hxxps://youtube[.]com

max time kernel
470s
max time network
471s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241211-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
23/12/2024, 17:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://youtube.com

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3536	Software v1.24 loader.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\70aac554-1337-4b99-ab06-85af361f1dea.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241223171003.pma	setup.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Software v1.24 loader.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133794469510249040"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000100000000000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Generic"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Generic"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\MRUListEx = ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Generic"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	chrome.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3506525125-3566313221-3651816328-1000\{A0BA53C2-A14D-4268-AFB0-AF47ED90F64A}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0 = 7800310000000000975950581000534f465457417e312e32344c00005c0009000400efbe9759878897598c882e0000000f6304000000280000000000000000000000000000006bbd140053006f006600740077006100720065002000760031002e003200340020006c006f00610064006500720000001c000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3506525125-3566313221-3651816328-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Downloads"	chrome.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2756	chrome.exe
2756	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
2852	chrome.exe
3140	msedge.exe
3140	msedge.exe
3644	msedge.exe
3644	msedge.exe
5376	identity_helper.exe
5376	identity_helper.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1148	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
3644	msedge.exe
3644	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: 33	1976	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1976	AUDIODG.EXE
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe
Token: SeShutdownPrivilege	2756	chrome.exe
Token: SeCreatePagefilePrivilege	2756	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe
2756	chrome.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1148	chrome.exe
2052	chrome.exe
2856	chrome.exe
552	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2756 wrote to memory of 2400	2756	chrome.exe	81
PID 2756 wrote to memory of 2400	2756	chrome.exe	81
PID 2756 wrote to memory of 4536	2756	chrome.exe	82
PID 2756 wrote to memory of 4536	2756	chrome.exe	82
PID 2756 wrote to memory of 4536	2756	chrome.exe	82
PID 2756 wrote to memory of 4536	2756	chrome.exe	82
PID 2756 wrote to memory of 4536	2756	chrome.exe	82
PID 2756 wrote to memory of 4536	2756	chrome.exe	82
PID 2756 wrote to memory of 4536	2756	chrome.exe	82
PID 2756 wrote to memory of 4536	2756	chrome.exe	82
PID 2756 wrote to memory of 4536	2756	chrome.exe	82
PID 2756 wrote to memory of 4536	2756	chrome.exe	82
PID 2756 wrote to memory of 4536	2756	chrome.exe	82
PID 2756 wrote to memory of 4536	2756	chrome.exe	82
PID 2756 wrote to memory of 4536	2756	chrome.exe	82
PID 2756 wrote to memory of 4536	2756	chrome.exe	82
PID 2756 wrote to memory of 4536	2756	chrome.exe	82
PID 2756 wrote to memory of 4536	2756	chrome.exe	82
PID 2756 wrote to memory of 4536	2756	chrome.exe	82
PID 2756 wrote to memory of 4536	2756	chrome.exe	82
PID 2756 wrote to memory of 4536	2756	chrome.exe	82
PID 2756 wrote to memory of 4536	2756	chrome.exe	82
PID 2756 wrote to memory of 4536	2756	chrome.exe	82
PID 2756 wrote to memory of 4536	2756	chrome.exe	82
PID 2756 wrote to memory of 4536	2756	chrome.exe	82
PID 2756 wrote to memory of 4536	2756	chrome.exe	82
PID 2756 wrote to memory of 4536	2756	chrome.exe	82
PID 2756 wrote to memory of 4536	2756	chrome.exe	82
PID 2756 wrote to memory of 4536	2756	chrome.exe	82
PID 2756 wrote to memory of 4536	2756	chrome.exe	82
PID 2756 wrote to memory of 4536	2756	chrome.exe	82
PID 2756 wrote to memory of 4536	2756	chrome.exe	82
PID 2756 wrote to memory of 4040	2756	chrome.exe	83
PID 2756 wrote to memory of 4040	2756	chrome.exe	83
PID 2756 wrote to memory of 1924	2756	chrome.exe	84
PID 2756 wrote to memory of 1924	2756	chrome.exe	84
PID 2756 wrote to memory of 1924	2756	chrome.exe	84
PID 2756 wrote to memory of 1924	2756	chrome.exe	84
PID 2756 wrote to memory of 1924	2756	chrome.exe	84
PID 2756 wrote to memory of 1924	2756	chrome.exe	84
PID 2756 wrote to memory of 1924	2756	chrome.exe	84
PID 2756 wrote to memory of 1924	2756	chrome.exe	84
PID 2756 wrote to memory of 1924	2756	chrome.exe	84
PID 2756 wrote to memory of 1924	2756	chrome.exe	84
PID 2756 wrote to memory of 1924	2756	chrome.exe	84
PID 2756 wrote to memory of 1924	2756	chrome.exe	84
PID 2756 wrote to memory of 1924	2756	chrome.exe	84
PID 2756 wrote to memory of 1924	2756	chrome.exe	84
PID 2756 wrote to memory of 1924	2756	chrome.exe	84
PID 2756 wrote to memory of 1924	2756	chrome.exe	84
PID 2756 wrote to memory of 1924	2756	chrome.exe	84
PID 2756 wrote to memory of 1924	2756	chrome.exe	84
PID 2756 wrote to memory of 1924	2756	chrome.exe	84
PID 2756 wrote to memory of 1924	2756	chrome.exe	84
PID 2756 wrote to memory of 1924	2756	chrome.exe	84
PID 2756 wrote to memory of 1924	2756	chrome.exe	84
PID 2756 wrote to memory of 1924	2756	chrome.exe	84
PID 2756 wrote to memory of 1924	2756	chrome.exe	84
PID 2756 wrote to memory of 1924	2756	chrome.exe	84
PID 2756 wrote to memory of 1924	2756	chrome.exe	84
PID 2756 wrote to memory of 1924	2756	chrome.exe	84
PID 2756 wrote to memory of 1924	2756	chrome.exe	84
PID 2756 wrote to memory of 1924	2756	chrome.exe	84
PID 2756 wrote to memory of 1924	2756	chrome.exe	84

