50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326

max time kernel
930s
max time network
1164s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
15-12-2024 03:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ubuntu2404-amd64-20240523-uk.ps1
Size

1B
MD5

f1290186a5d0b1ceab27f4e77c0c5d68
SHA1

aff024fe4ab0fece4091de044c58c9ae4233383a
SHA256

50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326
SHA512

aa66509891ad28030349ba9581e8c92528faab6a34349061a44b6f8fcd8d6877a67b05508983f12f8610302d1783401a07ec41c7e9ebd656de34ec60d84d9511

Score

4^/10

discovery execution

Malware Config

Signatures

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
2152	powershell.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133787069544045412"	chrome.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
2152	powershell.exe
2152	powershell.exe
3536	chrome.exe
3536	chrome.exe
1924	chrome.exe
1924	chrome.exe
2020	msedge.exe
2020	msedge.exe
4900	msedge.exe
4900	msedge.exe
5456	identity_helper.exe
5456	identity_helper.exe
6124	msedge.exe
6124	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2152	powershell.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	3536	chrome.exe
Token: SeCreatePagefilePrivilege	3536	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: 33	5808	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5808	AUDIODG.EXE
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe
Token: SeCreatePagefilePrivilege	1924	chrome.exe
Token: SeShutdownPrivilege	1924	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe

Suspicious use of SendNotifyMessage 36 IoCs

pid	Process
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
3536	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
1924	chrome.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe
4900	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3536 wrote to memory of 2856	3536	chrome.exe	89
PID 3536 wrote to memory of 2856	3536	chrome.exe	89
PID 3536 wrote to memory of 2296	3536	chrome.exe	90
PID 3536 wrote to memory of 2296	3536	chrome.exe	90
PID 3536 wrote to memory of 2296	3536	chrome.exe	90
PID 3536 wrote to memory of 2296	3536	chrome.exe	90
PID 3536 wrote to memory of 2296	3536	chrome.exe	90
PID 3536 wrote to memory of 2296	3536	chrome.exe	90
PID 3536 wrote to memory of 2296	3536	chrome.exe	90
PID 3536 wrote to memory of 2296	3536	chrome.exe	90
PID 3536 wrote to memory of 2296	3536	chrome.exe	90
PID 3536 wrote to memory of 2296	3536	chrome.exe	90
PID 3536 wrote to memory of 2296	3536	chrome.exe	90
PID 3536 wrote to memory of 2296	3536	chrome.exe	90
PID 3536 wrote to memory of 2296	3536	chrome.exe	90
PID 3536 wrote to memory of 2296	3536	chrome.exe	90
PID 3536 wrote to memory of 2296	3536	chrome.exe	90
PID 3536 wrote to memory of 2296	3536	chrome.exe	90
PID 3536 wrote to memory of 2296	3536	chrome.exe	90
PID 3536 wrote to memory of 2296	3536	chrome.exe	90
PID 3536 wrote to memory of 2296	3536	chrome.exe	90
PID 3536 wrote to memory of 2296	3536	chrome.exe	90
PID 3536 wrote to memory of 2296	3536	chrome.exe	90
PID 3536 wrote to memory of 2296	3536	chrome.exe	90
PID 3536 wrote to memory of 2296	3536	chrome.exe	90
PID 3536 wrote to memory of 2296	3536	chrome.exe	90
PID 3536 wrote to memory of 2296	3536	chrome.exe	90
PID 3536 wrote to memory of 2296	3536	chrome.exe	90
PID 3536 wrote to memory of 2296	3536	chrome.exe	90
PID 3536 wrote to memory of 2296	3536	chrome.exe	90
PID 3536 wrote to memory of 2296	3536	chrome.exe	90
PID 3536 wrote to memory of 2296	3536	chrome.exe	90
PID 3536 wrote to memory of 1512	3536	chrome.exe	91
PID 3536 wrote to memory of 1512	3536	chrome.exe	91
PID 3536 wrote to memory of 3044	3536	chrome.exe	92
PID 3536 wrote to memory of 3044	3536	chrome.exe	92
PID 3536 wrote to memory of 3044	3536	chrome.exe	92
PID 3536 wrote to memory of 3044	3536	chrome.exe	92
PID 3536 wrote to memory of 3044	3536	chrome.exe	92
PID 3536 wrote to memory of 3044	3536	chrome.exe	92
PID 3536 wrote to memory of 3044	3536	chrome.exe	92
PID 3536 wrote to memory of 3044	3536	chrome.exe	92
PID 3536 wrote to memory of 3044	3536	chrome.exe	92
PID 3536 wrote to memory of 3044	3536	chrome.exe	92
PID 3536 wrote to memory of 3044	3536	chrome.exe	92
PID 3536 wrote to memory of 3044	3536	chrome.exe	92
PID 3536 wrote to memory of 3044	3536	chrome.exe	92
PID 3536 wrote to memory of 3044	3536	chrome.exe	92
PID 3536 wrote to memory of 3044	3536	chrome.exe	92
PID 3536 wrote to memory of 3044	3536	chrome.exe	92
PID 3536 wrote to memory of 3044	3536	chrome.exe	92
PID 3536 wrote to memory of 3044	3536	chrome.exe	92
PID 3536 wrote to memory of 3044	3536	chrome.exe	92
PID 3536 wrote to memory of 3044	3536	chrome.exe	92
PID 3536 wrote to memory of 3044	3536	chrome.exe	92
PID 3536 wrote to memory of 3044	3536	chrome.exe	92
PID 3536 wrote to memory of 3044	3536	chrome.exe	92
PID 3536 wrote to memory of 3044	3536	chrome.exe	92
PID 3536 wrote to memory of 3044	3536	chrome.exe	92
PID 3536 wrote to memory of 3044	3536	chrome.exe	92
PID 3536 wrote to memory of 3044	3536	chrome.exe	92
PID 3536 wrote to memory of 3044	3536	chrome.exe	92
PID 3536 wrote to memory of 3044	3536	chrome.exe	92
PID 3536 wrote to memory of 3044	3536	chrome.exe	92

