quasar | 853cf003dd01ec972a222a28b1e8b260fb06fab20245e609cb7df103d110343f

Resubmissions

18/01/2025, 21:07

250118-zyrlxavjfz 10

18/01/2025, 20:55

250118-zqe8xatqb1 10

Analysis

max time kernel
1050s
max time network
1049s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
18/01/2025, 20:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

RC7old.exe
Size

3.1MB
MD5

5efb08d03470612d11124136accc84fa
SHA1

46abe602f6566ff6103f504ef8ae73f43eae19c1
SHA256

853cf003dd01ec972a222a28b1e8b260fb06fab20245e609cb7df103d110343f
SHA512

13a1fbeae357662e2e2a60e511a3bce2f63fef40a96ba49f25e745dd466ca3da24de5155f0f2233e8d15941f353a21df14247ab7b4ebf84ee419ca7d7b7ae74a
SSDEEP

49152:CvHI22SsaNYfdPBldt698dBcjHuYREEf/yk/65LoGdvYAFTHHB72eh2NT:Cvo22SsaNYfdPBldt6+dBcjHuYRkp

Score

10^/10

quasar rc7old discovery spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

RC7old

yellow-parts.gl.at.ply.gg:52085

Mutex

8356bffd-2b62-44f9-937c-4adee31d9ea3

Attributes

encryption_key
5471C1CD3CF5D10BA14E0A632D9E07BC5FEE0E2B
install_name
RC7old.exe
log_directory
Logs
reconnect_delay
3000
startup_key
System
subdirectory
System

Signatures

Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar
Quasar family
quasar

Quasar payload 2 IoCs

resource	yara_rule
behavioral2/memory/2212-1-0x00000000008C0000-0x0000000000BE4000-memory.dmp	family_quasar
behavioral2/files/0x0007000000023cb8-8.dat	family_quasar