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://youtube.com
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ffbc823cc40,0x7ffbc823cc4c,0x7ffbc823cc58
  2⤵
  PID:2400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1816,i,13748678872926088445,6058689627019091033,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=1824 /prefetch:2
  2⤵
  PID:4536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2156,i,13748678872926088445,6058689627019091033,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  PID:4040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2244,i,13748678872926088445,6058689627019091033,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=2428 /prefetch:8
  2⤵
  PID:1924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3144,i,13748678872926088445,6058689627019091033,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:4060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3168,i,13748678872926088445,6058689627019091033,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:3696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4368,i,13748678872926088445,6058689627019091033,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4528 /prefetch:1
  2⤵
  PID:4664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4720,i,13748678872926088445,6058689627019091033,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4712 /prefetch:8
  2⤵
  PID:1072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4708,i,13748678872926088445,6058689627019091033,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4884 /prefetch:8
  2⤵
  - Modifies registry class
  PID:2868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5232,i,13748678872926088445,6058689627019091033,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5256 /prefetch:8
  2⤵
  PID:3136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5556,i,13748678872926088445,6058689627019091033,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5572 /prefetch:8
  2⤵
  PID:1740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4988,i,13748678872926088445,6058689627019091033,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3836 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5052,i,13748678872926088445,6058689627019091033,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4940 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4636,i,13748678872926088445,6058689627019091033,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5004 /prefetch:1
  2⤵
  PID:1772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5908,i,13748678872926088445,6058689627019091033,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5896 /prefetch:8
  2⤵
  PID:2528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5112,i,13748678872926088445,6058689627019091033,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=6060 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5888,i,13748678872926088445,6058689627019091033,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5984 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=6308,i,13748678872926088445,6058689627019091033,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=1492 /prefetch:1
  2⤵
  PID:1912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1064,i,13748678872926088445,6058689627019091033,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=6288 /prefetch:8
  2⤵
  PID:1792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6416,i,13748678872926088445,6058689627019091033,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=6468 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:1148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6444,i,13748678872926088445,6058689627019091033,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=6472 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:2052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6428,i,13748678872926088445,6058689627019091033,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5664 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:2856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6296,i,13748678872926088445,6058689627019091033,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=6480 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:552

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3772

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x44c 0x454
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1976

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2556

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4952

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Software v1.24 loader\" -spe -an -ai#7zMap3153:104:7zEvent17956
1⤵
PID:4404

C:\Users\Admin\Downloads\Software v1.24 loader\Software v1.24 loader.exe
"C:\Users\Admin\Downloads\Software v1.24 loader\Software v1.24 loader.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:3536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Downloads\Software v1.24 loader\jre\Welcome.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffbc56146f8,0x7ffbc5614708,0x7ffbc5614718
  2⤵
  PID:2348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2264,298745680199238496,607117887637712705,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2276 /prefetch:2
  2⤵
  PID:3752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2264,298745680199238496,607117887637712705,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2264,298745680199238496,607117887637712705,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
  2⤵
  PID:3432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,298745680199238496,607117887637712705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:1
  2⤵
  PID:1016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,298745680199238496,607117887637712705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1
  2⤵
  PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2264,298745680199238496,607117887637712705,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 /prefetch:8
  2⤵
  PID:1296
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:2264
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x264,0x268,0x26c,0x240,0x270,0x7ff7da1a5460,0x7ff7da1a5470,0x7ff7da1a5480
    3⤵
    PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2264,298745680199238496,607117887637712705,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5376

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2592

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2956

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
4d29b3e1a4fa0618f69cd3006d3bb1d3

SHA1
c0534d9a95d881c649358362eaf5d057ef55fc13

SHA256
6b6ca54298c944ba507b4708b887eaca00be6b1f937ca0d959a94ba571173302

SHA512
28411bbae458d75ee9205f6db20c024357695fb7ef0c2233ea80ffac4f9d81c2fce01675aaded586d5f76f49417640f7b5bec7993140b97f202b11f64612ef4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
59c6625f9909b6bb7f50c0b113043c55

SHA1
506db5d6f237b808d86c2446f8157211bf388ac3

SHA256
d16ea42ecb89fa7ce6ba4766493d27b89957069c89259ed937a3abdc87bd2cbc

SHA512
a70332020fd892ac6d55f870aa2d13b460cb50f05d15da84e1ae0ea96d782406bc9acdc37e5ff3e63bfbb9b47c286fa884a7deb548df480971895b70b35962f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003f

Filesize
82KB

MD5
8669a0a995689454ad486ddbc830b898

SHA1
fc4c23e52131621cf1290d187e5307212256b8b4

SHA256
fc1ca97db4ae231ec6b3e47ac559f806e6299a5c6ffcf8aa57da92b37a559d85

SHA512
3f6b0b51f2f130e34af851ec6dacce227a6c8b5b82f92e9ef624acf323d421ee5d1f3f8ad298bdc1ef0f26e4515c541cc98680728ad19ce14cb85445b2b1c557

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000040

Filesize
90KB

MD5
48743a670fa866d07b162f046726b2ec

SHA1
5f180be674c56c4519f531f0796b5b958c20127c

SHA256
9d436fc2f3d4ec40a0e3ae981b315036ac944d2347995d37c27b059db59ce966

SHA512
cbeb13a3ab5e6cd811bc64a14304f389d56de091db12618d62fc223de96e686545393eda1fde83ffea24468ff77953054b25a4a7a87ae2d9f61283c3ec46f69f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000041

Filesize
121KB

MD5
71aaa0490529d239cb93eb0f4586f2de

SHA1
b2212d6ff40564d9bfe75ff69af31b540a795685

SHA256
2fc6efbd91e574ada5b332743cc2f1b8e0761d0478893ed26f8fc0a24dffb8f0

SHA512
fd304623a1c370e93f7f8dd4b6ab670249c8d1f2d8cddd577699b8e822ef9d3145a824740165750da1ea01b63a91e7c5f51d9fe878278b156aa10275f254d42a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000042

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000043

Filesize
1.6MB

MD5
6e74f1878c8a5ae0362fd337ea5634ff

SHA1
194aa2983ff2e8cc216a0d269d160cd590e1d34c

SHA256
88de1472634918c8d1cba9b5f70da9b79fbda71aef8dfa59f34ef493b91e9a08

SHA512
2485f1a9804e8cb63af2408df7223e07cd24ffcebda18b06f0e2d466679c9b381cea552a58fb28a8c917a550f62c331bdb38f1dd595a3dd5afa90dbdbc9dabf0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000044

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000045

Filesize
28KB

MD5
6708f54a8e187376b00dc15c26dd5e52

SHA1
21f4dacbfaef26585e9fb2f7679ba064ca6ee671

SHA256
f97cb599e0ff9332f94ab91bb086f2479208d07cdd6943b1e9a6f1db597ab53e

SHA512
4dea210fbbea29eaa2260722b22c8f6ef00c9c34415df2e9aa483a46bb24cfa934e09779dc83af97ca41c5917d74379b4d94942e8ee7f73fb45028df2290f69a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000046

Filesize
78KB

MD5
35a46116980c974751122a331d47fd84

SHA1
cd6e9014e38596c681641a27706124b5b69f86fc

SHA256
ccab92b9bfa43457f743cd83e454bcc63a768deb352fbad2d06d718eb2815a66

SHA512
aa4f484d3ca65525d5613243797d7e025e552dbd4e68bd9887d88d32fc6928c13dd7a47e8f97c77436924478d451445fa121d1bc1958a0ba94a2a05159345048

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000047

Filesize
123KB

MD5
9646033383fa1b69b4650d42a31569cd

SHA1
841e0bdfdd459bb9d008524e2d4c67fd1d4f9a1a

SHA256
7a311d42c3c8868446879430a98cabf6973d034668ce344ea4025300093072ad

SHA512
2fbe829789ad04ce76e77b5362ce8a0855629e3426548b1b72f649c838a14c20b88b2c360d84b9afdd85405f437f8f391b803cc5cf979d88cb256cd3f8b55b8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000048