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\ubuntu2404-amd64-20240523-uk.ps1
1⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2152

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:1220

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:4872

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffca2adcc40,0x7ffca2adcc4c,0x7ffca2adcc58
  2⤵
  PID:2856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1952,i,11205418617073895803,181589762995650283,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1948 /prefetch:2
  2⤵
  PID:2296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1712,i,11205418617073895803,181589762995650283,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1984 /prefetch:3
  2⤵
  PID:1512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2204,i,11205418617073895803,181589762995650283,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2200 /prefetch:8
  2⤵
  PID:3044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3088,i,11205418617073895803,181589762995650283,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3100 /prefetch:1
  2⤵
  PID:4640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3108,i,11205418617073895803,181589762995650283,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:1752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4452,i,11205418617073895803,181589762995650283,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4468 /prefetch:1
  2⤵
  PID:3740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4300,i,11205418617073895803,181589762995650283,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4268 /prefetch:1
  2⤵
  PID:2508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4312,i,11205418617073895803,181589762995650283,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3364 /prefetch:8
  2⤵
  PID:1648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3424,i,11205418617073895803,181589762995650283,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3400 /prefetch:8
  2⤵
  PID:1900

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3152

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffca2adcc40,0x7ffca2adcc4c,0x7ffca2adcc58
  2⤵
  PID:2456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1812,i,5623923211632508486,10707570857716625237,262144 --variations-seed-version=20241213-130109.462000 --mojo-platform-channel-handle=1808 /prefetch:2
  2⤵
  PID:1500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1844,i,5623923211632508486,10707570857716625237,262144 --variations-seed-version=20241213-130109.462000 --mojo-platform-channel-handle=2064 /prefetch:3
  2⤵
  PID:2500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2216,i,5623923211632508486,10707570857716625237,262144 --variations-seed-version=20241213-130109.462000 --mojo-platform-channel-handle=2236 /prefetch:8
  2⤵
  PID:2560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,5623923211632508486,10707570857716625237,262144 --variations-seed-version=20241213-130109.462000 --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:4164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3176,i,5623923211632508486,10707570857716625237,262144 --variations-seed-version=20241213-130109.462000 --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:4428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4428,i,5623923211632508486,10707570857716625237,262144 --variations-seed-version=20241213-130109.462000 --mojo-platform-channel-handle=4404 /prefetch:1
  2⤵
  PID:5088

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2636

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc92e33cb8,0x7ffc92e33cc8,0x7ffc92e33cd8
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1804,3893901902297537182,12828922398993040995,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1932 /prefetch:2
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1804,3893901902297537182,12828922398993040995,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1804,3893901902297537182,12828922398993040995,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
  2⤵
  PID:2292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,3893901902297537182,12828922398993040995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:3884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,3893901902297537182,12828922398993040995,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:4264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,3893901902297537182,12828922398993040995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
  2⤵
  PID:2748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,3893901902297537182,12828922398993040995,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  PID:4168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,3893901902297537182,12828922398993040995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
  2⤵
  PID:5276
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1804,3893901902297537182,12828922398993040995,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4004 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,3893901902297537182,12828922398993040995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1
  2⤵
  PID:5672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,3893901902297537182,12828922398993040995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3856 /prefetch:1
  2⤵
  PID:5860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1804,3893901902297537182,12828922398993040995,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,3893901902297537182,12828922398993040995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:1
  2⤵
  PID:1360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,3893901902297537182,12828922398993040995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,3893901902297537182,12828922398993040995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:5760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,3893901902297537182,12828922398993040995,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:5768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1804,3893901902297537182,12828922398993040995,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4528 /prefetch:8
  2⤵
  PID:5716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,3893901902297537182,12828922398993040995,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1804,3893901902297537182,12828922398993040995,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6156 /prefetch:1
  2⤵
  PID:6056

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3252

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1964

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004D4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5808

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
76025b9fb7201faad57e95ac873e37eb

SHA1
25c01eb7d9a63723eac365d764e96e45e953a5c1

SHA256
03bb8cf70d96e562ff19d80ef9a01f8255aaa1a6ffa2005dbc004bb718e05269

SHA512
6f5c8680823f3fc01c4668585518a1a535959ec456bca88f81eebe0484dc6cf6bbc40044db4ac7d18798529a20feca039bd986f243db817f27df220a7917a28f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
d127efc2fdd57e0ea8c13252d8f45d5f

SHA1
a9fcc49bd75e45c109f8121ed22f0336ba47fac7

SHA256
a24ca52fb80c5a59172cdc0f6fc5cf86b4a2e18b50386221a90882a3d5453103

SHA512
3f3a99a9cf68f9ba8fb901c302753af12bc39c58d58e46eceece8850e2994247d8ca1ad127357052cdcc18a5e41ee46b6452cc1fcbd3337468fed1de13c466bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
d9b5902f7e9cd3ca1099f153ecd3f200

SHA1
9cb7dd85e90e8a592f1bb1cdb5da78186ab7357d

SHA256
654d7de71d78e84a8339264e33b60556a908571aa7dfa1899493ba5829143c1d

SHA512
e9f08693783a40b8f2324c5df796ba1a1a2739966c3e074c0fe45a04160a649c6522506186d1f04972e00e82aa64938adaa32d73df65851c17d4f21a79146054

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
e0cf88a61defa7fdd743708f39f28f88

SHA1
e97b799106cd74ab7cdb57bef5877207ebc954cd

SHA256
53266677fe773864e3f9f91298e1132f886b7b319edfae797ba125948f97f6f7

SHA512
021d308d4207f5ea1fd09de0a935a7b7f046e42c5cd8b9651f57a01e6e7004e3c8f1137878a5fa0698c3a2d459b5a761315e12aac1c6587e6ee9ab6c1055c525

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
0c91db6214f5ecf8315eb8602ae41c64

