discordrat | 15c9db25ecf6db656246d23fd23cdcd328fbc7d59e4c13ef0aecb774674355ae

Analysis

max time kernel
1025s
max time network
578s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
15-12-2024 12:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Sperex Update v3.exe
Size

78KB
MD5

d7860cd78e5d8d084e3f5d341b4c983a
SHA1

58b029d709dc20b74b4a26b7fd28dc9cbdcc8105
SHA256

15c9db25ecf6db656246d23fd23cdcd328fbc7d59e4c13ef0aecb774674355ae
SHA512

3d9b876f32d63c8ea21fe2c5bf7d71d93b9401bdf39af85d17bbfe49609b2ca8af68dfcc6182ea0cc7691ba906c5d76913874fef156a48fb6d64c19c0637d0f5
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+4PIC:5Zv5PDwbjNrmAE+cIC

Score

10^/10

discordrat discovery persistence ransomware rat rootkit spyware stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMxNzUyOTIxNDUyNTkwMjg4OA.G2AU-9.gp8oui8FZgS9lfAB_I_udCmnKXuah-v_04_U84
server_id
1317529702952337458

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Legitimate hosting services abused for malware hosting/C2 1 TTPs 38 IoCs

Web Service

T1102

flow	ioc
6	discord.com
22	discord.com
164	discord.com
66	discord.com
170	discord.com
173	discord.com
176	discord.com
178	discord.com
9	discord.com
53	raw.githubusercontent.com
161	discord.com
169	discord.com
175	discord.com
13	discord.com
64	discord.com
167	discord.com
36	discord.com
62	discord.com
65	discord.com
166	discord.com
10	discord.com
11	discord.com
29	discord.com
168	discord.com
177	discord.com
8	discord.com
12	discord.com
165	discord.com
68	discord.com
69	discord.com
158	discord.com
1	discord.com
61	discord.com
67	raw.githubusercontent.com
163	discord.com
4	discord.com
159	discord.com
162	discord.com

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tmpDF83.tmp.png"	Sperex Update v3.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133787385014136014"	chrome.exe

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4018527317-446799424-2810249686-1000\{47262334-5B1E-4079-A7C7-DE630993A608}	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\MuiCache	BackgroundTransferHost.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
3392	vlc.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4136	msedge.exe
4136	msedge.exe
324	msedge.exe
324	msedge.exe
2512	identity_helper.exe
2512	identity_helper.exe
4636	msedge.exe
4636	msedge.exe
4720	chrome.exe
4720	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3392	vlc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2216	Sperex Update v3.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: 33	3664	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3664	AUDIODG.EXE
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe
Token: SeCreatePagefilePrivilege	4720	chrome.exe
Token: SeShutdownPrivilege	4720	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
3392	vlc.exe
3392	vlc.exe
3392	vlc.exe
3392	vlc.exe
3392	vlc.exe
3392	vlc.exe
3392	vlc.exe
3392	vlc.exe
3392	vlc.exe

