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
9f639e1c7ab9ce6673e96e1e7c9f8cf0

SHA1
8705e8e4bf08cda8f89369d8c55751da75e1a87f

SHA256
ea236d6f20301a151c96162393a575d260493150bae4527e1ee355ba6562e04c

SHA512
f2a4161d12372e6339e2f406b67aa225b4b669f66dde5c7b6783a6df54dc4a35b527aab625b22f4ffcb949b2921aa94500ee8815e9cfc55bc06388d28ef05017

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
0f181086b4708c613fd39c04fe297725

SHA1
29e826ba26a297477dc28af7133d373da49e86bb

SHA256
a25899a5d47cb0b826ad82b0c3416c3e1b8128f59a8e39bd05d7abcdfd5e981a

SHA512
06b827b84c7eb37d12bd3696d70b3068b028895e007c847ddaa905e7ff143a00f6c6612f714e53c98368a19b4555508a3b33b227e5ba6cd21cb1cc87e2ecf5f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
48B

MD5
312cac219d6d9be61f2bc357a8a00e0d

SHA1
e69e4340a401ac27c30dc0c8820f61934eadf598

SHA256
347d8e500a18208a9bc1b62503443b2ceac6aa59e5d56f7d50e284bb48bf06e6

SHA512
4cee8f9ca50c60d4104747a7ef3b910bb23b65cea1c11bc12406ff4ae93c279a49ebb0c2179484153b40f995424a866ae3cca3c1cbe504d91867ca38f685864a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5987d4.TMP

Filesize
48B

MD5
d3459f08c855b80f708e848a24b93ec2

SHA1
96c1d30863b615c5b2707420ef69b25f7b2e3e49

SHA256
055ff48430c3fbde90f24fb5540d868e93fc63438373943a9ab3a72c637d273f

SHA512
03bec2327b98e356bb50b5e502894629b0de9888ad10e6be45b494edb8a3de1653f50c0ed7bb76539d46e23e0d06a0e0debea53b990719ed2263afada0312324

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13377847514254351

Filesize
3KB

MD5
a66d24b44aa69f920cb50ca902cd8216

SHA1
62ab35a2ac034e19c354d31c4e33d86d28fefba3

SHA256
26603a5922144d0fa85cdaed86eaf4351b3a116ae654824c3104bb78cfd132f0

SHA512
3b58fb0f3ebb2c8eb7a1ea7328bc6138cbf073badc6c11e761da9cfe00a25f7324fe0a436052a5dd83a989722360e41c22365b24352cf960d132d57594b97b5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
5c7fc2cd2b9cd1517f72bce500ed8bbb

SHA1
624e4de1087323be5d547e209eaeccc34b2c3d9d

SHA256
3d600536bd66d7df2b62e587db1010077b0a5fb169c55cbda53468843f6d7101

SHA512
6e4e2d3b3b0742b27375c1a3acb61041a4dfc6d3e09f341e3322850576e2dbfa034afee5fa121ab3cd26b5abff7650d3a0159720d14443b303e44fc0e4b4d676

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
0a03ae94a6ba7d53f9ab4eb3f87948a0

SHA1
4e841b18b7b6a6860e29a6e7fdcdbb2f69cedc69

SHA256
a288a3feb98b51b06b7705e2abc6a48d9560e277a70d0c51fb0fe0f70ab7b1bb

SHA512
92483dd2f8e206de2e1aa9a934c7597c3a15d2bacb7e779ec80415057b91cac5f72d1ed4040bf476fe97f1e6a5c4424d9b64dc3769e4c0e67126c27687fa9716

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
81ec7acd455aa615c67ec75838266f90

SHA1
186fc5020a134d75eab00ac2311a5c9f6a5dc9bb

SHA256
1e0773f99f01325a2a0ea4281208984ea238e5a3de12678119b8868b2c65d328

SHA512
99dd456fadab190971c740946c74e6f6e6d0460c4edc12bc28f5a16b081c904cb7de736b76b55a1e5c64f191754ab0bc880ddcb82c2829b6c240a067bb948781

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Top Sites

Filesize
20KB

MD5
f44dc73f9788d3313e3e25140002587c

SHA1
5aec4edc356bc673cba64ff31148b934a41d44c4

SHA256
2002c1e5693dd638d840bb9fb04d765482d06ba3106623ce90f6e8e42067a983

SHA512
e556e3c32c0bc142b08e5c479bf31b6101c9200896dd7fcd74fdd39b2daeac8f6dc9ba4f09f3c6715998015af7317211082d9c811e5f9e32493c9ecd888875d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
6d72b9013447ae55d4a7d8888483d118