SHA1
16f959dc12b3c9852bc72fff9ee74c7d674d23e4

SHA256
435bd888d4776201552bdea304d975022cb88afcc14545003409a18ccd7f70f1

SHA512
47113c84479db4b6702bf71436502e3476855b7bcbba1d4ec6c3a1e33efde3a4b94d556d955bff29fb3e0f56eb2bf92cc6f6b04a69d19c5c37c867efe55e89e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
9f7a3ceece80c567294e3d3aaeded7b6

SHA1
6abaed3c65aa72a2eb6fd287ebe56f5f2f8c6be8

SHA256
9ad598247de6ec8c9f18e905845f0858baeddf06bca798f896a30d7301290347

SHA512
cb4bb3c7ee9d9ee85d4e9aa28e6998aecc024ba934391a4b1b82bd290886d434ed6abb8e656a635e3795effb33e1505ea1ab1e49adb50bd43bc746f25ff0ed09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
2be38925751dc3580e84c3af3a87f98d

SHA1
8a390d24e6588bef5da1d3db713784c11ca58921

SHA256
1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

SHA512
1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
41KB

MD5
e319c7af7370ac080fbc66374603ed3a

SHA1
4f0cd3c48c2e82a167384d967c210bdacc6904f9

SHA256
5ad4c276af3ac5349ee9280f8a8144a30d33217542e065864c8b424a08365132

SHA512
4681a68a428e15d09010e2b2edba61e22808da1b77856f3ff842ebd022a1b801dfbb7cbb2eb8c1b6c39ae397d20892a3b7af054650f2899d0d16fc12d3d1a011

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
80a188d9e7d3c1ae458860eab90047a8

SHA1
ef587339c77c626931fe0bd6e5ff81d7cd32227c

SHA256
fe8a041f2a4e91598452701144578f29666ac3fe0bfc2c134f359bcc1ee3ed7b

SHA512
9c85974a9cf1297356cbd7861182b1152c9efdca9cc127d45608174fee84276f12ca6d590522baa563a2d144911fce95af666591f5d897de9cbdd55b66ea862e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
320B

MD5
79353fc41abfc0167a945f4f0eff5c16

SHA1
9f59c39906758a14ab15c32d631dcd7c1d8aeeb7

SHA256
9aa8b496d5da089c85a77870b541b82b7cefc0ffeb53cb5ad80e0a3d240eaf1b

SHA512
6a229599eef51e49607815e3109e8be12734054905e428ce04e62f334933cb056c8272cb545e538fdda228c78c4b0897b22e6f05453d8fd5f25137b517fa5262

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons

Filesize
20KB

MD5
057533f2e2f6346eb724f55afdd1da4f

SHA1
6359fb2faae0021077d421616b97165bde9a214c

SHA256
581a1bf49311bda46c623f1f9731284b372105b95db861c35a5d7b6c461c13e9

SHA512
621241d5d7e7e8ec3dd3a76e73460574a42264b127910bdb9b45067e3011ffd1c8fa8b3304f98bd6bd3ef5eca914b0fbf4a6d6a19c4cccff45cbdc9f74ec7b41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_0

Filesize
44KB

MD5
5e479e41c8e4b84eb700e2a2b89a1ef9

SHA1
23e76bd86fa8b63e40c88bde68dc09882745a0ff

SHA256
07d2edd431b2c29f49681e2afbd90eb04e306e21b0fbe383fcbc787ba1c07a5e

SHA512
4f1b2cd0ee9da860a26580b407e6b0963e7597f60eada940506abe4a7a8b1b8aecff921ac067e5c3fa4f20f0c78618e8090d3fd48159e61308b524fe85e4641a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
758f87c5798fa9cc348e7411c0a75ac3

SHA1
bcc99321e806deca1e1d65cd759deb7ad701ce70

SHA256
ca163e0224c5b9edd484bfdbb9270182c84209018f9bb01e7acaf5435c1f8ca5

SHA512
42d4741a19050c70c6a957e92e820070959088d925917cb4d09d5f04c55d7ee9cc9011f44764dfb7b42d2cf4c9889c384221c646cc5f35e85c3f72127c3706e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_2

Filesize
1.0MB

MD5
0c8518c5945887379620a6565b4f9967

SHA1
88c575b6f4f962e3a4da1f2b5a09279f33ce72a2

SHA256
2343883a08395228d4e27327c5a0048eaef44851454ed09b4aad6e7ca1c3f4b2

SHA512
6ac080fab764c35161cbd0017e5f3dd6023488d8be96c0d2146253ffa75b5dcf68f3dd69bc649d76cf7ba14a540f8da78c61887d924b5fe13d5bc3d0b608331a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_3

Filesize
4.0MB

MD5
8f564bfc53b371853e712843a2c9589a

SHA1
853d49f7a896ed08af83826a7dd427124301c770

SHA256
dbfe505a6e9e5d1424ea288a885c2fff079b9f845535de28663b0b6e528ce882

SHA512
bcb7b3603b1d08f0ac3d15af07ee879f37e98d5f5685136b2f4c90a3f0f3fd6314c3b034f9767673c791a81b6d8aa2d9acdaedbfe99cb900d8631101f1b10725

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
160KB

MD5
c4310b3000f7d229a357f4de1f31eaaf

SHA1
6b84380fabe503c45d3e4c23705308f89d1ffe12

SHA256
13bc5bbc4a7299c25a249bd084624955463a4c788e23a08ff43c967fe31b498f

SHA512
5948be2db1ef74e54b1dd4a4ce5f12ff91c1877455c784d56e22213edbdec92e16af5d6329866b073117b2c46e66bc877826eff548e96570f5e0c5c523a3ec7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log

Filesize
121B

MD5
1f3ea13bf9f62622aa20d4c5099ad772

SHA1
1ccd87e856b57d115972d3e29d6f09dfd85062b9

SHA256
4cbd767955e500d51e8c2fe74c487915a17f98d04516628a4ec0ef9e7e718c25

SHA512
5e9626a2c72a3065800d3526882ba8ee89e809bfe0efab7ed403eb39abbf1dd06af885d628b221e7d168e66d6bcf9b178755f2ac7f5c164d8671c1fa40b0fdf2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
329B