Suspicious use of SendNotifyMessage 50 IoCs

pid	Process
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
324	msedge.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
4720	chrome.exe
3392	vlc.exe
3392	vlc.exe
3392	vlc.exe
3392	vlc.exe
3392	vlc.exe
3392	vlc.exe
3392	vlc.exe
3392	vlc.exe
3392	vlc.exe
3392	vlc.exe
3392	vlc.exe
3392	vlc.exe
3392	vlc.exe
3392	vlc.exe
3392	vlc.exe
3392	vlc.exe
3392	vlc.exe
3392	vlc.exe
3392	vlc.exe
3392	vlc.exe
3392	vlc.exe
3392	vlc.exe
3392	vlc.exe
3392	vlc.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3392	vlc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2216 wrote to memory of 324	2216	Sperex Update v3.exe	77
PID 2216 wrote to memory of 324	2216	Sperex Update v3.exe	77
PID 324 wrote to memory of 3304	324	msedge.exe	78
PID 324 wrote to memory of 3304	324	msedge.exe	78
PID 324 wrote to memory of 2772	324	msedge.exe	79
PID 324 wrote to memory of 2772	324	msedge.exe	79
PID 324 wrote to memory of 2772	324	msedge.exe	79
PID 324 wrote to memory of 2772	324	msedge.exe	79
PID 324 wrote to memory of 2772	324	msedge.exe	79
PID 324 wrote to memory of 2772	324	msedge.exe	79
PID 324 wrote to memory of 2772	324	msedge.exe	79
PID 324 wrote to memory of 2772	324	msedge.exe	79
PID 324 wrote to memory of 2772	324	msedge.exe	79
PID 324 wrote to memory of 2772	324	msedge.exe	79
PID 324 wrote to memory of 2772	324	msedge.exe	79
PID 324 wrote to memory of 2772	324	msedge.exe	79
PID 324 wrote to memory of 2772	324	msedge.exe	79
PID 324 wrote to memory of 2772	324	msedge.exe	79
PID 324 wrote to memory of 2772	324	msedge.exe	79
PID 324 wrote to memory of 2772	324	msedge.exe	79
PID 324 wrote to memory of 2772	324	msedge.exe	79
PID 324 wrote to memory of 2772	324	msedge.exe	79
PID 324 wrote to memory of 2772	324	msedge.exe	79
PID 324 wrote to memory of 2772	324	msedge.exe	79
PID 324 wrote to memory of 2772	324	msedge.exe	79
PID 324 wrote to memory of 2772	324	msedge.exe	79
PID 324 wrote to memory of 2772	324	msedge.exe	79
PID 324 wrote to memory of 2772	324	msedge.exe	79
PID 324 wrote to memory of 2772	324	msedge.exe	79
PID 324 wrote to memory of 2772	324	msedge.exe	79
PID 324 wrote to memory of 2772	324	msedge.exe	79
PID 324 wrote to memory of 2772	324	msedge.exe	79
PID 324 wrote to memory of 2772	324	msedge.exe	79
PID 324 wrote to memory of 2772	324	msedge.exe	79
PID 324 wrote to memory of 2772	324	msedge.exe	79
PID 324 wrote to memory of 2772	324	msedge.exe	79
PID 324 wrote to memory of 2772	324	msedge.exe	79
PID 324 wrote to memory of 2772	324	msedge.exe	79
PID 324 wrote to memory of 2772	324	msedge.exe	79
PID 324 wrote to memory of 2772	324	msedge.exe	79
PID 324 wrote to memory of 2772	324	msedge.exe	79
PID 324 wrote to memory of 2772	324	msedge.exe	79
PID 324 wrote to memory of 2772	324	msedge.exe	79
PID 324 wrote to memory of 2772	324	msedge.exe	79
PID 324 wrote to memory of 4136	324	msedge.exe	80
PID 324 wrote to memory of 4136	324	msedge.exe	80
PID 324 wrote to memory of 488	324	msedge.exe	81
PID 324 wrote to memory of 488	324	msedge.exe	81
PID 324 wrote to memory of 488	324	msedge.exe	81
PID 324 wrote to memory of 488	324	msedge.exe	81
PID 324 wrote to memory of 488	324	msedge.exe	81
PID 324 wrote to memory of 488	324	msedge.exe	81
PID 324 wrote to memory of 488	324	msedge.exe	81
PID 324 wrote to memory of 488	324	msedge.exe	81
PID 324 wrote to memory of 488	324	msedge.exe	81
PID 324 wrote to memory of 488	324	msedge.exe	81
PID 324 wrote to memory of 488	324	msedge.exe	81
PID 324 wrote to memory of 488	324	msedge.exe	81
PID 324 wrote to memory of 488	324	msedge.exe	81
PID 324 wrote to memory of 488	324	msedge.exe	81
PID 324 wrote to memory of 488	324	msedge.exe	81
PID 324 wrote to memory of 488	324	msedge.exe	81
PID 324 wrote to memory of 488	324	msedge.exe	81
PID 324 wrote to memory of 488	324	msedge.exe	81

C:\Users\Admin\AppData\Local\Temp\Sperex Update v3.exe
"C:\Users\Admin\AppData\Local\Temp\Sperex Update v3.exe"
1⤵
- Sets desktop wallpaper using registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.google.com/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:324
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffde0033cb8,0x7ffde0033cc8,0x7ffde0033cd8
    3⤵
    PID:3304
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,6778790802603108848,10746593819187945914,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1940 /prefetch:2
    3⤵
    PID:2772
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,6778790802603108848,10746593819187945914,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4136
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,6778790802603108848,10746593819187945914,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8
    3⤵
    PID:488
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6778790802603108848,10746593819187945914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
    3⤵
    PID:4144
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6778790802603108848,10746593819187945914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
    3⤵
    PID:1576
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6778790802603108848,10746593819187945914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
    3⤵
    PID:1156
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6778790802603108848,10746593819187945914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
    3⤵
    PID:1612
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6778790802603108848,10746593819187945914,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
    3⤵
    PID:3676
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6778790802603108848,10746593819187945914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
    3⤵
    PID:4916
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6778790802603108848,10746593819187945914,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
    3⤵
    PID:1468
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6778790802603108848,10746593819187945914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
    3⤵
    PID:4932
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6778790802603108848,10746593819187945914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
    3⤵
    PID:4392
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6778790802603108848,10746593819187945914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
    3⤵
    PID:4084
- - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,6778790802603108848,10746593819187945914,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6272 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2512
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1896,6778790802603108848,10746593819187945914,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5728 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.pornhub.com/
  2⤵
  PID:1036
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffde0033cb8,0x7ffde0033cc8,0x7ffde0033cd8
    3⤵
    PID:2900
- C:\Windows\SYSTEM32\cmd.exe
  "cmd.exe" /C whoami
  2⤵
  PID:1192
- - C:\Windows\system32\whoami.exe
    whoami
    3⤵
    PID:4164