SHA1
3e032217255039386a8b2b5d1d948287428bc9a0

SHA256
cffc6a3a2a214b911d87c6559c4031ee58a56eafa02b179274d55057ff874f76

SHA512
ec77be7abed310149f79a758fbb0049c4cbaa93d3bbe9454dcc62bbdd19bdd30e6c9800435b811a0f8d2581af09141802b12e180b1e07e4d98d93b5aba2c6b4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
116KB

MD5
1771127614f5f8dbb9a4fdd54dbfa6fd

SHA1
73bad2ba8b2ee41b91e9c9ed0a2357cd25d72003

SHA256
671b951119dec66d84520cd4e4b176493e076a5374b4e41777ea5d49eca2aac6

SHA512
7ca90eaee2e321f9a7181badc50782ef65835604231b850835c49b344281216fdf0cf66c18b8898050face91e9b3e40b3766a0b30e436cfb208bdc5ff747a287

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
709432be8fe50afa0d1e77dcaad295d9

SHA1
6419b0e584d1029d22b126df2e98927f0dbfea3b

SHA256
fff66deecb8dea82b3c5188a8929adf3858b3a031bbc1f5fc76bd4ed993933f7

SHA512
8fd27c3286cef0cde750548d55caa3532719905f1f00a8e38d4d3f50bd1239568b08963a12c586a64f522d4ac255bb294d973ac5c1079efdc7b0efd96132dfa3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
19b10691b55bce69260e98622508ecfe

SHA1
c13751d57e13b174192931970fb0a6be66bbde55

SHA256
a7d19eb94c75160d4c0ee166631af0512c9c822505ff73db70f6489e9451ed3d

SHA512
d721949a24bb0677ef01c41563aacfb6fb3b65c05988f4ce58a0f583e38c1e9b132252f32ecf822452958692ea9879f80cd86bec1a4625e64144516a8254045b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
7dabbac156a22b4a826a1068cc7cf059

SHA1
1679c0d40a92f82a83814d15f743dc3ab115918e

SHA256
a075ad39453398c8a25cf0d3f053c07e3a2696db371c2815dc735bdc98991618

SHA512
47262cb68af938a9f6fd5a4bbb2e8acbe45615926be8e238bf379be3bcff551b5e3832c9605e18d31e72fbf0d750cea71f92caf17b109cc88259c9a4ac0b4a69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
4459bf26eebf0293b75c624cdf1c6b23

SHA1
2a0cf63d7d2a2a729b1b84e221955a5ab46f2e47

SHA256
2ddd13a6fc974d25f11c33a905c39ba8b6d266f7c58a93a41e5ada5975c821c7

SHA512
f9246c653ea54d90833734d359ebba743e97a7978639a8c48f64f2b026affed9281e65a44d12af2224e0493df1e3ca3dfd8fd101bd4c5170471b5dd6dbaf8f12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
5e64277713abd5c12a4655ec3b29bb44

SHA1
974e87515a975ab538e9cb31b3ca03de3adb14a1

SHA256
2705a90e06711609c5a6a56512cca8cfeb7c8e14c105649a14d91ab145644521

SHA512
f95c5753bca14afb62bb726da1c0cd5982fd4c9f15c8e1260843c6a6e73f53d65031c63adccfd827ae90b5b91e9ee0dd58592e2187f6db50ac134a2ffe4bd4e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d02d347eea50b86ad602ecdfaadd7b26

SHA1
d6a992a72fd3607196d7d38df02f13f26b510617

SHA256
4c3e2e6574bb6b6a89fa0a5308df7c3c6e13e9bdda861682d149f5df33797605

SHA512
db52515e85d1c458855d778d7674101a41548dde415457999cded9812f82f59c05d9eb4e46f950edcf72aea37adb7a54e977ee14be8c516f674459f83633b1bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettings

Filesize
81B

MD5
f222079e71469c4d129b335b7c91355e

SHA1
0056c3003874efef229a5875742559c8c59887dc

SHA256
e713c1b13a849d759ebaa6256773f4f1d6dfc0c6a4247edaa726e0206ecacb00

SHA512
e5a49275e056b6628709cf6509a5f33f8d1d1e93125eaa6ec1c7f51be589fd3d8ea7a59b9639db586d76a994ad3dc452c7826e4ac0c8c689dd67ff90e33f0b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettings_2.0-2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1