MD5
40cb5a3ac31dec8abd1148efdb9771d0

SHA1
4539fb7de06e6370af62a4ff6cf11c47fd65c17d

SHA256
345585bde93dc433f2e761e7d4f80d1215999f9bb1b8fabceaa737a44be6ab31

SHA512
c7bd69eec336f3a53bdc106b5d0840c67b9edf3b540a177e289c33027be5dbb72d062a431f1ef1465abfa8b5c833d17335cf072dd75f1066b91d438838f57c22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Filesize
20KB

MD5
a3b82d13fc7a0012cc92acb554657b29

SHA1
a3f7c91b9e830f3f24c894018c05e376d98d0b8c

SHA256
194372065113269c8fd89902701938877201b7adeff79f5db3c65b9cf34ef04c

SHA512
e8e7be95671769c2e3cbec14d58d93da1ddc644c87acf575ecc00d6f406b8aee59c525254491ebd67298cde0415e4178bd0b1bf1f06f119c8516ac3644652ded

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
9e6674191c512ed09680e0e791e75698

SHA1
08676841ded568f2abc0e8f607b32b8ca7078111

SHA256
0dc6985b3b19ad841f90756e987a2ba69356ab0fc3f608b24a24751a42ed9774

SHA512
e174006e0259f2c87786f8a7f0ba554a88a9aa3ebd0ed3caa380ea6a5a5726962245af1c6992a592644286ed036510d4c8422da50a4d69cef9adca66ac29be8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
344c294a2ad5d7b140f7096b2a5e6a57

SHA1
0f6a47a912efa0f2c219f404dbf4f3ec64676204

SHA256
b46cedba151928320156aac8277842f73add368bbc9e678a183f2ff9d187439a

SHA512
224c613550a9f779b52bc06aa01e5b40bbbf5f720034493dec7669c13be4fe1b8eed83b556a74b892c0aba743679bf56a14a23da799312f273537e9452f458f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL

Filesize
36KB

MD5
74ac59e79eccb62be6ce9a472d446618

SHA1
e1204d9634625226bc5fbd999cfb5b06bb4a2384

SHA256
34a1f386c46042158bf3ec5c457aabeba01c8e93f8f200a302f94e62fdc9b82c

SHA512
eb1d0e56a1ad8eb2ff205c15812213e29b4eb28da687699fc7ca3ec9b24ef4d755319d00c9ad2587438709a38a44a20b38e0359bf9db8768867822a918d529d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
7810afd44b6b4d3422ceb43b813ea0d0

SHA1
47b125cd15ebe4f3512d02e47320d19611be8835

SHA256
2e88d0eaf5d5f96b5319152cde1f016482b5d84f4625d017d4cccb8cff598e60

SHA512
445fa4586b87c0db1746e0b9bc7659ff547614e477421438e6e7c35bb2ea95603522363a09dd731c1a69b9bd459772bc4f97f1edece8ffb73d143871e784a365

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
d40a78d00b385630501f1e635e0c488e

SHA1
b8f39b038bdd4939bd7983a8e2b4bef6dd2ada23

SHA256
e5ffc6bfe635af44d1403919789bb52de4a302dd15d13bc4180430f23f603a55

SHA512
c49999443ecc33bd517beff3198c53ea6fcd1118cace6739896301f865252b314897e5d7ca624631979c0e254ae768b4de5addc880e2c98fe63126103121d4f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7f368adc10505924b6f373908c4530ec

SHA1
1633206ca0335c7313092eba8201e75e691a5bad

SHA256
aa2b90bfe0acd3e5f01ec76b49b9d411d91f74e192b8a3a2a31953ca2478a98c

SHA512
616e7646fe6f91fead15e966b354b7382af9082f1417b6c87fe964dd2821c96265996c5594a93ba0af9b4709fc425f48d79f31da3db37ed4f875825440f8a13a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bf8b9bfc537ab7344f644cf63b7de9f5

SHA1
9bf50dc693e5f2dfcf253da2850b464d2a5cc10d

SHA256
d2dfc593a249250fbe110c5e49de5471b3cd4397285456697ffdb6902caa4802

SHA512
0020e74a987cecd57f7af16069280bd955999ff0d890265d915b60236ade4a4629074b55f96015e55dded2861afd0b235b36c64c974891c2d4b6a9c8fce4ebcb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c6e0e1dd88d5afed6786204e763a1d37

SHA1
83e8ca3bfd28060f2f233c3850c7db75769a3db0

SHA256
f40bf9031e90100090afd2d8814835e8b8bd24b28aa7255f892468fe93de8611

SHA512
accb31ec63b2e61ce8b964a823a850f0f04e6273eabf83bdb99a3db2b28e750da933ddc01942c730d0134e0ced4b6304c4e06ac026403bc601da42aca037f2f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
71d283e20f823848b77ac2d801ae134a

SHA1
b151b1b469c6c056b7aec12b5d1ae8d29921c987

SHA256
05d3d1282cd387d76ecd0e0a6bdc74e8de2a9145be5de3b0c1d6c12d05fd0ea6

SHA512
2301ab535c817c91e24797b69eb1e3f6bc34555bc150c6a938bbe80f61b78fdd1ab10cd48dbdad83c702506ee4a2cd43fce3580bff1b2d7fc148e526cbd1bb24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG

Filesize
333B

MD5
9f1916b1c0f304cddb539180e795b742

SHA1
a6f0b6392e929d1d369c1bf18ba041b39d940fb6

SHA256
273629d826d4485e38f695660a1d68c3c3686aae86fddcabe576cea43ac59517

SHA512
5a1ead5c9a627e1c8e2d2fee417b8d2e8fb91d8ea124228b68e669bdbb5ae04c239644c1d40cdd674042e300c1f449ddfcec6e9bbede4950554b9713deb2b68e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log