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2968

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3196

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdcd4ccc40,0x7ffdcd4ccc4c,0x7ffdcd4ccc58
  2⤵
  PID:1948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1944,i,10995815333427797253,5584866450776506794,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1940 /prefetch:2
  2⤵
  PID:2528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1664,i,10995815333427797253,5584866450776506794,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2100 /prefetch:3
  2⤵
  PID:4000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2232,i,10995815333427797253,5584866450776506794,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2404 /prefetch:8
  2⤵
  PID:112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3052,i,10995815333427797253,5584866450776506794,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:2376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,10995815333427797253,5584866450776506794,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:2004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3532,i,10995815333427797253,5584866450776506794,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3056 /prefetch:1
  2⤵
  PID:944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4712,i,10995815333427797253,5584866450776506794,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4708 /prefetch:8
  2⤵
  PID:2560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4744,i,10995815333427797253,5584866450776506794,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4732 /prefetch:8
  2⤵
  PID:576
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Windows directory
  PID:4504
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff7e45e4698,0x7ff7e45e46a4,0x7ff7e45e46b0
    3⤵
    - Drops file in Windows directory
    PID:2260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5044,i,10995815333427797253,5584866450776506794,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:2920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3272,i,10995815333427797253,5584866450776506794,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:3024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4904,i,10995815333427797253,5584866450776506794,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3460 /prefetch:8
  2⤵
  PID:4744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3292,i,10995815333427797253,5584866450776506794,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3316 /prefetch:8
  2⤵
  - Modifies registry class
  PID:3984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5320,i,10995815333427797253,5584866450776506794,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5312 /prefetch:8
  2⤵
  PID:2376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5704,i,10995815333427797253,5584866450776506794,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:4112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5556,i,10995815333427797253,5584866450776506794,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:2988

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5004

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:836

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004C4 0x00000000000004D4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3664

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:4676

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\UnlockPush.avi"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3392

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
2da21777019145300a5a03c1ffe5acbe

SHA1
337f690be1567852086ce9b99d423699557457e7

SHA256
412a4311338a5dec8fddc71e89804daf0d8a313a7f3ca9dc515d96f655b05e49

SHA512
6046a92daefac014933a60e9e1cbc2f2308528d14f9cce2e6da76b17a83ffd48f273786ed815d394f5ab98bb596911650e2764d4bb6e8088b9008d0eb8fd999f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
237KB

MD5
8fff5040c48321f755e6cd2c0d848674

SHA1
236a83d4d24d663ddf53f5ba95f50e4e9a49ea74

SHA256
626d8f6848401af52d8e1750798a6a1c983e6d6d2b32d78cec3693e1fd763df8

SHA512
4a5d7d3f7f76e02a395b96db1a90e4b204526ed2a1b85787dae99e79a3a89a2db911fb220dd58ad8f8a045c89c6a23bee15a06f052bb78106ae9080730ba739e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
34KB

MD5
b2e93fde28b0b1b9be741ad737c3a386

SHA1
1fddafd551388d153d38d71820a58e9588ee13d9

SHA256
c20f334bef5ee37bca36e13bc3b78cc6291911a66b0ca2e9dabd47cdbf7a1b0a

SHA512
0cbbe94b58074e2e4c2b61ecea5eee2f960a94dfe842f9b779e2bcb5ff82a9e0f280628d910a68d1300df3f17e7a1e2c6ec6c82c0b2c7d3456b349b342baa3a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
34KB

MD5
8752db53eee790f4ebb6c619d1dcad25

SHA1
18181647a64532aaf1a34a13cacca3594f9f9517

SHA256
b167feadebc2d20ac3a80a7ae012c5bcb50ae5366fe388f7fd4fdf2a2e0cfc57

SHA512
7e26ee721e0c26bc1d54e82fce391bf35c1a28b1a65bc22a815dfed28e9c1821d9ddf28f263a4082a1f8f56e399fe4a30c52ded22516de241dc3f22407d98f3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
49d4d85367979407aa14fb56bb83bba0

SHA1
a571a9d50c9c3e06f973735e2383c6449664def8

SHA256
4ffb0af46d9ed667e3ae4fdb243f72d193a99677018eea2a4c159c205e2364f5

SHA512
32dd0dde3948a8cce289e0c54fa4fad5cb77d2968a55dc44139143d1e84c999bcfb9888f127821bbcc0e761262d734e488ebe9338156ed3bbd1d9fd32d3c6e72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
7b2655953a4e9105342600e48c9b4929

SHA1
a74059ca2b197ce3d7b931222a164897b0429b9a

SHA256
c5d6caa2c102e90c04d991981e15810f3599b2fd8893cb2f9c01ed3007e049ec

SHA512
e4e5d8d1fdc4b4f1f49ae1e2d7843fa2a2b5c0e422e375e582ff6e6e0d2e3270c6da0bfd664f1f897b70c31c9192ca6ef92a6d650c066f336025a87238ef3e19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Login Data

Filesize
40KB

MD5
61f8b697a35f1e1bebe59dcae8e4ce68

SHA1
70470ed2cccff12837ddeefd340f3dc786e6f71f

SHA256
c3af288443823efe38ce420379b4ee645cf9ed9c30259d3b7a3e4822593a7b31

SHA512
bfe375cbebb7d68481894efccf3493dc009e766d039bdd4da0d420baac21e3d7ede0f2eff65e12e072b669c35d20128f5f3a62fb3b72d6865f3ff4655a31695d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
3310ef6bbdf8c827b2b7d27349e89ab4

SHA1
06d348b611bf545c508b8519d091a4f25fa12e51

SHA256
275ca42435f2f24c73192d96cdea800d56ccdfdf5741c8fb469451b2dace94ec

SHA512
d3817a77dcb5e2c34c896eb3d3ef08ac830f9666224005d5098358cb67a148f79fdb55480a193107c16cadc4db7612366a13616aa378478cc58893b7ae61b7f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
d43ca0dbb1af779118a355f7aaac250d

SHA1
61fb6e94582d2e54d74dbb6e3eb2b015f45d1649

SHA256
654483f84f821d6e8c7518039c5ce15cb4e336bf40bb6573cc7ec564a3c73ffd

SHA512
f1eedf2ebda723d713cd04234d328d12ca6fa06f536a63db5297e6acae76168f0b549755c619cac1f431a70abe3f7e4a99106fc21d21c8e27c47455a6a188888