Executes dropped EXE 1 IoCs

pid	Process
2912	RC7old.exe

Drops file in System32 directory 5 IoCs

description	ioc	Process
File created	C:\Windows\system32\System\RC7old.exe	RC7old.exe
File opened for modification	C:\Windows\system32\System\RC7old.exe	RC7old.exe
File opened for modification	C:\Windows\system32\System	RC7old.exe
File opened for modification	C:\Windows\system32\System\RC7old.exe	RC7old.exe
File opened for modification	C:\Windows\system32\System	RC7old.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133817079012542821"	chrome.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
876	schtasks.exe
2872	schtasks.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
856	msedge.exe
856	msedge.exe
3368	msedge.exe
3368	msedge.exe
4692	msedge.exe
4692	msedge.exe
1928	identity_helper.exe
1928	identity_helper.exe
5644	chrome.exe
5644	chrome.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe
5216	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
5644	chrome.exe
5644	chrome.exe
5644	chrome.exe
5644	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2212	RC7old.exe
Token: SeDebugPrivilege	2912	RC7old.exe
Token: SeShutdownPrivilege	5644	chrome.exe
Token: SeCreatePagefilePrivilege	5644	chrome.exe
Token: SeShutdownPrivilege	5644	chrome.exe
Token: SeCreatePagefilePrivilege	5644	chrome.exe
Token: SeShutdownPrivilege	5644	chrome.exe
Token: SeCreatePagefilePrivilege	5644	chrome.exe
Token: SeShutdownPrivilege	5644	chrome.exe
Token: SeCreatePagefilePrivilege	5644	chrome.exe
Token: SeShutdownPrivilege	5644	chrome.exe
Token: SeCreatePagefilePrivilege	5644	chrome.exe
Token: SeShutdownPrivilege	5644	chrome.exe
Token: SeCreatePagefilePrivilege	5644	chrome.exe
Token: SeShutdownPrivilege	5644	chrome.exe
Token: SeCreatePagefilePrivilege	5644	chrome.exe
Token: SeShutdownPrivilege	5644	chrome.exe
Token: SeCreatePagefilePrivilege	5644	chrome.exe
Token: SeShutdownPrivilege	5644	chrome.exe
Token: SeCreatePagefilePrivilege	5644	chrome.exe
Token: SeShutdownPrivilege	5644	chrome.exe
Token: SeCreatePagefilePrivilege	5644	chrome.exe
Token: SeShutdownPrivilege	5644	chrome.exe
Token: SeCreatePagefilePrivilege	5644	chrome.exe
Token: SeShutdownPrivilege	5644	chrome.exe
Token: SeCreatePagefilePrivilege	5644	chrome.exe
Token: SeShutdownPrivilege	5644	chrome.exe
Token: SeCreatePagefilePrivilege	5644	chrome.exe
Token: SeShutdownPrivilege	5644	chrome.exe
Token: SeCreatePagefilePrivilege	5644	chrome.exe
Token: SeShutdownPrivilege	5644	chrome.exe
Token: SeCreatePagefilePrivilege	5644	chrome.exe
Token: SeShutdownPrivilege	5644	chrome.exe
Token: SeCreatePagefilePrivilege	5644	chrome.exe
Token: SeShutdownPrivilege	5644	chrome.exe
Token: SeCreatePagefilePrivilege	5644	chrome.exe
Token: SeShutdownPrivilege	5644	chrome.exe
Token: SeCreatePagefilePrivilege	5644	chrome.exe
Token: SeShutdownPrivilege	5644	chrome.exe
Token: SeCreatePagefilePrivilege	5644	chrome.exe
Token: SeShutdownPrivilege	5644	chrome.exe
Token: SeCreatePagefilePrivilege	5644	chrome.exe
Token: SeShutdownPrivilege	5644	chrome.exe
Token: SeCreatePagefilePrivilege	5644	chrome.exe
Token: SeShutdownPrivilege	5644	chrome.exe
Token: SeCreatePagefilePrivilege	5644	chrome.exe
Token: SeShutdownPrivilege	5644	chrome.exe
Token: SeCreatePagefilePrivilege	5644	chrome.exe
Token: SeShutdownPrivilege	5644	chrome.exe
Token: SeCreatePagefilePrivilege	5644	chrome.exe
Token: SeShutdownPrivilege	5644	chrome.exe
Token: SeCreatePagefilePrivilege	5644	chrome.exe
Token: SeShutdownPrivilege	5644	chrome.exe
Token: SeCreatePagefilePrivilege	5644	chrome.exe
Token: SeShutdownPrivilege	5644	chrome.exe
Token: SeCreatePagefilePrivilege	5644	chrome.exe
Token: SeShutdownPrivilege	5644	chrome.exe
Token: SeCreatePagefilePrivilege	5644	chrome.exe
Token: SeShutdownPrivilege	5644	chrome.exe
Token: SeCreatePagefilePrivilege	5644	chrome.exe
Token: SeShutdownPrivilege	5644	chrome.exe
Token: SeCreatePagefilePrivilege	5644	chrome.exe
Token: SeShutdownPrivilege	5644	chrome.exe
Token: SeCreatePagefilePrivilege	5644	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
2912	RC7old.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
5644	chrome.exe
5644	chrome.exe
5644	chrome.exe
5644	chrome.exe
5644	chrome.exe
5644	chrome.exe
5644	chrome.exe
5644	chrome.exe
5644	chrome.exe
5644	chrome.exe
5644	chrome.exe
5644	chrome.exe
5644	chrome.exe
5644	chrome.exe
5644	chrome.exe
5644	chrome.exe
5644	chrome.exe
5644	chrome.exe
5644	chrome.exe
5644	chrome.exe
5644	chrome.exe
5644	chrome.exe
5644	chrome.exe
5644	chrome.exe
5644	chrome.exe
5644	chrome.exe