Filesize
126KB

MD5
6698422bea0359f6d385a4d059c47301

SHA1
b1107d1f8cc1ef600531ed87cea1c41b7be474f6

SHA256
2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1

SHA512
d0cdb3fa21e03f950dbe732832e0939a4c57edc3b82adb7a556ebd3a81d219431a440357654dfea94d415ba00fd7dcbd76f49287d85978d12c224cbfa8c1ad8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUris

Filesize
40B

MD5
6a3a60a3f78299444aacaa89710a64b6

SHA1
2a052bf5cf54f980475085eef459d94c3ce5ef55

SHA256
61597278d681774efd8eb92f5836eb6362975a74cef807ce548e50a7ec38e11f

SHA512
c5d0419869a43d712b29a5a11dc590690b5876d1d95c1f1380c2f773ca0cb07b173474ee16fe66a6af633b04cc84e58924a62f00dcc171b2656d554864bf57a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUris_638343870221005468

Filesize
57B

MD5
3a05eaea94307f8c57bac69c3df64e59

SHA1
9b852b902b72b9d5f7b9158e306e1a2c5f6112c8

SHA256
a8ef112df7dad4b09aaa48c3e53272a2eec139e86590fd80e2b7cbd23d14c09e

SHA512
6080aef2339031fafdcfb00d3179285e09b707a846fd2ea03921467df5930b3f9c629d37400d625a8571b900bc46021047770bac238f6bac544b48fb3d522fb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTraffic

Filesize
29B

MD5
52e2839549e67ce774547c9f07740500

SHA1
b172e16d7756483df0ca0a8d4f7640dd5d557201

SHA256
f81b7b9ce24f5a2b94182e817037b5f1089dc764bc7e55a9b0a6227a7e121f32

SHA512
d80e7351e4d83463255c002d3fdce7e5274177c24c4c728d7b7932d0be3ebcfeb68e1e65697ed5e162e1b423bb8cdfa0864981c4b466d6ad8b5e724d84b4203b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTraffic_638004170464094982

Filesize
450KB

MD5
e9c502db957cdb977e7f5745b34c32e6

SHA1
dbd72b0d3f46fa35a9fe2527c25271aec08e3933

SHA256
5a6b49358772db0b5c682575f02e8630083568542b984d6d00727740506569d4

SHA512
b846e682427cf144a440619258f5aa5c94caee7612127a60e4bd3c712f8ff614da232d9a488e27fc2b0d53fd6acf05409958aea3b21ea2c1127821bd8e87a5ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir644_509735417\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\Desktop\Panel Ejecutador MTA 3.14.exe

Filesize
3.3MB

MD5
5791d405ca0a97a89eeaeb4f2be628be

SHA1
a012d40aaaa01db12a83b0e4408d012fd383dd0b

SHA256
6c67a1bf1d558b31a790e4bdcef062c9b49f00a1b3d7361dfc8308d55b87bc5d

SHA512
3971447d6a5f1ffe51bb1acc0d2525aa5bca521358c67828e6bd983d68e8c22dfa83ab49109575bc113e13de861682af563a3ed21e5ef48cce1bfcdb8f1f2afd

Download Submit
memory/880-4-0x00007FFF049F3000-0x00007FFF049F5000-memory.dmp

Filesize
8KB

Download
memory/880-11-0x00007FFF049F0000-0x00007FFF054B2000-memory.dmp

Filesize
10.8MB

Download
memory/880-6-0x00007FFF049F0000-0x00007FFF054B2000-memory.dmp

Filesize
10.8MB

Download
memory/880-5-0x0000000000070000-0x00000000003C6000-memory.dmp

Filesize
3.3MB

Download
memory/4956-14-0x0000000003310000-0x0000000003360000-memory.dmp

Filesize
320KB

Download
memory/4956-15-0x000000001D450000-0x000000001D502000-memory.dmp

Filesize
712KB

Download
memory/4956-18-0x000000001BEE0000-0x000000001BEF2000-memory.dmp

Filesize
72KB

Download
memory/4956-19-0x000000001BF40000-0x000000001BF7C000-memory.dmp

Filesize
240KB

Download
memory/4956-20-0x000000001E280000-0x000000001E7A8000-memory.dmp

Filesize
5.2MB

Download
memory/4956-21-0x000000001D390000-0x000000001D438000-memory.dmp

Filesize
672KB

Download