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
128fb51765ba3e521276e669e2a0c96c

SHA1
2fcca347b8ccf615ff9593c232c886faf388afe1

SHA256
27b45dc0302d0f02d766eea6cfb9d9e978f2a40a922225cabca6de69816af5ec

SHA512
410e3fac6ae22ae6c94000d9b258ea0d7b64f3b25c14c72c9dcc536257e097e5d93a82689187b1bbfa52cda3b5f94026fa28469e41ffbea6c9bb89fdf7fa3e9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
598ad4d1ad057ef722835a66769782ff

SHA1
42a5392f8c9356684b3d59e4a04589fb2abb0caa

SHA256
b564620b492983a8ea783cb17b711620ea5cf55f100e08e07cbae90ef3e98b2e

SHA512
abc1191e56922481f1d3886723a56c0d3f9baae96c4c0311fcecd74b6315bd97ff9804bd9e67cb7e475ed0855ae645a651a13fa12cfbb74046784714ebfcd3a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
f0deef8a3f9a487464265f6c412488a5

SHA1
554e9668e8aeb692ed1de7d2eb1d20797b07272b

SHA256
fcdfa0bcdcb2491d4f89b84b088b7fb364a2b306600e6544d4cca8a437d78904

SHA512
26b84d5296258f08b724edf1d5e62ef3ca892a9dc7f44111aea71993399a3bde2973063cdd47d6281696e3ece92ba1e47f78f40c20f3b6fccf5660ccf302b6cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
735b538628092245fc0876e9bfcf8b0d

SHA1
28e2430c8405a2510b329ff4e42d74b011b1b673

SHA256
9bededfbbd68ba9eec279e3923a9a42848f07fdc801a80b8860fc1c6e895081f

SHA512
5f59df4b5ed05244763ed8603356ffec9ee1df43dfcd786faf2e1af0faef55963558deb1e257de6521e191cf71ac73903c78eaa18f0bf75c2281271dea2d58ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
660eb41532a04899fa09cd097fe4f6d5

SHA1
3921027d6e97741c5576fb06e6d83f7e67a2d298

SHA256
e0161f931c8398f783f3885a3fa1e74bbcf000e6f2db2eb4673bddebe2eb9a51

SHA512
b7eb9c554e37a06215f3a1c67482e211f3c994bea5d823b978d722c8dd1d14121ee0b837fad33097dea21700b0d6912913fecff90bdd0d39314e9ba9478329d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
46278f22f70497ef9e31c728f3443cad

SHA1
02eff59131b9d0b655dd9aca0502202fa471dffc

SHA256
a9228464743e35f0d4d25f405af31b0cd6065320bdf5312af21388001f3bf3b4

SHA512
a7a280eb04415d4bc1edb5821a72cf15186381cc4dde43049196c5a2b42face27d6ff30b1654945a6ba01eff9c9bfd4c4c6a7a49e53fae3f800973a87d9a47ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
85d1a3960d5b5f825d2ccc6d548a1fd2

SHA1
24151170dcb3a6b4c1cc8a2df4c1b1da97468494

SHA256
93cc6760341aa32b644808f452801c6fa2e709bbad026775064c0bdffb281f18

SHA512
a5e8642f695265f9653e1bcb1c5f8a0304d9939f0f629669420c2401690049ac0908d5ca44bda8da2a003606a28c9bef3c6402e2ffc39466c21f408de0e781c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
171b733b040a097950dd611171a9722a

SHA1
1c92dedd72b7042a8ce1bd7b7c57afff0a418926

SHA256
b3f4063dc3b5cd416f946c7fe5f6f1c080153072c4ea6d6c96a1bea87bf8af69

SHA512
d5efc84ac7ab5065a2f62c797e5425b99b3756c7777d6d8f65d45cf11dd5624db60793ebcb70165dce9e3b16276bf2bedb39c4203f89c41d1e7c7e7af0227835

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
1bc1b8ecca3538091a0194a092f3d9cc

SHA1
ed062558b368ee184c5e0e3e11a3d59d0e548f60

SHA256
d5b75ee70ef39a772d2c0b84c9d79f687899481fcbb691aaa5ae72ff4bb8b6a6

SHA512
6e5a06b3be063ce0fdb1f35e0f5f3f0b5dafde7de9f3f75ea249b119e8df1408aae67a5bd9e6b20ae92d0b7f0412ed438f62d7a76565191854b7d8a56de030ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f516e3909426366874c67f0ad489702b

SHA1
d31a5f6eab9747ea45de77951f5ce38242100bf5

SHA256
8289eb0cd1412cb287dfb46d761339240bb11c7340f01a0a15ea5163b6c1e30c

SHA512
158851e55c7356132cef5b1e542c17155a7704bcad9b8c62e9d372b2db9a97872d037bab5db43e4c499e7f3723f2a6717733d8b7e730ea0d230b316a4e7792ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
9a9a80e03e846d9ef30bda8e5bf6a444

SHA1
eda66be4c94cdd6743516c129da8a44846539e84

SHA256
90ab905fa3111b265e4b1b8cad356764e44c6d343bbf4be33dc5d90d86277231

SHA512
b282e5b937b1d1ad3fab756b9937042bb670310dbb2a4849a2e6b52fbf0a9a1328ccb800125d73799f93e39aa4e7d3cf79bbef3f006a44e0deda2dafeb949ac8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2510d82a7cc324877a43863bd007c0aa