Filesize
41KB

MD5
ca9e4686e278b752e1dec522d6830b1f

SHA1
1129a37b84ee4708492f51323c90804bb0dfed64

SHA256
b36086821f07e11041fc44b05d2cafe3fb756633e72b07da453c28bd4735ed26

SHA512
600e5d6e1df68423976b1dcfa99e56cb8b8f5cd008d52482fefb086546256a9822025d75f5b286996b19ee1c7cd254f476abf4de0cf8c6205d9f7d5e49b80671

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004c

Filesize
36KB

MD5
5bc2d587fff8dd5375f23085abc58d2c

SHA1
01aeb26f2ae1bf6dd7f900deae1b7bccc26e8ff5

SHA256
7e1409fe9ba3597bcd67d1aae704cb59fb09bee820770e965cefb575c60fcedf

SHA512
9760633ccd0576df82515f7ea9403eb1f395a95a0f6890cc0874f3f759240071e29c446b98e008aa9b5d76ee9e66b3d51902bb0a8bdb09e44ef2c5dcfaa18dca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004d

Filesize
27KB

MD5
6b5c5bc3ac6e12eaa80c654e675f72df

SHA1
9e7124ce24650bc44dc734b5dc4356a245763845

SHA256
d1d3f1ebec67cc7dc38ae8a3d46a48f76f39755bf7d78eb1d5f20e0608c40b81

SHA512
66bd618ca40261040b17d36e6ad6611d8180984fd7120ccda0dfe26d18b786dbf018a93576ebafe00d3ce86d1476589c7af314d1d608b843e502cb481a561348

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\337737afb10d25cc_0

Filesize
283B

MD5
5b70a199d64c946e3a5d50aafb50db9a

SHA1
9c68cd4c6b166089ba6f1778071034cbdcb9dfa5

SHA256
ac00a562a1f6cdc524de20d790d40cffce5d738c3572a15660ea77769f2f2392

SHA512
5d55d9d043f03f6845fe345dc3f6a7c76f0b1b77b637937950aebdc916585f68b7a9b5598b9bced2bb8862aadaae60ab60c015f181da97276b5ea239f58c5b5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\dd86720b460b5fb7_0

Filesize
19KB

MD5
5e2d3706b9b2b5aa23c8d1d465ed992f

SHA1
997ff97a0842e80fcb14e6301c67e7941848e4b5

SHA256
0179c6ee1fc900be3a5176c67dbd271b555979dde4d6cac21d7af50fde3bb55c

SHA512
1e37b5a2794544f4059459a717045909d3aeec1563e011710eee1554047311c3db7688989c0db1cb83cbf2f0ecf1a1e731353c0aad83f1bf6dafb28e4cdc3319

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
b914193af692e3790afa7c65e30bf376

SHA1
a88e90d06f32b4d817f61660d4d424f87a978dab

SHA256
a2f31762e175f1595bba991da6c5297b1e52dfa2860be11cc6571446b1d215b0

SHA512
afb10c4678c416fbd9bc3f4697ad77d92f7671f87ca6dfb4fc87a5fbbb8f02afbd499e2e2da0856616951903fb032f5dbf7ce74905bd002f5a0543e9aa345dfd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
51dc12de17373ea30dcbf30e7c85efce

SHA1
4aab58e7a4672c409bfebe7e870fc307c4c73dcd

SHA256
2bbdc67f0036fe396fa28edcab99c59ec6c4a1b2e8ea7b4d203904ac224562e9

SHA512
42e837f519be798457b19c7106d41a2586507015409026033ef5ba39ed24715085da1449891d4bef4f27fe60ce7e081e72db3fe4c8909a605c9f47458d490f67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
d20e020bb272820286009a9c0cedf256

SHA1
0609ed72ee86d521413a970c0726c4d883a19930

SHA256
4fe1ac9c93e1679275e63434ab586e1d1d5fbf90a9ddf86d1682311e81854bc4

SHA512
538b1e1fdeaeeeb36fd066083154195ebc01728aa0251bd99400b019ad15ad64e25ea361785692303f337d8f46015c4445c1b909962136d4b9f325a7269093cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
77dd395035d58fd739427c07d11e4b52

SHA1
962a4ccc3d1977f23c528e0fa1fcddd3c311561e

SHA256
09f28282adc94910526301c6a2ce4a3fc441dfa4bfd92c806d4f490c009e4517

SHA512
2bb4019501e017eb81e17fcf8ace2be0cc53a6530474a2f4a404c71a3b4f402c51739e4e0e75df48ad8864fcc13c71202af01a9df856198a57b91622bf1a9e9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
77b37cad8acb2c7178d57ca7304ed774

SHA1
cd26526da667ef94b47eb2750d072eff934e1960

SHA256
3d35572fc2a8f764932ced09063a77819c3b48d21fd227882c0e66b73ca2f1fe

SHA512
3966170898213f51beda596c38d396f936b8991d8b48b194d7ba37686f39a2d03f86bf8ff71c63c05a8531aca3c2f046b791c2fb10b9776db48e1a361cc6b342

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.virustotal.com_0.indexeddb.leveldb\000003.log

Filesize
26KB

MD5
d90534250e61d0747366f57b2f6ea8f2

SHA1
1e5f99058600ecae7a21327cb93541d08b358a20

SHA256
778bb610852be91ee11d664214f4bf61face5f4f8ba53b9e7a1c0732cf3001cf

SHA512
a87fdc74301243a25df0e6c92dceedaa279e874612e3bd561f75415ea6b53bb2558cff4ae69446cd11bc90d320c30104d1f97957c45ce5f5d3cfabcf25020211

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.virustotal.com_0.indexeddb.leveldb\LOG

Filesize
355B

MD5
91076ee1d7262ed2a2388802015d2f0b

SHA1
27f66f91ef8ca97554c6165dfb162aeebc6d0b15

SHA256
14a3b6ef4f074d9c11141027e671370308ec305eb71050abee66a545fd698376

SHA512
4888424253fca09ad17c004ae198e6f0130efa3be1d651a9f91d4fed078b8c4950058a628cfeebf43e5410ede7da40c82e59925afa12a9c63e23c309ec2dae69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.virustotal.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
15KB

MD5
23aaf2d6c23ed66f2f301c54f78d52aa

SHA1
e0d540516a31f31870040d2ab2cc0eb96745188b

SHA256
1be70469bb27e50060821f5b4507d2dcee25d7ac44927243ae7d42bca502752c

SHA512
4767be24c0b8ae03970c5c84ba82edff210acd2b2b22b45b71d52d256051537d99eba9b626914be5c7ea9327b350ed79c6429050cc1b69afa62f247ce036460c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
14KB

MD5
0d20e5cfd7a2eb6a30465221b86712f4

SHA1
b820b4b1158865f61ade4f0aae42a7dd496910e2

SHA256
6ee764251d935492230db2b6a81f08f6f70f5fca0ca1b36d47d18634da066296

SHA512
3b686ef2a5295bfb582d3158ef9ffc9f87f5e390e037c26640935fa4c1481629bf892c68d10566985f458bcdd805f1d956cb5fa1d3bdb30442279b254a5491b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
19KB