Filesize
716B

MD5
02dc57cf34963ff540b37523b2b4cf50

SHA1
d28a5c49f462bd1b2ce4bd4205c69a72441f69dc

SHA256
08e38517b8363711e5d331c450c8685ef76bf602f0b8fc9ca6a894553c8a7a4a

SHA512
1537b1bf1b2f54d24381d06be398dbc248d0025d62c6131a49dec7675285987962ceedca5c28f4a5238bfb88067680e6834cc39863327834b76c77437d36f86d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
317B

MD5
a61db04f726b7d6a3648fd6742a83f7c

SHA1
18aac1c11c35a40b31df8e9a1ee52dfc3f4ac244

SHA256
540377a6c12eb07d4b9655b66439e2891304da46a9e516d2a69ca0bf63825743

SHA512
4df927e8b14f5ae7c624d911f29ee941ec12806576bb71de8734a382156567282bfdbdbc8a6f289fe1c8219a687ac25685a476aa116ac7961f39065fa2bc1c83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13378706955409698

Filesize
3KB

MD5
24346c6b1e40120719b188c4fd53f279

SHA1
a5ac70ff1340f9f04809ce5cf4ade5e59ca025af

SHA256
405464432902d0bb61dd8c2ac1d4bf752e42599cfcac069966f3edb3bdc1982b

SHA512
10d394582252ca97932c0bd581d5da0d54818a682f1bf29a4f338852587b763c8935afa69a9b349bd04056c524914f1f846229f66112804dce913f301ca4846c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
1341bef5962f07dfaadf4e18be609b7c

SHA1
3f1d453fcc70e6b6085d587b336ad371231dd7b8

SHA256
c7487d685c43560d8b090bf98467b88d9bac244b6214e2d3985f78a67c715b4b

SHA512
d6ee5dbf60b7f69d4421d2594f4f752d151dbd6b90f8d0ed710166df152b5e680bef8f8bcd6cf4486ad85222fcd3cb8afbe4c6cc0068dc62699cc1234b7ea2ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
345B

MD5
20b57a85cce4c144d34a9a9e2a3a85a2

SHA1
b1403cd2a408d9c6d9aaa5c67ae66f4362a7df37

SHA256
e0856f98e74db2e7f89d0b6ac65fee35d2daf099d66489d153e286e3cc1a67aa

SHA512
4d6b694d4822531e8de21ae100b405b704b7c1138aac1c03dde1e6bb2df0c7e3f1b5ae085024bafc79f6059d0d9395885865f4dd9c78559925a64cd66b075860

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
324B

MD5
b835358e4f07c9839ac2eecd845559c3

SHA1
09757db707b451ff75895f345c4c172ed60ba22c

SHA256
44fed524b11abaf588067a3be037dc9691ba06c47a9fa41d7c4c45c4a72573bb

SHA512
4fdf450b6bfa56039e4b1678f0374af727efb8dd9815b2e5a4336a188b94904f2a34501177be8eb19839f592e5cc208979fd9ffda65b840b1ab0d5ac32920477

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

Filesize
128KB

MD5
0475e822b6ec8b5430a173707bc0ab6d

SHA1
ed042004b4dbb5e708db363d20b4da527425e791

SHA256
c9e6ddfad20ed85f1dfdfaf7da38e36b77d64f51783899369b552ed4bffef8ba

SHA512
cdc9679c90a1417c4f8a0d16d9ad1230501449c219c7c6da5cea2c463446f02d4ccba81b5179a8c3c8ca9f7c37b9df460c17ef293516d6cd139e827040249d47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data

Filesize
114KB

MD5
5917e71eefe1052a006e4340a2480342

SHA1
1add0a55aa05d0757d488a2a8d8c2afa5a86727f

SHA256
01f5ed9af3d0aab1e1f5b73c428b99acaf5b3bda3c8167feb8915f5eb31b4680

SHA512
0c20af236b4e61d665887d7b41d82084de80481c251912bfce2fe4104894edf591355395857aca246cb3a1885916e6a3423df3c5d8bbe3d4faa8337c6caeb08e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager

Filesize
40KB

MD5
4787e55d991dbbc60d26c2747c0ba81a

SHA1
ca778e15ae0f8c44a8d75b159bd66b3a560cc3ba

SHA256
75ce88eea1cd9d6a8b2dd4341056961545824c9eae860220fed1459137cfbdf2

SHA512
b6ece5c25b48d29150888d3a4bb41f488e328ff945abfb2dd14d2009cf9eb6f60597fd597a5095546cdcdd2feb5a659d3a7f3cc65f266aa6d1ac0d632c249f22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager-journal

Filesize
8KB

MD5
92e0b7e6d51a01e0c89e346ebd3f4835

SHA1
ad87d134ea785d6dc20ff4b2bb53707a9a134eb1

SHA256
296e2f7e4ecf2423728c305a6f84c117b4abcacff2755d19aedbcb407384b4dc

SHA512
8b798259f6a795f943bb7d0b58145072753c73c7160349238f93a2de0ebae5a226c549f147588127b24793f910688c4520a3ea6ff5629b395d3fe0c38a565b60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log

Filesize
18KB

MD5
fbb53c2d7cbfd6453c9a562cc68a367e

SHA1
d447611c23a0655e3ee61fdeb827830eb28013e4

SHA256
62462e1ed21207546f9366d15367b7bb510d2552bae4f04f1b231ac4ee6b5595

SHA512
9287fe01618042c4f2ab9f9039c869c0b83118262761d21bc0e8e0e478a78fe8c015fac9aaea788af90cea81ea27d0811f800350891c828ffe5cd1e1bcaf7df6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
317B

MD5
e7a0d0883133489ccc22fbfc919194a8

SHA1
e88bbe1698f75aa9225cde18b57ed2f2bf55b86b

SHA256
f13ea38018745294d8dc12cdc73e6d1be07884b2d77d0c96467319a59bcffbd0

SHA512
ca757241004d70ff5809273d48514d6137c244da4d47f9ce5948e69b9df6bd85e21b3186609b70b34d794d9d0a56aea8290b0d415b397938cc842b80c4e209a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
1KB