SHA1
8dc6986ddc8ac6894f654d0d457ac858bf0c7a0e

SHA256
88ca88471052cf6faecde340a79fad8110199c37e64658db2508a725616d4c70

SHA512
b9616df513b3fa3db264a5c4dbfa2159d47176aadbf4cdd247cced6f83eb4648e82002ffbda4a76c359b095c283706cf8494335764d6484f9d307d512fd74e64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c3dc6ff578f6954be08b279c6412dadd

SHA1
f512fd665f4c177f57b06a61f44e778b71f993dd

SHA256
a543650698593506dd4ddc09c1560d8fa1fe07cb45e4ca4fa1f84579c85be6aa

SHA512
43c397ec643ad2f6cb14a9fe10368caa7f97db4aa8e3c5d560177d4f4079b51d4e99a56b20248d618166c117bb21d293ddcdc3309b5ae1b730ff52c2ea527929

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1cd39538b6f9c42e25161449d6668c9a

SHA1
96064b6dfde7778138d3fd89a8d3c7a50664c501

SHA256
4116cab823d1ef5a98c5bedd74cee75ce89f1825e8e04b8c9171d2babfc766bc

SHA512
250a317b3e35fd304af78fbdd51cc4cc44539bfd00dc85aa9c9d4cf11c5742364e51e90d9ec1a2900d329ee7f630ca8d63eb5ff2831d8f037a32ff6a44b5706a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
0ad66aaa59fd5fbc21c8a3d2975e7cac

SHA1
048ce98e2b50f1faf054db16c69fb8163445b32a

SHA256
09dcb88a7ac74174e970777854b05531c85a402fde8a8531fa8c64cb3fb2da7c

SHA512
da26ef3dd5ac9e6db188ce04c67a1633b1a86d7ba87a94874b696ce09633dc7e063c2a084d09c5014df3293785b2c3cc7242641cccb6a7987216926e0c3f78b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
72c0febf977aa552e456e7896694f90c

SHA1
e3794f67f1d660846e6d40361e33b8e9b5d2ffb9

SHA256
2d1a4c7d7ea77d9ce88397066b3ef6a314b817ac29f118415a073ef25a54d8ff

SHA512
27a3a547bc2fda11c12eb8f288180c8626aecc7803d9a1be3254ed12c7b9f7959f2d72fd18fcd15c8460401e303cdd1e49a9fd6d6c0668c8da267df75a6fcf76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\73a2214e-a26d-44f3-b09c-34b8448ea020\index-dir\the-real-index

Filesize
2KB

MD5
1c52f81ee7c0da8effab62e8d3b2181a

SHA1
c377b107a697116c49acf7eb736a5dea62d9ec03

SHA256
236f7e8bbe625e4c5107048774d37e2cb610142697c4a730046ca8070bda0280

SHA512
34da287877a825e9d8d0be32ddcf6135a22d1a0090df22be2a03f4528142f3279ada2057950e65bc885c2ef81ed4e2cba8f7e03769014d2cc9c1188141b11d46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\73a2214e-a26d-44f3-b09c-34b8448ea020\index-dir\the-real-index~RFe5998db.TMP

Filesize
48B

MD5
699d356d22da555ae89c4d0e6560789d

SHA1
f54544f705f7739537f8ed367c307c519bf87744

SHA256
bc298949b4d19f491c55dd65a73a012913274ae7ac16471bd21aedca059052ff

SHA512
266d78c849b1b9eb4655d4c431feea66befd59910636aac8e052803f1ee3117c15878a172b8f5fd6a8fb5c9747e631e5569621d7d8842cfe550e3ae22886aa23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\eef2ca00-0e76-4165-a57f-e1a5a5214186\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\eef2ca00-0e76-4165-a57f-e1a5a5214186\index-dir\the-real-index

Filesize
624B

MD5
a08342e9ab81efee182daf274db247a9

SHA1
331975711eb16303864acdba7e5dd12c3491674d

SHA256
5b1b5d49c18d7f8f8f2acdb0ab00565d1984d98e47279e84dde80bc6c23335a6

SHA512
f6963687c0f28550bf42aef48de4261e310ff426d7f3a2682f54b0041bc5fb43572b288680e3ac018410989a5a1fddd5943eeb0b4659af8d2ba60f3cd0d0e8fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\eef2ca00-0e76-4165-a57f-e1a5a5214186\index-dir\the-real-index~RFe59f488.TMP

Filesize
48B

MD5
491b107db7623f2bce11ce42fc9e37f0

SHA1
6247a89eb22da4efbe42c750691a9f8ea4b928c3

SHA256
7679b28c0c5ff53dc7db496f4723c6ba790725766fd00ad2403a479899940092

SHA512
4e1a9d94b1e96c22ebe183e3a9d2ae9645895f6781a1947be2bef35993fd4c3ae344b49e1ec5151e68de41b997af512979a646099d62745145c1480fe6817bf4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
183B