MD5
fcfdaedc60fdf183d632c30cc4494bef

SHA1
9ca1d5e50ba9df5ebf8e46483a67a9a1ad051040

SHA256
aa4eaf884f1c3103eaf36335affa463fda09adefcd8c6cda28608c1cbec9e9b4

SHA512
7a6696c3cb4cdc9c0a8078e480bc9a1befc8d046eb3d878a7de50b60da9eff0f97c1d01f88231345c239d479dcd390ad723de74d5d051f58fbbb6ce325c2f331

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
20KB

MD5
d90ea7216a5b83407cded4da83b910fc

SHA1
4ee544da329d4a14f51f475cf9e15961554fb523

SHA256
47c0dc34810d42fc6a3557185833e022c33c239c48e1399c090512222fcfd1d4

SHA512
be711675caaa4eabb55968a447124543bc9458692cc9365d7d00ca6bcc08cb504962797112054543236ab5af85a38d982a5893cfef31fb6c9a3644893a42ed55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
a2d91b2dd6252ff38a1da9f769e673b1

SHA1
6e441e4969e31bb9f2bb8c8162f8f68e9dd95aa7

SHA256
7f53a0887097b4730493dbf4d4f23d476a72a4d840716a14b4ff6f4bf5f35349

SHA512
e170b6e75526df2a7e42e8a1ef470d28f396e92dac02e57a7747df9fe772c39f5eec84d6cbf12d131288c87e1584075bca24c0c2f01dc254fd37536ba975fbff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
82347fb6a8ca73fcec1efc7efcb2d745

SHA1
ad7c953e33e00a4361d704e3440b0161fab35706

SHA256
1b7435db245a24b0830bf5b2ae8d94cbe544882b811c591edf4ab3684dd59a54

SHA512
868e1f9398d34b969a47cf16e068116467f4d50ef30a94c82739789271b835a4883cb52bca8bde5c6a7e148969439ce53f2b2767c3d6de48e3028a0b1792bcca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
305ea52ec0cd83f396a1c5110e9ae4b5

SHA1
74b9c2237386f27d81a6f275c2e9f702c9a69a29

SHA256
58f102abe0d3f1adcc29820a1f94b0acdb5c92e0c5b65b11c5063d0a4524e422

SHA512
0751e0e90aefc94161f96403f6a02aa8f35fa8fdf9fa5c0253feec6aabb68d25e0fd558cc3a5e4815ae2db9d39423fcb1261c78add7c94e7bc75c3676afdc751

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ee841ba510964b243f0d3c3bb168dc05

SHA1
28aa58b4e71cd3d1f0391087071fa757a056a02b

SHA256
6df7d5e8257a81d7dd9ebe64684dc2d0d50e3d973df572513bcdde291a4db04c

SHA512
13733ddccbb413375ab2ef49afa8d2ee56c7b9e46fd825fc68ff540a52f274a0dcb84d7969b873d749cd3fda35cbf1e051b00a1c81f190dc063e8711f91f3db1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9cd50a57afe58c2d56e12ef3ad620af1

SHA1
17e73842ac3f3ad32e9f0bb9c48ec8d42f02e1dd

SHA256
aa77838cc795e25a42bbe62cef4c6e2fedb865f829f256060f18a05ef3ccc832

SHA512
5873ac7a6f3ea400afe0c072055a401fc90dd81ecc790f247b2cb8200991e4c72fdf61ef1abac72e9d8663519345da5fdce31f1fbaeab99156543fe780c30caf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
2b085210c1714d378665a2566a412051

SHA1
46c15260eafa6b92df7b6007327e82e7ad145a69

SHA256
8f7dff976fae0349a96c2acb6850ed1bd7a174112c844e75f77d25d2ca66840f

SHA512
9ba73eafcced1462dba30483a1f55917068862ecb61fd1429602ec4137da41378750e18b28a19d55bab61610662599b2e844fe9f1794e91c0e69739794d48571

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
72ec382be66fe5e0065911a1d3c4d525

SHA1
7b5cb7cd6dbb62a4bd985fae35689fe9bc2995ff

SHA256
fb9206a3d60635fb713a9896d8371a16da9b616303f849081ccdb8507e16708d

SHA512
4e0c55874fa653968a1c187a3cb2ec8b77c85ec3d92faf58bf602acf81ad11286faf674b853d488afe5ec58f205d749b7d9ae9edc74feb48c867bb17e67cbbd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
bbb17a143322e0c87d8e6120c866192c

SHA1
30666850108a10ae952609e2d57c9a3e3e445b49

SHA256
1f4dbe61ad53c11298ed12f5583f21ef34bd926c4722cbacaea4ca93f42b0ca9

SHA512
57328b5927d6326f7487a5cdde8d27e67b441587a68f2f0916f0e566e5e3ea599cbdeff1bc01f129eb8feeaa3740b9e745dde787183991f4cf4aff15bed6c8a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
3aede651aa65b0c9d8889d182f1ff780

SHA1
0415260762fce5dcd997cd7916f963c2ef65fe15

SHA256
ba9c1905277162dca56fc6e3ae4b687b6cf880805d2c04e3d71b58d70837dff4

SHA512
694437004f0b223fa884e0a5699b89a9079cc14f8f48a24a9d3d5599cb471b8d92fd7744c7aeb0b79bf76fc4a6c4e22e86c17eb5d4c8b9e0b47d71376b52ce7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
9cf0147481581782497facab7294f695

SHA1
9f38158bc37a64e7d9b11c38f5182172ad931f5a

SHA256
8e42ffb849ab7983fc0375008ca651df8c0841cdf6ef4d52f6268f81aafba4fb

SHA512
57a08c1e83643810acdd20d0239f6f5e3db0b8441a2787da5afc09b43b1ab79a0964bfde6d15063f61025babba7644ce2049d62e4e4b0dd79118bf2b6b33ca71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
d4a8bb9b9f804bd2be26492558bd91e8

SHA1
33e6174165949ae735d056153c7c6e279e949a1e

SHA256
95231645fe877d93d6ff6612ecb16d643e29e5b132a3beff2cf049e76cb2d9c0

SHA512
828add8497ef13b1179594619d7386ceb2b1fdf5e0f86a9d94de8df485cf9294e67e539e75be6865d7b507a0e216c57a41710c44acf5d55f05b327d70b913944

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
8fff0523f696cfb1fb8422ae6a7f220d

SHA1
a9b9146ace085748ccf788c68f2e75b73850adaa

SHA256
9f33900938419b497b8d5113ed14b8aae4f3fd38d61c748ea7a224971a0de1cf

SHA512
fd375e6bc8ffd223093b3bdd509649e597a925bf05978f3780ec02aef5c827457e786dbe06b0071622848ef3a653629be04eef0bcdd86024d2e25df102145e5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
a91490b5068c184c3288bb53a0d783fa

SHA1
25151273a512c214156902d9042d2faf6f72d723

SHA256
cc4f3b09d74b4d4f6a6dd8652fe7741daf5054a5e9e1c876fb9b46b495b4c36c

SHA512
562e20fe8c1a5290fd2bdafc8ebc81686d29ae0ef3ec0dd04b9512eefdd793c87035c1fd0d648d47f2b26e9c6b9363c89d0043d011d4ff685016c59c38a2d050