MD5
686cd3fc3796b2973bd311ba69ba1010

SHA1
eefdea60a87836e76704c874c602a071c637adc1

SHA256
fcd84f27f15268c024187aea331ce9d4480b1b44d27c21316970091a3e6789e8

SHA512
dfcd073f4f16c0c89e841f8fb89203c36fd8dedb49871c557981cd4e6379fb0cb1b89ba4a2e90ea37e829826229926c786478d8347ddb90163b0767855c439a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
335B

MD5
2d5a3098b9d65397550371885da23f4e

SHA1
b5cdc93a7edb1a72c04eb7dc523efe6cd87bb8e5

SHA256
9ab781b3550df2d69f4e9fecd2f1999aad93efa6eeb1a8d38ffaa3abb0616163

SHA512
cc00724135103289db330c28110b9433c7a313680e3ac8fc2571a91d573f8dc6d1bef03b07abd984652a0cb80493088f2eb1d85e7b97b8059f85eff8831cc6f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0

Filesize
44KB

MD5
49a00331467ebc3ad342354316b17b20

SHA1
8137d1b6f2c3fd4d4f923ecfa912a59f7e65c61f

SHA256
b8ccd4fca5dd171c528c1df4535fd93667d7b38a8f7580bf1126c78d2e1fde68

SHA512
709ec86b859280330d2b84fa5c4ed3e9ef8f77672ba10668490ad50feab68ddca6369dd87ed3ef355f88893b75287d2fc595311f3ca3c4bdee5c90e7f2cff0bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
df88b87de0a06da55a1b7b26254141b5

SHA1
402bbdc70ee778257a4f7a7f1de2c976aa9e17d9

SHA256
b90556845bf39f94794b58b960f1832fbfb6ff0a7ef183fe2fce1cb82d060875

SHA512
54e6055f1eafba84af0590f88bd983d592bbbdf9a727a482674fc8d64168b15c6b3117220011753f85b04cb43691138f10f1a3e8cdc8d8f3dcd4d9eb127b31bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3

Filesize
4.0MB

MD5
a1c9898f7fc477ac87ba1a28941322ed

SHA1
31ff67ae4e14935fbbb3b4d19ac3075b40bd1268

SHA256
795f52f7bae27d23bb871be17c994d9f266650a0618f1f87d1b4da6757ed1091

SHA512
d043e949823e5da5fb1dbe98a997cc4e266b903065971f923b97830d6ea291b5327bce9378a264da91cc413a4b18fcc643f090fd952bbbeceaf9090c7061728b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
ef48733031b712ca7027624fff3ab208

SHA1
da4f3812e6afc4b90d2185f4709dfbb6b47714fa

SHA256
c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99

SHA512
ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
0915c2aa9626beee0c1997a2d4c0e02f

SHA1
222b2218ce2b76f40ead1d988281da510be4e009

SHA256
40e61e55f4e0b0b5417fbd7830a123ef5ea1c8218a07ec396e4a0fb43b31feb2

SHA512
0834271902f9bfed97b79644a2decd2254fc0fb0bbbd3c1eaa085eec0e0107e405a380c98666bd6b209703fd8708b46f807d16326fcfe340e7b7627c81300964

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
119KB

MD5
ab9abc69904c4f6a7e22d19d214ffd69

SHA1
32975a8b618c43a5bcbcb56fe1e3954d515d3c31

SHA256
006a800c3607c5943e19400263d495127757d505caf4839ea0fb6daff8b95f1c

SHA512
0d1c9b7f46d65cc0724485ea939de99ee2053b9d0639c8cacbc5ba7a1e11e694e26c3fa69dba0553b855107b403b12710d4cd2404df9d4d43b6093e2931a600c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
119KB

MD5
e8299fb6e799401ab2d59f50e1148fd5

SHA1
4a2f05804fb29c45e30c7acfc56d8226e8e9a999

SHA256
5bf42102e5a3ad374fdaa275ee3e8850ff283d84ed24c83ce0a2a2a4b83b3a7e

SHA512
fcf68e8b5e19c4f1163fc3996173eb2ce7dd669f141f7ff8f49bb49db1bd3c79809d2e7a6ae2d0f75ec69de1cc81ac2ddab2eeab91eca026992b36950f42f72b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\segmentation_platform\ukm_db

Filesize
28KB

MD5
f893411660d3e608bea05e1a20e55351

SHA1
70d91599d2e33b58b5b75135c464e2de1575b4bf

SHA256
ad642089b7b8ce128080ebe218dc5f3d5878a7a916823b26dbdc564391092348

SHA512
32d838d5afbcc5415ecfda66ec2349e26a41b873bec0f0236fc7be700c1e95d6f56ae28d2c38114e22d392c9ed9ce53888476c474b8b0605454b753fb9d98cc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a28bb0d36049e72d00393056dce10a26

SHA1
c753387b64cc15c0efc80084da393acdb4fc01d0

SHA256
684d797e28b7fd86af84bfb217d190e4f5e03d92092d988a6091b2c7bbbd67c1

SHA512
20940fee33aa2194c36a3db92d4fd314ce7eacc2aa745abec62aa031c2a53ba4ff89f2568626e7bd2536090175f8d045c3bb52c5faa5ecc8da8410ab5fc519f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
554d6d27186fa7d6762d95dde7a17584

SHA1
93ea7b20b8fae384cf0be0d65e4295097112fdca

SHA256
2fa6145571e1f1ece9850a1ac94661213d3e0d82f1cef7ac1286ff6b2c2017cb

SHA512
57d9008ccabc315bd0e829b19fe91e24bab6ef20bcfab651b937b0f38eec840b58d0aed092a3bbedd2d6a95d5c150372a1e51087572de55672172adc1fc468a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\94e75a24-972a-4260-913a-9b1e7e294b94.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
55KB

MD5
fdf2600d905a0faa060d691e0212e1a7

SHA1
62550f0993a219e265ff9a0795a4d9f49b28748f

SHA256
52a37b3a78eb5b59df3bdb129b9115c6fed9bec6ca62b55ae56d8c2701de5972

SHA512
7118d2ea3aafe3d77709842da20acbe3faaf4c6c92a50ab05ecd4986916bbb92fe297a1b00357572683b02c61762cdf31dc425f03221dd169803252db5f04f7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000045