MD5
51eb7237af952c0e62fb7acf4fd0d2af

SHA1
488cccce73a67ce963f76290fadd90f6b84fb5d1

SHA256
4b72272951ef01bb37e70254da0f9e39b634d88d3b9e2f559bcf7d6346ef565c

SHA512
8e2f2d0860dab6a578fc14ac335479bf5c9c85591eb24e9a77fc2083afb383aefdcf5918fb9fdef47da41ffaa6fe8e5945edc97e723d9165083f141fa7596c6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
3a986b399ba834936a4f7e6f228bf0b4

SHA1
6e31c306bf690c8be3448d5ce8bb989558e20835

SHA256
3458e4bb24bf92d175ec357b2aa416a99dbb72a76ac5422b6ef080ea80d8a405

SHA512
0639860c5468f5b8006b0f7372456a1557dc21cedd8461eeb880453b7ccedde67721612ff2f6775f536c5494b21036f6539b82b75a9db36fea89db8e9bd84318

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
178B

MD5
69bc0921daf557e428fa9ffe43daf65c

SHA1
b2d4511d87d96e2b0ce31dd897e024616e14619f

SHA256
2fb7b2b9a7521b290282ce3aac2e998136ff6e8a389225229500d80daffc9ec1

SHA512
45f46076b3310606fc861c6aa686f6d029a389ca46c9169b1f7209d0b58f28d60338ee7a5625ad6670f73ba6952989485fecd7b38bb4b6308f6b546356d14b29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
187B

MD5
a7c77288749f7e18d4f84d352bc1f41f

SHA1
8123b3d292918ee9df4ce38a0759d3218b1d4429

SHA256
c1027bd50463e263911a0a813d304e1c0f74f4404ce4f1b563e3dd84e3a8a242

SHA512
1b91878589b0ffb9cf7e5d64d3def37bf4ce1133938849f423be32299937b3e0456ddbae4f5fe19b46858e018545b7a82181e58289f7bbc30302de337c62dade

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
b2f622c3d3b922b86058e29181f18644

SHA1
28eee0fd994afed7e933eb4a61bf41f6984f487c

SHA256
010f2377077faedc03b726e3823abec966247b13f4e7e82c84896aee323f4b1d

SHA512
21d59f089c78f2dfc609f532c35340dd5626af1f21c1b34d678a830908b6a32c67abec2fd2921f224eb70c55974ad2a2b53814fc27e455ec0c5e38afd4cccfaf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
3cd7a0237fcd336b83fb84c78db794de

SHA1
567b498b1bd954f7fc59ff48c8d11b682b85ca73

SHA256
d61769e6bad24291bf09df3faf7d341b2e0745d751824ff34c15eae3f22f8ae0

SHA512
cbb2cfeb71c221a7d040dc525f945858395bbbe6f4c3aace5af05cadcf8cca2a4805080809c7f9cea52e1e4ae915fffd25b64907aaa81f855727464b60499845

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe598a35.TMP

Filesize
119B

MD5
4579024b41d72f56e99913f6a6432fae

SHA1
f9682b9d2482326121523ced6d78bc51f075fe34

SHA256
1520d6276f4f80d6ac74da7042bb86f3d92afcd78c72d2c0cf265da5b4021c24

SHA512
12b5290269d5c80a8ae8cf5788f5cd867441647624f5493af0b798f714eb5c863e6aa35ce08d1ed6e3fa5352c8e694eb7042642a54405a44af5a73bbc0bcbfb9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
1d349f4e66c8f49cfe87fb69280b1a0d

SHA1
6959545cab2242a0f426a0477acf9df9e40274b2

SHA256
9413765de2d1594acf00c38aa0451eeb6f9a01c5255f809328184e7c37720abd

SHA512
e91e76d21652805a049ab8fbd2f3bec672f34c8db1a67a63067cfd3ae23951be80c43a67f715d1a58cd574aafb78d4d292d16f6a8d53b6a6162de0aa7e23c8b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4720_725140700\Shortcuts Menu Icons\Monochrome\0\512.png

Filesize
2KB

MD5
206fd9669027c437a36fbf7d73657db7

SHA1
8dee68de4deac72e86bbb28b8e5a915df3b5f3a5

SHA256
0d17a989f42bc129aca8e755871a7025acb6292ce06ca2437e95bedbc328fa18

SHA512
2c89878ec8466edf1f214d918aefc6a9b3de46d06ffacff4fdb85566560e94068601b1e4377d9d2eabefdc1c7f09eb46b00cf4545e377cc84a69edf8e57e48b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4720_725140700\Shortcuts Menu Icons\Monochrome\1\512.png

Filesize
10KB

MD5
529a0ad2f85dff6370e98e206ecb6ef9

SHA1
7a4ff97f02962afeca94f1815168f41ba54b0691

SHA256
31db550eb9c0d9afd316dc85cdfd832510e2c48e7d37d4a610c175667a4599c6

SHA512
d00e2d741a0a6321c92a4aab632f8f3bafd33c0e2875f37868e195ed5e7200a647b4c83358edcef5fc7acbc5c57f70410903f39eac76e23e88a342ac5c9c21cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4720_800485824\Icons Monochrome\16.png

Filesize
214B

MD5
1b3a4d1adc56ac66cd8b46c98f33e41b

SHA1
de87dc114f12e1865922f89ebc127966b0b9a1b7

SHA256
0fb35eacb91ab06f09431370f330ba290725119417f166facaf5f134499978bd

SHA512
ce89a67b088bae8dcd763f9a9b3655ed90485b24646d93de44533744dfcf947c96571e252d1ad80bdec1530ff2b72b012e8fff7178f1b4e957090f0f4c959e0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_1