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
8ebc02b907e348b32909e9776d8bc29d

SHA1
af8789da4b83cd0e9ec16d417810a3efadd145c0

SHA256
91e17878b5adc7360826b4800cd4b746b1a609be96781459ee7c7fc8465abe55

SHA512
e5b9d050710e435f68cc6bf05c424cda52508901b2c20a2d33b40853814e005204ac27090531ee4990f8087453a580c43bfd2a14a66070c6a971d5cc6d941a14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
2976170983105b04d31069f6dcbd67a7

SHA1
eca0888a1968a1c132266f9bebb1afd9cb761e1b

SHA256
f25a7579d122949201e51354ffe7d56ef5fbb215b526398e8a435ec40b765866

SHA512
c45460b71888955b84008115cef465698846e1ec58ea05aae898bec6814578a1cf66883d782a3a6b86db288409c65a39170a9ac3aab41eaa815646518b9c861d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
afd1494fe2f56eb1dbacb5a8d4260450

SHA1
0b017874d384c408fdc0c6cb72e7376849532c2a

SHA256
ddea223db36bf39d178ef5c1b52ced0fd6930879f9b5d781a1f5599908c87a93

SHA512
0af3963fe2e01ee28ffaf7831691a4395dc56e04d6d8845f4da7b37f8adebb6e6cda1714acb7c353f0a60ad1735337e89f375fd9712bb45b63317bd34518787c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
816a953a8c8795ba591529744c73d8c6

SHA1
874e240c2a9b8940a61349317c400c967be6c2bd

SHA256
51aa4b029cece8532881ed24df300453b94a88dfa53cfe219e46c36d88802334

SHA512
b98527afba5a79d0c701f054afeab5d59e1e92d21a49bbc0cbd5c1e65ec7336480e83cd3ce472d3fea2be1cd21c3fe1711c97fac61cedc41506d546c77f405ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
5c16aa0afc4691d674da1ac3397266db

SHA1
7549ceb31581c52b2f7a9656facb5f8ecc716569

SHA256
78bc2f3040a42911c3ed9988c5b7350a21c489f5719c53d8fcfc053335de735a

SHA512
e7ac47f29764069d2757b6d0fd6bd3cccec734046ba2ba73774f4c2cd9664d9d0bfddf4e9f00eb978bdce642309c74c51abf20b79918aff2ff23d53440770fc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
06c2091d5ae682651fcf76134fde67ba

SHA1
0035a5e7e6790ce0d6d9182411328a59694f0c06

SHA256
c8d370f92e062134350d2746108d43f5feb8b8b70044bc30b8c57d031d81cf75

SHA512
f44c9209af7b912247b8f3c83e063591d310990655b220db44cacf4954dab4c864c4cb63d6d606e141747ee5cbc874eadd0528af9a00be691dedee0b2c768d22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
f6048a4ef3f61312b7040ae44b648127

SHA1
34471ef8ba1c14df2d36f6c316b00badc5742b82

SHA256
0c84bef06d8b949401b0346575c8a4cab72fc3a6060cdf3a0134579b041d2fb2

SHA512
c792536484ecfe4476dfdc15c9c1762dce8e342993fad80f8ed9924a28c75df9b13ed8d54467b1b4fe1edcd6b95628a818797f11ff7717c0eca136608fadd983

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4bbaa593998765485d7f390155cceb25

SHA1
75610a81a4e70d62e02dc96e9777330d5591f0fc

SHA256
f05e2ea0e9e9d12f4b0934b93bb976409baf66f3ce49d8e27b8fe0e7b7c7c189

SHA512
3d71c7862422ee25168e6dc7ac8b8f7432c0e361174ff9d7e431aa0b6ec4a430891b3b92e96d5de5bad0e42edc615422fdb37a0b06b36a1a5dc606aa348fa298

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
7b1c752b83448c2b14648785ec3acb12

SHA1
4e297da8ef0d2c2f58ebd3766039895745f844a2

SHA256
e551ebe28accabcd4a661d76c4163c1132e0af839a244a33788675a73e6b7648

SHA512
526a42a071b042257907830f8ece42fd367cabd016396b2e8605d52a2935fae3fb8b4f302873719de8fcff0e83f35f70289ac3516425fd80fd39f03f19aa439a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
9a53f3f05407e48863bcb5e93c08960f

SHA1
e6d90cfae949afb42ac377b387a8beabbd23784c

SHA256
85cfffd56c0d54447f9fc40dee277498ed4eba27badfac87d82721adfd4f14b6

SHA512
9164edc5ce0d463e3598a5489dba05f360fefb0365580e51e143e456ffd8cd03b1b4ee1c5559a41f5537bfbd7777ddab54bb6ca68f1e90051127369c79d9a7f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
9ca54ddce5fca2c609dd9674c0eed420

SHA1
067923e4580b5e50886729c94ef5cdce1bd157bf

SHA256
0569e87b71c4142c0ba0114f099aa0d2388575c4eb3c076cbbda975365dfcb73

SHA512
dbcec6eefa1291b9d6faf46da68aab0c982d4f9e55efe6435571acd352d366376cd7404cdae92cb0b17fa6cabd6e086669f464e296bb3fd0291d03894d6baf62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
4334d402636235bb19efe45f08ee194a

SHA1
ae1ad37fe9caf7a3de247236125475903e8b4444

SHA256
50f655865fb7ae84d4a7922bb65c45bdb5de27a1c912e234ec43c90857fd8fb7

SHA512
0ff30b1022633dce3a040819742e8c8765e2e1db204a8ce0fdf4a02c05bc16f236f1a802742bcba9baabc364c083ec0d692d165dc03f3725dc105e38219a95c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
8278a634a4079021c479b42ce154b662

SHA1
bb86dddc3c35810495d28c09f34f5bb3a81e35a4

SHA256
06c7d2ec94b954672f9f62662c020b13a5abcd25089fc1deb7bc767bef324ec2

SHA512
16a9118963e4d1120ccdd3a7197f6c130983f606e32eabc849ac11332b36ec91d849b079493f936f7f791fa42fe1076882636b4c41b4440cff2ab395e3bc166d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
1cfb8055d5ba0a86ee07184fde8c74d5

SHA1
557d6e5200ed30eab3ba259d7c7af7f5963e5ec6

SHA256
32d0b301775e0ef7c0129de88ee3e91ac80b0587c4225d8ab4d1076a99b46ee8

SHA512
2e68e59f0935ec714cdbfcaef04a581950dd9f3ab81a1e5680aa5f949db42118ee4e7905bdf85ce0b2f4ac4b3330a535eb5ec10554af1fdfecbe115fb403c17c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
c4c3a07b6a8e2f8f0bee93d4afd812bf