Filesize
55KB

MD5
cfd886e1ca849a7f8e2600763f236d78

SHA1
c1fc2b10d20c529c01b465a1edc0ed2fe04f0bd5

SHA256
c0b1c3c6995c24eabd1a6fcc4f00523e022b546cf1fa4fce6c30d04763244d1b

SHA512
254e37e3650b2c87b524c96f517586b690094abf7c8e0539b050ecdc4c56c2593bedab7b1a830b827ddc19f1c3e05ff4096ebdf4cc969b5bc5fd33cb34e94fd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
a1a6740ca94dd15b82300e8616a62105

SHA1
73ce4a93c4dcaba1ebfe6a3613b4b66df3f8dc2d

SHA256
02c06d68ccd1176b42c9d30f345a7e279ee7092e4ad76ff80761fe17e791c862

SHA512
9304e6e662e020e11e67ddf00c7369851b652904b31d69ce8751eae93fc3fd5132ed1b5ca00ab7ea926d717d054e837098b279a206873849318604d3f359060e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
5aa643309b078fd1e85c10cb2431537b

SHA1
3a63fa4fa5c01a3b85aaa6273178475e12b5bd64

SHA256
47b2601ebebbf6e51e1657e342d085b6c521f48f7c64ef64e9df41e487069642

SHA512
d768aff6a0652c0f89e2ce23e4925f8d59443766bc5f39f14b33c4cfb4be0fe11b6fb0c3a0f4062858bb736c5ca30099c95979ade594b7bfa4997921f98745e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fd19a58832c945aff07a9dedc7dfa455

SHA1
42745dc3e4c5a6c1bec2f2c53a19a28d28a39f47

SHA256
4c8c426875fd7c3944d3bf20fe58c9db4ab3c2c67dba1e0078e7ac89f9b6a222

SHA512
17dd64b92779321fc16bb48fdaa786bcc0b1ba2e9e583654230bababadb10d3af54576c1bea1e0979d2d0dcf7648b07faa0fb888de81b29e11566e44e8541a8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1be6334c5f9aeefb47a917e292084af5

SHA1
3d44c54af3fc3b8163e6602508550bff81581b57

SHA256
34d56845a6d0f37a66dc8d3533c051fe8c93b0b3293bfa5ec5b1fe015b607a4f

SHA512
dbf6177c427e44cc0da90396a4982ba6f3c2ac73bd1fbd888fc6328c9b91841db05026b8ab5da898d7accc7bd927e8be384f158525e24ac8d6961d49ec19e385

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
555d16ee8459bb238e09415b7eb22290

SHA1
7aedcdb885162aa4b61d0ef748722bab559b1a31

SHA256
4c1ef4e6874b5e0c56ffa649c4d0f9f9513c7cd838ca6aace9cba7f889126e77

SHA512
7e39ebc1f27a801e26c0548f328e90a6085a0d8484f93dc39b4145ee9dff76dfdc5491b8a8e5cf230997b51dba10782a68ed2d51400ae564d489a8a3cebcf32c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6e823025268f9d10f565d8bf9e7dd6e8

SHA1
8360f76452174f1f0084aa9c73824eff5ba1eb6c

SHA256
5ca1affeb6d90bd42c91f5598896d070549f8415e1922145cd2757c55ffec61b

SHA512
ef7f66922f0a4befbd82e0215329215a905ed5130937b3acd62315861e260e5b1c35ff21bf66a6ed8ba5edb08b715096e5c11eddc8adcef713b74f36789d49e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\75721deb-ce2f-4b2a-89e9-28e679bcc445\index-dir\the-real-index

Filesize
456B

MD5
a0b4df038ac3c38f4138de8758d5357d

SHA1
241e59954c6ddd2bbb1021bd2b70f221e76e23d7

SHA256
1c25096d1727306cedaf9eda702e8436c4225e6c8ae0636d08a4394dce4ede01

SHA512
5530ff88880d2a3e921ccb7d7609e13cf936e3138cc17f0eefeb72a0a5fafa2b4733362dff52c5ce524343b36c27927e5da05b4576a8d4aaeac813cf6a009d65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\75721deb-ce2f-4b2a-89e9-28e679bcc445\index-dir\the-real-index~RFe58506d.TMP

Filesize
48B

MD5
0484c197957df2518f8b965b66e46a84

SHA1
b48a2189852048bf2f16832033c578eac382602d

SHA256
5e442abb6819682254f8996fbf4fe73d4d845ca54551e663e6599c20562b17b9

SHA512
94aae5be6827869c03ae5ec8b51f72d5b271c70f52a87b4ce91947e2cd08d4a60ed2243593e6c508ec91e4da395a09e160a394be9c7c065e7c88395b7c505519

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\a961f15f-517d-462b-b726-6b92d057ee27\index-dir\the-real-index

Filesize
72B

MD5
6c8cc4ad1b5a50bbc04875ccf9b85856

SHA1
de6a87ba95156cbb1558b2fd6955ab291ae2641e

SHA256
93c1ae97daabbb72f25db597ddc10447d4baf29870ca47cda983867fa1416dd6

SHA512
a0215c81d6eca453401e72bd04b473e69fccdf97e25469233f4b697a991fb34391bbbc54d2199d8eb6a5d9e43b58784abc534d33a3a99a02668ea06cb8244f57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\a961f15f-517d-462b-b726-6b92d057ee27\index-dir\the-real-index~RFe58506d.TMP

Filesize
48B

MD5
24824ca03c6133bc13f897e953128b9d

SHA1
b8f3133875252f1802674bbafb8d5e057119ec78

SHA256
ae558cf79a3df4dd60372450dd311dd4522ee5b03dd26ff467404e3056b28ba0

SHA512
3ddee49bdedb2b4a8b8d08eea7375a2fa74f4eb6ccf23e12b9f71d3105b8d1b2c9855d8b61e93f04b0e15c942ad9ba64047cd6666f031ae8fda93f6164a39501