Filesize
264KB

MD5
0fe12d83fbdb0c502b3c11759e5b0baf

SHA1
d7aa74da60c1a09942e2a23d08e33e2d001747ac

SHA256
dac751c2e2b5f89c140564e4896b69483baf85f798c79b4364b406dbcad62c43

SHA512
bb7774565e35492eaf76608fc32a7b8381291f7402067301a32e8fa086f19cccc333fdc7d300551c545d6bc992ed2b2bc4f57f71139a5210a951a46b9eca8fcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
f328def473567d4ce325bb035633e27a

SHA1
93f7a62bc355205f81932e13a1368a1feff86c29

SHA256
bc1735d07563b8a6ddfae06f1e501d832b587b13bb0f378c89c00f136e90bdc3

SHA512
caf8935f5424851c28f59d4eb02273c232804971c40b631d8946a90d09ec35b7ff643649ce1a9bb32e7edc5e485bf6634076f697433d4ee5d28178fd94d7a144

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
8ca6371710aae4a8cc6407c32760dfeb

SHA1
c729d7cc060772f8c3a050d4b4fc239702c6d020

SHA256
8a8016efc345ff49764e9518dc3bf24562c86b2a80ac606b894ebbe863c03ce1

SHA512
99fbd446916866a051b4707846f640bd9265e75f370315b6ee2bb25a49f30577c6227c87b23ed8062c8360abd27a19dffb1c5be29925823e2c4dc7247327b568

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
7b8d58c682d04e0082cf52f2152a2e5b

SHA1
d66beda67f85229ebce70793e207af6265efbe4e

SHA256
7a3f964fbd825c1fcb6e1dbf14cbb2a66b059b038f9e02b17a387099aa3ea513

SHA512
d4f5ef975b17c97208e8f102c5cba6896f65d6fbec53501f4dc34602f808ed05e613b78d8a6df298be4aba21e40e0ba52c9ec888d2f44a9c57fe019929e4affb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
1a1f72ae553f2f8460d342cc5a092f69

SHA1
85260d0ec7ae396220c81402c5afb0f7bd70bc48

SHA256
c2e917c1ff1fa523b598038d9a7855e5a5145a3a99a7819f5916aecb7d90bac5

SHA512
502b2a51ca4d8e13aeeb39503aa87a6b09da0c44c33858f2be6383dae8f0bc70890d8fa46df9b00f6c15e196f1e15a6dba833337f9e3f85971f8526f776214fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
18e44c204009c40ce1bb2de55184d928

SHA1
292ce7d4f61107047b9b219bc56da28a4a89d66f

SHA256
ca43dc01a8db714f5a9171b0c84ce05791bd01293c69b4609b7f4e4cc1f54c97

SHA512
a107c258a38896098dcbdf23a9a5fe10c3af2d341996716017ae408da8aa046e794df408b8ab4a955fc9b810333e210423ab28ceb29a02a5ec364b17f67d6d02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
051a939f60dced99602add88b5b71f58

SHA1
a71acd61be911ff6ff7e5a9e5965597c8c7c0765

SHA256
2cff121889a0a77f49cdc4564bdd1320cf588c9dcd36012dbc3669cf73015d10

SHA512
a9c72ed43b895089a9e036aba6da96213fedd2f05f0a69ae8d1fa07851ac8263e58af86c7103ce4b4f9cfe92f9c9d0a46085c066a54ce825ef53505fdb988d1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
003b92b33b2eb97e6c1a0929121829b8

SHA1
6f18e96c7a2e07fb5a80acb3c9916748fd48827a

SHA256
8001f251d5932a62bfe17b0ba3686ce255ecf9adb95a06ecb954faa096be3e54

SHA512
18005c6c07475e6dd1ec310fe511353381cf0f15d086cf20dc6ed8825c872944185c767f80306e56fec9380804933aa37a8f12c720398b4b3b42cb216b41cf77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
215KB

MD5
2be38925751dc3580e84c3af3a87f98d

SHA1
8a390d24e6588bef5da1d3db713784c11ca58921

SHA256
1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

SHA512
1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
53d146a5ceae2b91786b73b6a133eeb8

SHA1
e7a54fc1ebcdd0f2b7fd3619f6fa06abe34b463f

SHA256
ba3ab5446e0f65d0dc5bb5f92312e4ee8687f4a3100fc18de47c9ba1f0eb6b07

SHA512
f117e43fc6c8ffc89489ad8222d60007a965aa07b856db7505bcd8d80e7fee7b10e7741750243eb8023a2ba1626ae59d8d6ca938bced9b736247cd055929d98d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
023460b74650d33fbbf5749b01aba922

SHA1
3801838affdfe7da0438e6ae4f852521c06fc1e8

SHA256
3f2bafa45509f63a3207ab44fe81d7ecf4f1eac148b1e190319c0e82259535f3

SHA512
0c6149150eb020afa936dc2f218ea6f10c1931a6c5d444e0a607a6252e5e3b22dcf6dce6b08d425bb428d5bb41d893520b453d453774ffc3dabd1220763f5e75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fb0265f009e344b776488460079592a1