SHA1
355fad61a8e0861a6def5351840cec1be5fcbeb9

SHA256
401079516524faf9f053eeb5e5ff8d623aec4e13dc592f62d81d1f9d61e9de4f

SHA512
20bb24a720a5d018a4e3f5407c455a7addbaa08904bb3a68dcaf3dcd8b42cce29ad2ecd8ada0b2a916bcfa7a40aa8b8e27b090545dd6eeccea5f343754f639d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
cbaf8dfa8c4dc692c14cf04172d4bb60

SHA1
9fbbf0618d2e88244e04e062ae71d25255d60157

SHA256
f230529cd73dffb44ce69f4cf212929c26e07f906aae049af5062007dc72719a

SHA512
1c6f774cb521ba576f756c9558e1d11636bce3a91790b9466e55aaedf8a3bf298450988cd57bc6b619d85438723e7460b621652248e9c9bc2f7152fbbe6ff4bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
3bbf111495121e928059abf8cf4cba68

SHA1
d86b25417b6bcb69066016c88405f7a137aef024

SHA256
7d7a2c042ff4970a6e4d40052091d6021a1497ea62df765bc835b72e381361fe

SHA512
1a3c89a1c73328795153242bc83d66ae8bcb04e8f9813c7223c356fe730707829fbb689086fd75bb2cbad3f6e76736cd1ac5ff872fcc9d2e85843c82460d461c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
46e93240796940e545136a9c5ce3c7a4

SHA1
45536b0fb20c1b5fc3a72498041ebb624d3d9a97

SHA256
2e22723f91f935b0a3396e61a9d6eaf0a21660062ba7b7fb8142a0970f60b8a0

SHA512
f90dd0fd11caead94b74f75bf6aa7b4257df4ceaaa536dc6b06995c76da9a7b4ea8c4b82bf9dd83c76db5d5cfd811a9e1a167243f5c656a9706e9011398e915b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
358dea35fa75510616a3658a36b4aa7a

SHA1
f4c12d5dcf746df9ec8a0c446be4a0f507023676

SHA256
29c053c19c8feb117ca2f30a6dd4dd6d49c985eaf19bf630fdcbd3b81251c293

SHA512
9e9b6785264f78b6fb16600701001b230ac76f6d0dc729707afbfb6dffe3baeec73b0070d4ca20e2171b647b2bb1ce783a45e3492f656611ea22d32adabd7496

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
a021d20892e10cf3f7cf68d567f72a11

SHA1
23b7fcb6ddf772f5098a17cbef4d21ce195c5322

SHA256
6a39db29f86ff097013ec2dde1a030b3c49b69dfeaf2fcebe2565537ce7cc48d

SHA512
9292a21dbdf3a03276440bc055cbd6614d9a4acc550a9f610e0f75a3ac0bbfa13b8b608d22e907fe52f539c719737aa992994bdc9053c763b36981a8f8238a9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
271a96c683805a55304231358e9f249d

SHA1
78f2a3a826eab63a868ab3da778e471677d789b0

SHA256
2902d0acb7588557ae84212bd5a3a5e5c157b3861abb1d16bf69895b218b5179

SHA512
eb6bba7ebc08f2cb34fbb346d997d1d1e51aa710b0283185a856c3e7d14d0594cee88286fc09ec5a59f5d39461afcd42bf905daa46e8669ecb1940cfede3df87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\9385b903-cc62-4840-9b89-2698b4d72776\cfb9174c38530273_0

Filesize
36KB

MD5
45b2a01494711dc4be95eac33568ebed

SHA1
b5f971ca805ccca1393a77d7cdcda3894d5ab5f9

SHA256
116f958ff2e3da9b783fe474e589eed77edebc766c127c5f9fe771836aa71988

SHA512
acabfa4390c7df95cc5a66a44820b0bbe9b82312ce67dd0d137a6184984aedb4a0d7175c9577ad1d998588d650a12c2114e6f5e356239b06581078f298c0f581

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\9385b903-cc62-4840-9b89-2698b4d72776\cfb9174c38530273_0

Filesize
67KB

MD5
59556fe1e7be40ea21fe94c1af116401

SHA1
8ba56b018caa46760fa6a96030d8c7e87f3d9c6d

SHA256
d9e396b03bb26457426a1669b9b7b8b85b4e05a1a42a021d0c2dcb2511c17ad7

SHA512
a14a92a26b568fb10b14119d948ac105c45ab165e0306a2d52881f835b4c4e92e4f05d18c9334394a5be386722ec846e4469385de1f80f68e1c609efc30cd0a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\9385b903-cc62-4840-9b89-2698b4d72776\index-dir\the-real-index

Filesize
72B

MD5
bd41f77879ecfb1c80e8c515c450d703

SHA1
353f4d7e582b7bcfb816789e24813d58c5eed32b

SHA256
c0ce57fcc2d1c992c8a62db4ded4c2836e6b91c43b9b36a3d207ab35f7c45d38

SHA512
843735f391c077ff4ce1ad564bfbfed8ca68dd817b2a86ef9f371776e9a3f2d930b14e5a4e95ffcfdec566bb2bd6f271e9d5e463d8ef2200bc5db14793cb4e3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\9385b903-cc62-4840-9b89-2698b4d72776\index-dir\the-real-index

Filesize
456B

MD5
d2e47acbf5374bbfbd5efe57e4d3ee42

SHA1
c7704bf84bd8e3836be435d0839c4006e7c4f10f

SHA256
1d19435583d9542b82727e494f4ab53aa4d8856d992898fbe9334b54937ebe7f

SHA512
89d09dc133187e6881f56c006e1a42d2c6fe0959fc6ca884e98f96a68b0d8bd9e1c34b5db24278d40d8a35e8f8f7ff7e840bb9fcee844504c2588bc2f063db38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\9385b903-cc62-4840-9b89-2698b4d72776\index-dir\the-real-index

Filesize
456B

MD5
d29d3e791b24a73393928d91681f89af

SHA1
2572aafe89a1dc7d56532cfdcc0a4f95579c01d1

SHA256
df23e83835aceca054f3821ead06059148332be39d2e464d4a9fa7594aa6769c

SHA512
3c771feb31478449701d56a2622a3bd4de7eaf3de98aa3483221ba916a60ce552393c415c123b327406642781297c917d5e5aee028aba5cb9fd2de3d02e28bcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\9385b903-cc62-4840-9b89-2698b4d72776\index-dir\the-real-index~RFe5a6c29.TMP

Filesize
48B

MD5
79e1000e7adaa49c8dcfbff5b6d1ac45

SHA1
770c13e1dd24c1814dbcda6d311d78c8fa0f9c2c

SHA256
8b8a31fed97d8bc19dd3036ceee0ad9fb321ae1fd9bc1533531880c000318b67

SHA512
5d84a7083274a3cecba968f45fef868db518d10556d960f0be7e9b18bd6447c84cf0f42c42af0c9b4bbdedbb59415db8c10b18929440c4fbf4a66b103c4b8576

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\index.txt

Filesize
122B

MD5
cd25b00730bf5b4d837b4e5abc7a27e2

SHA1
26b46b297378f0eb1564ea47172c1fde03d95039

SHA256
c72a9f2a9f79a90a7854901381398fc9a0debdb9c40c35f8eff966b53b127884

SHA512
16d9d3919909c9bf0adc9700dd7ba84c85b777b315ee8a3234e2dc9f50421ffaf6ded675fcb52aa5d3e1720ce39f0107ded2605ef3f65ece3c5e30377fe406cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\index.txt