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\index.txt

Filesize
168B

MD5
aa5ced49d05efb57e69f5804ca781d16

SHA1
171ceb9eb33c6b631309fd35636bba8bfdc80f9e

SHA256
d7d94757bb3938c87c14941e18d44d769695c6832434e7132f37594c12ad8722

SHA512
25156108adbc13a5fd55f536fe32b181059edc639b162783cf398ae4e58fdfa0030d74ddc1867c7b77fa359222a8fedf14dea3b437280932078b8e79cf62bb79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\index.txt

Filesize
164B

MD5
49d44a2ea7e769ee334ecf86712849c4

SHA1
3573030e9b22d08d82ad72af1779ee1d0640d5cb

SHA256
2bed5fbe3d76606988f6dd1682599b7e9d2984a5e28260db99c9a121b3e0b88e

SHA512
a79ff59db1e7bde62340132d7e722d50e0755674c76f6911cb6ceef3117d48bdce3008b6b79009d9dc81eb32d17f17200b755191f36f77a8da1f0be286c838ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\index.txt~RFe581d95.TMP

Filesize
102B

MD5
7e029770b06f45468220e6e78c530042

SHA1
9b0616664f956cad2e481d9d1b86c862603ab448

SHA256
65a13b9f546519e1fcf3c112d1af61ab72351a73eca95065d0f4e8d58728b488

SHA512
d3e0d492768875eaa4288b3a19e138f0db291acca80aa77fddbceae387f886d135113addd7b084ca386a76bd4d9873c2afe7f0c7e6db36408655413d63f438f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
264B

MD5
c359b070704aafc65d2f2aa1a3710376

SHA1
73de320abf7a58bda4277c676b582f428dc59f67

SHA256
3d486e70bc1f0cc25720c8b0bb3e154cc7731bba5a71b4f63bafbb8bd0e24ef5

SHA512
fd23703032d7fd12bebe8f91a130570dcde1bb90ef0ca0bc4630e7fb6a7bdd1191cfb1a91b1570ce03eaacf3b10105e3a3607c365163e25176335a4db96ca5ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58506d.TMP

Filesize
48B

MD5
a0803f2a9de48cf6c23cb75c4b2d7667

SHA1
63ebc72119134941f10504523717b7ce933c2802

SHA256
ded6bed1c997dd67a5da96f3b3623328f6e6338d0944e9f172956c687dbd29d3

SHA512
747a0f47fc5eee66335d9633d6279a56997dd81a64f0740ae77c4a25bcdf118d204bd220422ea8e6acc93f1a5c204acdff5cf54912567d23722af42da72c8884

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b4ddb38b345fddc27c76b491d72a3119

SHA1
da962892156b7e58eb638f756ff1db8f36875f7f

SHA256
b8288e49d1ca880d6fb05559762821571bda8b049f8f1338085ea59c353738e2

SHA512
c4fb3d09a605b2b4ddb879db6e508f30df56aa57f1c349b3b4759cb8c5d047cd1b7417ac964efec8a740252ed4a9ad2b514d2d37b9883f558f0ac81d6f444cc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c3ad0011f751e3c8f3c278e5645afcf1

SHA1
2fe7b466ada442dbb9c874c2a19379334ae8dfb3

SHA256
cf841b244721243789ae7d4ff2e4a308a97a5893034e1fbb72f2536f590bf1b6

SHA512
07cdaf10441637f54feb15a21a76e1fc8396b073d2c09c5dadf13745a14d627c1f0cab451b883abf558a778ec06d2235e703ccc484916f58c9cafffcc3ef8878

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584496.TMP

Filesize
1KB

MD5
e155d542dcc83d8067a89538f91764b1

SHA1
ed5f12c921a04c5ddd104705dcd7525b730668d4

SHA256
83c323ded4cbf7a723289651d530d98724161337be4fe9fd012fa6a45285758c

SHA512
6ecf7b429ad1b589bfe29facbfcfe4b0d7cb3670fbf24a8502b16c08c9ff59ebf67003d0b9046d6c52b0ed0be77d6aa07e675a175293a4986f067d74064ee60d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f6f1878a83a49513fdc9256e8a542d25

SHA1
70d20b64f4c9d9c158c6729de0a38e19c71bf23d

SHA256
0ede052ca123e4b5b1fc3ff6cf2f620e7303a6fd3d37136d9ad03c4741a7d7d3

SHA512
c8b7e95f1da980ce68e5adc857366cadd2afd601f0267546115433bb268ac587192bfbd3526299a119a700cb45b9ee0a8471c15905079274f67a49ca3f0d03c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
cd3723301d21a230322d9c4e36392099

SHA1
b0297dc0b70b819302d6317fa79a3977e7f664b6

SHA256
065f500c4604f2c799bd3eb3cc432065be29302be7d3ba23e82f51282efc1ab5

SHA512
a098421a6fabf2f3a779cb072984ccceba07643f0567c70c965fbb666222a8fcd69f6bfe82472dcbda1ad36aaee197523f2fc06cb21f1c527513558ffbe1e16b

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_rnpxqdpj.k21.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
memory/2152-9-0x0000024474760000-0x0000024474782000-memory.dmp

Filesize
136KB

Download
memory/2152-15-0x00007FFC95970000-0x00007FFC96432000-memory.dmp

Filesize
10.8MB

Download
memory/2152-0-0x00007FFC95973000-0x00007FFC95975000-memory.dmp

Filesize
8KB

Download
memory/2152-12-0x00007FFC95970000-0x00007FFC96432000-memory.dmp

Filesize
10.8MB

Download
memory/2152-16-0x00007FFC95970000-0x00007FFC96432000-memory.dmp

Filesize
10.8MB

Download
memory/2152-11-0x00007FFC95970000-0x00007FFC96432000-memory.dmp

Filesize
10.8MB

Download
memory/2152-10-0x00007FFC95970000-0x00007FFC96432000-memory.dmp

Filesize
10.8MB

Download