SHA1
d3785f0d9b0fe67a17a3b95b969a2d86181ce901

SHA256
655fc080df5a387d3ac365352004b75c96183cdc4a2348bb9efbdb0aaeb6d101

SHA512
786b8f3d354095d5b86c221b38225c45e014130e298fb08a08a1d9e03a6fef46b506f019620dc8c4c0a1b920394d600a18b1aabf43687e12f7efd7425f22a8d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
007d8024ff810d33d3efd2c432dc3130

SHA1
b943f0fd155e3c43c400cf6b38422bf032cc7092

SHA256
6247f4052f84ba6e31b850f69129b872934e1641382920b93a5a56bab0760422

SHA512
994850b535917a8d5cc2d17b3f2e78e96027850623d0f53884004848753006db72c60b855d008c61d8cabc32ce79d1cd7be2263a4eded86681853cc79ac29ef9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ceb61421926f9aa16c843aee86a2d5fb

SHA1
c3037283b19038e58eb5cd6d2c39af71ead803da

SHA256
01dc5bda27afef8d2c595ad9a494263e86e943c5e4294081eb22c2e8a3385e29

SHA512
f417b5c7a45f140856b410ae199c11278bcc16c96f55ef61551e8d66fbe4cf9e4e5070df4132fad532c42cea6bce6f4d625702124b5c742be1d87ec49f33ffcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7247e3f1bfaca14b8cdca94ee94ab0cb

SHA1
e22eca96a05743204e13f59c3a3ef0f8ec2544b8

SHA256
8d94e0d31e962ca72540111ce59d08cac7c3ff47011f62fc2566350ba0b34a44

SHA512
63bbd02183135f9f2071919f2890c8775452045dd56b04d4a4f5d17a00d5a0af92c80f104c4d23210f9a18e81d75e6e93ae23fa5c29142b96e8be7afaaa84494

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
215debafdd75a7f5da00a6e1590c6e1a

SHA1
ebbebdf6732855f9fd856b57c5257872e0a1c9c5

SHA256
c30428098bb95d32eab2e07cee5d05b7786b198452049ad98e0a6ff68f331915

SHA512
5191def111b79f1b8743a8bbfdd8ca9bb95c5ded4783348aaf7b866a4950ba186ed3f680a069885472d221bcd371cb71609f6251f32af35497bc023b53bb18a2

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\e938e119-ba38-43fc-9d86-123f8a78cfe7.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

Filesize
75B

MD5
4f6396bf730af83f5a2c7ee8d58a838c

SHA1
224e6eac9c21e3d231f7fdf0c18ac68b51db4649

SHA256
2b1aead297cd7f1a60ae65079bf89bf3ef9a23d58abe300411c7462a088f6ab3

SHA512
5b3b80f2591585fa7aff3d214c01806a50ffefc321bdd584bd5a05b27c586814341549d431f05c3af08ce4a655a663cff6ec8ca7186e9ccf355f126e0b2a9a23

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini.lock

Filesize
18B

MD5
f4877596a408610b8fa158b8e7e96071

SHA1
b2ed0c884e051d2a21036e2073911e4221efc5f8

SHA256
ef9fc5470be71f64fa24757779110ae2810c8c5d38c39cde36d5f4df7e6a3b60

SHA512
8178ab8afddebb005f4a8522ff40ce702affc56e0aa5cbd4f3712c449fcaf18c40c3e3c09a9dcc2a97e0f218ae2483e3c5e12aeedd6c4475654b2a1d6498d73c

Download Submit
memory/2216-2-0x0000025D7FC60000-0x0000025D7FE22000-memory.dmp

Filesize
1.8MB

Download
memory/2216-1-0x0000025D7F570000-0x0000025D7F588000-memory.dmp

Filesize
96KB

Download
memory/2216-1256-0x0000025D7FAE0000-0x0000025D7FB30000-memory.dmp

Filesize
320KB

Download
memory/2216-292-0x0000025D01A60000-0x0000025D01A72000-memory.dmp

Filesize
72KB

Download
memory/2216-3-0x00007FFDD1B50000-0x00007FFDD2612000-memory.dmp

Filesize
10.8MB

Download
memory/2216-293-0x0000025D7F950000-0x0000025D7F96E000-memory.dmp

Filesize
120KB

Download
memory/2216-5-0x00007FFDD1B53000-0x00007FFDD1B55000-memory.dmp

Filesize
8KB

Download
memory/2216-4-0x0000025D1B3A0000-0x0000025D1B8C8000-memory.dmp

Filesize
5.2MB

Download
memory/2216-0-0x00007FFDD1B53000-0x00007FFDD1B55000-memory.dmp

Filesize
8KB

Download
memory/2216-6-0x00007FFDD1B50000-0x00007FFDD2612000-memory.dmp

Filesize
10.8MB

Download
memory/2216-291-0x0000025D7F9C0000-0x0000025D7FA36000-memory.dmp

Filesize
472KB

Download
memory/2216-1429-0x00007FFDD1B50000-0x00007FFDD2612000-memory.dmp

Filesize
10.8MB

Download
memory/3392-1424-0x00007FF6DC350000-0x00007FF6DC448000-memory.dmp

Filesize
992KB

Download
memory/3392-1426-0x00007FFDCCC70000-0x00007FFDCCF26000-memory.dmp

Filesize
2.7MB

Download
memory/3392-1427-0x00007FFDC77A0000-0x00007FFDC8850000-memory.dmp

Filesize
16.7MB

Download
memory/3392-1425-0x00007FFDE3AF0000-0x00007FFDE3B24000-memory.dmp

Filesize
208KB

Download