Filesize
123B

MD5
192e8e253e49fd89a0db38077fc3b282

SHA1
3f82d6995f45b59f6d3b8ba31407ed0805762806

SHA256
44fea81e3b7706e4133b8252591d9e186fdb59bbd63b3dd8bab1012752638d01

SHA512
e0799eeea22b07ba7aefa86a720f70010a2d1c613e967ba6edb1871e9058ea91237bb6fb9c93143c542468b8d6c624c34b035ab2a81cc834d7085801a4598c97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\index.txt

Filesize
123B

MD5
974e01cdf2b29cc3acf05e59e46c959a

SHA1
e08d715583a4f45bde0ea079539581f858964f59

SHA256
99521a9f4ca5bb5665078d3f2500df4a4ea9a59676f383b241328162f7486578

SHA512
3cac7e704874236c48672bc48910fdec0f9c250b33ee4e708bf070923676065bd3f6cc3e2cc1ed3f93bbf690021dcbf967422e9fd475a4ae590f74997ac9301c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\198b1dbef7ece2ad03770a72810f2b485859f245\index.txt~RFe5a6c67.TMP

Filesize
128B

MD5
87a21f1786328b478ae4f0a299bf93ec

SHA1
d89343e1173eb200a591ed399047428055c2519d

SHA256
9307a29743c7b3f59d3fe13006ddd3940e159825d938cfe1e1644da5f214de3a

SHA512
13598c48574f578e6e7b66063828b00a9855a599c297328dbd35a5a0f1f735ded7f2ec786da790913fa9f503ee841f00a912230db8cf3ae4717ebd47c4a9cd15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\02f11dc2-173a-4cc1-a5e6-eaa7ecf94d10\index-dir\the-real-index

Filesize
2KB

MD5
5942666e501ba07d10ad3f5692b6d2f9

SHA1
eb0f02ea6ada23556dc65a282796ae2511e62f8a

SHA256
5cd85264dff69a92a4da1e3c9839541aebbe103b39ac9bcdd9cbe03db8682871

SHA512
8451b53c4510b8ed6b8d00c85bac73cade5c8e58501627844739d824650aefbae8dddfac21b81d2506501ebd6315c739e8f5a5b634730895c94b49b31995f53b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\02f11dc2-173a-4cc1-a5e6-eaa7ecf94d10\index-dir\the-real-index~RFe581edd.TMP

Filesize
48B

MD5
0ff4321729facee14c554518deb77039

SHA1
8c53b0a6c6fb7b589fc148e6c782aecb6266d2c8

SHA256
648c297204b71729967bb36f8853334d529449708261418ae9a2eecb1e47a285

SHA512
26faa828fda2692e2ea1779ad88519ff471fc7e626f99586a1310be44c1a3996f251c938bca79ae733b8229872e6f36f84b6d045417583b47669237d3f197aef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
183B

MD5
58e93f2935040681e62987b2a52aedf5

SHA1
e3d7afa647d817a91532bcbb0775246ac09be955

SHA256
4f7049b26d24370b3a14de9fb06792fdad38ef5eb1b3477eafcae7649d93669f

SHA512
6224fc1241e17c9f81ccb9096216d32b63ef2b316e42249c4a5058fdef165aa78fe33916eba16525f0a6935c5645b42177fd969664fe47b4bd3bc99bf6ee724a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
0e8d8a3e27f4b578b06ca64ee0c4091e

SHA1
2ac17fa594ecc5d7e9387ab044cc54a006ef9a3e

SHA256
e6c03c947f153599e2387c58d2822ad33ee5ca204478e9957f38b864b77d3341

SHA512
78d10ea6a556f578669227b21c941947553f75dcf42d023f8f55708b71e24c573d1c78ee78d9a5bc5abe453439687333efc768d30b3cc680e8ee820734aa10d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
d9cecc55f6801d6ee81778bde134d550

SHA1
fffd31055c46fb682e34addc4fb0d34b5f261944

SHA256
71152eab6bc0efdd540d6943e91615313cc28f581f7ab754d648592c3892a5ce

SHA512
af36fdfdb04cad275dba50e89836fa8a3fbb16812c2e6469b9ed03c392fb752a444404c8f5d1e9a28659548ca545f00f3b7f3e2284e24ceff88eede166997262

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5766f7.TMP

Filesize
119B

MD5
1d26a71ab403604d8b1ac2007177e55f

SHA1
7027343f80f619d85273682df031fb073114048d

SHA256
f79418219b4a9d3cbe456bada021547bd4c3ff734e839337a1f0d17925ea9fb2

SHA512
8a40044591bcec6e572635d646a38c2260ff1aef0080fc045a79ad3940d4c29d772135a89179f2aba55e1f00e4f3be00c9717d8e558d27553b6e09f84b7c6690

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
15a250d6b28a6cba0393659ce966c8f1

SHA1
2e0c9c7c65c75de590c5d6dcbe6cb97ac30e5364

SHA256
5bb9498baa667b461f5fe69f7fb59bb3543bf18e1dd92ed7b313bda284b65af2

SHA512
3f89a9f70abed05671995de674b3e6072c87c0dff4acb21716a47c3a51862d420f4fb0df9ba55ede7977b66a9c9f404d5b9a52201aab80dad744d9e16b391d42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
618c39620c5915568dedc9aa17be70cc

SHA1
a2618fd0c25a23d5493f5a1e8366af53ac57c620

SHA256
57742303344372155dcb9570e6f0c079db76016ec96dbdf62305e8aaa4ef6660

SHA512
6016ac396395aa6194b126815ebf8d81314ab83e60a14f0aa346775bef4ed8095668ecaafe7f2df594a3c70d316aeae44369f8e7fa1616a224203a4a8cb8a3d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
a659695e0cb40999eacc776208572040

SHA1
6d1b8040de30ec4a4adfa452b9200f31d106f286

SHA256
c86b701958c392180b8154a34835a1302875e625aedc87d0b6c3430af2ab0951

SHA512
63c958b77b5337c61c981e923809d59049e57175eff101164b3587a819a42a19e04be97aced515ca39a5e946c34a9db47f48d998aad043109e30e6d46c5a2959

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
7bc5f7c576e3f2eae1cf145c69a11736

SHA1
5ff530d5c8da1552c5b5301e83f387bfb55d10e9

SHA256
c80b6e8181392724cf8d6e7ee13c728b3b5a1afaea0e2a270f48d0398604fce4

SHA512
818457e5b21deb07ba751e4822ef972c5446c0f726e0cea6d3e255bec97770ae47f9c9b29b039f4c736507a17dacf0a845ec020194a46eab85f7748f5b6f2abc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
2a03419e09b4265c018d5a41f032155a

SHA1
a67ff8cff0017b33d77ef0f8915d1ee1695510b9

SHA256
307da42470aa44048911fef3b7dc0e9f4fa69fdf6caee9a5766967be8308e6e0

SHA512
aa291781dffdce01da4ae87d6a57195812d3713cbde31e229cb1aa351a6afa4869d9a3e9a5acdd6fc98eeb001a9a2dc222ba948b27d7799e2a4a0da2d44f2811

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b712a4c83dfb3c522d032cf900e863a

SHA1
4f5bec4be6f4ebfa959e899ceafc62309bb1f141

SHA256
31da2a41a051db11559c47feb923d4baad32a384f530013a435fa884dad64493

SHA512
03b24d9307623b3a341230805f3ea662b0107c314650a51ae7e89d901cb3ad212d4219bab4d763d0aa8d50831aa0e6d4e3379573cc2f724873804578e8642898

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
24dada8956438ead89d9727022bac03a

SHA1
09b4fb1dba48ec8e47350131ae6113edd0fdecf0

SHA256
bf1e5c7828e4672982b16451b5a201e65e812e98a97b87c9f2f7c22677cb4ec1

SHA512
03f092a4b20a4d8cc111220b35fbf5470878b7723faeddee65b1d9cf327167053792c77864103b4530b9b9f819e32a5721b44189291dfdb5832769835ea5dd94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
9993e3f65a36dfeabc282532cadb1e90

SHA1
15c51b182817a56271c4d6ff5a9c555a97c21c0f

SHA256
7d9099dbda678e2abdd192787051e7bb6b817b1ce729b2a66cee0bf2e706c471

SHA512
b7ba01ac82a434a10232db13cc084b894647cf5c584a395a06398d20bfe843b60618a01807f52d9b2a09c8f042ee6c53803bc2f5d369535609f0b28eed143860

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1eab478ff5ed289713ba057ca452009f

SHA1
91dc4540261b7dce1ebe49477aa3bd710bdf02c1

SHA256
dbe30a0ac01f44bb115be3f30735b98e4573f4e720d82fdfbd656cffee3315a8

SHA512
d24be31bb47e3c0ea5e42d48e6adbfebda73fa7998f03bfaf9e3fc9f6391ec18b165cf5cc63201bba3c299efa01112cbce2f57cdd9412fc1175e8762d838179e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
778ee6083f905ffaca93f8bd18b585dc

SHA1
c1dfdcca43b59c0a539303a322da2d46f35d1f28

SHA256
5f01697aabc71d12e2c2535d1062e87b7b23ed86952a0c5d5ecdfd1b946c9c1b

SHA512
3c031dba60399a1487c1d9419fe01ef3691b4e01f9b2ec360ed365fd0238ab8d0ee0d6a59d09052f5d8e3d3dd2c323cb055a46019bd3cfa59370822157177b05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
85eca930a791cbcb1373f5fdaf17857b

SHA1
ffea7d54e9803374a484f1e4c124766e80024efc

SHA256
fbc990061790350f00dc28f2dda277aac81bb8385a6e92e90a20101436c3312c

SHA512
2ffe0de3f80ac60f2ffa55f334026979e6be328b7c69f4603aa3c5d1bfa6c3b3744d86ac2a34ecf904d0a41b36bc485392ece58f6cc89d7ffca293d02efe5bed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
45296c2ec3c27a5daed9939bc7dedf40

SHA1
eefaae77262d6868f231f5f9dedd48d8af1a1183

SHA256
68d076ecdf3f8aa93b3fd21c913821338e5da4effe6d9650d906e90521082b59

SHA512
4478d89c57201074a6643f6cb7ea43b81b165b9e5e2e50a9eca218bfb24cfa3e0d3a6303a326df73b48c8b34418174bed053628600039bf68ec54b47cdc3ad77

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
0d83d48dfe54502c5a410be48121ba1b

SHA1
cf1aa5dd4e48490e91c5ed84eeae498709fc544e

SHA256
d25acdfd4655f43d2e30f19f780e64c7bf887e3efdbf73476949bbfaf0304df5

SHA512
b7f1deec03b02574305dc0d4b279b9a2d20fb0cfdcd20dfe608a942292d46df11f80d46f2ccfdc13226a953d27a3d21d73ce6972003a6119be6509129b2662af

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
7e039a55f01aa55f13dde31019e831f3

SHA1
5ed5a65261501cb9db3468b63fa72b12d313f7ae

SHA256
d2515d1be018311ed415c0ed534e61f6138bd583af11d93621da20c6e7927f1a

SHA512
3f42af11badac5dc07fa807f98cecb240b52509c45110113d3d75f88813194931a17e08b8511a6b8be6b06a303a87393c28c4359ede2c9be7f76e6ae173aa7e7

Download Submit
C:\Users\Admin\Downloads\Software v1.24 loader.zip

Filesize
39.6MB

MD5
44728af64952896a9b481feb311693e4

SHA1
30cd4165ab0e9f7b18d19daa50a0cb3233552008

SHA256
46c09717a50a23265a99c3fa366d4f4a0667ed096c2667b566375398095ab21d

SHA512
931fb93e8dfc85df56c8426380fdfe37ee9b28b85b4f0104cbbc3277556c72d2307ae8f0776dc6fe9b25f92b6185a4dea441a6d9109e0939076779add1f55498

Download Submit
C:\Users\Admin\Downloads\Software v1.24 loader\Software v1.24 loader.exe

Filesize
1.7MB

MD5
a03d6f7901aa60448306421664407177

SHA1
5e1fc4bf67cd12e90e1a9827eeecb17cbdc6c7cc

SHA256
a24198dbfad91a8e73681538dd901c65100ac149be9eb43ff3abbd72f9d9476e

SHA512
80517f00eddc281aa525ece8b54b7686fcc3bcb2c4322b98ded6d919c426ca07cfa854db6c3e62ead515fc3a71fabfede0aeffe0517fe5c103b8ff2c8476d4d5

Download Submit
C:\Users\Admin\Downloads\Software v1.24 loader\jre\Welcome.html

Filesize
983B

MD5
3cb773cb396842a7a43ad4868a23abe5

SHA1
ace737f039535c817d867281190ca12f8b4d4b75

SHA256
f450aee7e8fe14512d5a4b445aa5973e202f9ed1e122a8843e4dc2d4421015f0

SHA512
6058103b7446b61613071c639581f51718c12a9e7b6abd3cf3047a3093c2e54b2d9674faf9443570a3bb141f839e03067301ff35422eb9097bd08020e0dd08a4

Download Submit
C:\Users\Admin\Downloads\Software v1.24 loader\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif

Filesize
153B

MD5
1e9d8f133a442da6b0c74d49bc84a341

SHA1
259edc45b4569427e8319895a444f4295d54348f

SHA256
1a1d3079d49583837662b84e11d8c0870698511d9110e710eb8e7eb20df7ae3b

SHA512
63d6f70c8cab9735f0f857f5bf99e319f6ae98238dc7829dd706b7d6855c70be206e32e3e55df884402483cf8bebad00d139283af5c0b85dc1c5bf8f253acd37

Download Submit
memory/3536-2105-0x0000000000C70000-0x0000000000E2D000-memory.dmp

Filesize
1.7MB

Download