Suspicious use of SendNotifyMessage 49 IoCs

pid	Process
2912	RC7old.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
5644	chrome.exe
5644	chrome.exe
5644	chrome.exe
5644	chrome.exe
5644	chrome.exe
5644	chrome.exe
5644	chrome.exe
5644	chrome.exe
5644	chrome.exe
5644	chrome.exe
5644	chrome.exe
5644	chrome.exe
5644	chrome.exe
5644	chrome.exe
5644	chrome.exe
5644	chrome.exe
5644	chrome.exe
5644	chrome.exe
5644	chrome.exe
5644	chrome.exe
5644	chrome.exe
5644	chrome.exe
5644	chrome.exe
5644	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2212 wrote to memory of 876	2212	RC7old.exe	84
PID 2212 wrote to memory of 876	2212	RC7old.exe	84
PID 2212 wrote to memory of 2912	2212	RC7old.exe	86
PID 2212 wrote to memory of 2912	2212	RC7old.exe	86
PID 2912 wrote to memory of 2872	2912	RC7old.exe	87
PID 2912 wrote to memory of 2872	2912	RC7old.exe	87
PID 1444 wrote to memory of 2404	1444	msedge.exe	112
PID 1444 wrote to memory of 2404	1444	msedge.exe	112
PID 1444 wrote to memory of 772	1444	msedge.exe	113
PID 1444 wrote to memory of 772	1444	msedge.exe	113
PID 1444 wrote to memory of 772	1444	msedge.exe	113
PID 1444 wrote to memory of 772	1444	msedge.exe	113
PID 1444 wrote to memory of 772	1444	msedge.exe	113
PID 1444 wrote to memory of 772	1444	msedge.exe	113
PID 1444 wrote to memory of 772	1444	msedge.exe	113
PID 1444 wrote to memory of 772	1444	msedge.exe	113
PID 1444 wrote to memory of 772	1444	msedge.exe	113
PID 1444 wrote to memory of 772	1444	msedge.exe	113
PID 1444 wrote to memory of 772	1444	msedge.exe	113
PID 1444 wrote to memory of 772	1444	msedge.exe	113
PID 1444 wrote to memory of 772	1444	msedge.exe	113
PID 1444 wrote to memory of 772	1444	msedge.exe	113
PID 1444 wrote to memory of 772	1444	msedge.exe	113
PID 1444 wrote to memory of 772	1444	msedge.exe	113
PID 1444 wrote to memory of 772	1444	msedge.exe	113
PID 1444 wrote to memory of 772	1444	msedge.exe	113
PID 1444 wrote to memory of 772	1444	msedge.exe	113
PID 1444 wrote to memory of 772	1444	msedge.exe	113
PID 1444 wrote to memory of 772	1444	msedge.exe	113
PID 1444 wrote to memory of 772	1444	msedge.exe	113
PID 1444 wrote to memory of 772	1444	msedge.exe	113
PID 1444 wrote to memory of 772	1444	msedge.exe	113
PID 1444 wrote to memory of 772	1444	msedge.exe	113
PID 1444 wrote to memory of 772	1444	msedge.exe	113
PID 1444 wrote to memory of 772	1444	msedge.exe	113
PID 1444 wrote to memory of 772	1444	msedge.exe	113
PID 1444 wrote to memory of 772	1444	msedge.exe	113
PID 1444 wrote to memory of 772	1444	msedge.exe	113
PID 1444 wrote to memory of 772	1444	msedge.exe	113
PID 1444 wrote to memory of 772	1444	msedge.exe	113
PID 1444 wrote to memory of 772	1444	msedge.exe	113
PID 1444 wrote to memory of 772	1444	msedge.exe	113
PID 1444 wrote to memory of 772	1444	msedge.exe	113
PID 1444 wrote to memory of 772	1444	msedge.exe	113
PID 1444 wrote to memory of 772	1444	msedge.exe	113
PID 1444 wrote to memory of 772	1444	msedge.exe	113
PID 1444 wrote to memory of 772	1444	msedge.exe	113
PID 1444 wrote to memory of 772	1444	msedge.exe	113
PID 1444 wrote to memory of 856	1444	msedge.exe	114
PID 1444 wrote to memory of 856	1444	msedge.exe	114
PID 1444 wrote to memory of 2360	1444	msedge.exe	115
PID 1444 wrote to memory of 2360	1444	msedge.exe	115
PID 1444 wrote to memory of 2360	1444	msedge.exe	115
PID 1444 wrote to memory of 2360	1444	msedge.exe	115
PID 1444 wrote to memory of 2360	1444	msedge.exe	115
PID 1444 wrote to memory of 2360	1444	msedge.exe	115
PID 1444 wrote to memory of 2360	1444	msedge.exe	115
PID 1444 wrote to memory of 2360	1444	msedge.exe	115
PID 1444 wrote to memory of 2360	1444	msedge.exe	115
PID 1444 wrote to memory of 2360	1444	msedge.exe	115
PID 1444 wrote to memory of 2360	1444	msedge.exe	115
PID 1444 wrote to memory of 2360	1444	msedge.exe	115
PID 1444 wrote to memory of 2360	1444	msedge.exe	115
PID 1444 wrote to memory of 2360	1444	msedge.exe	115

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\RC7old.exe
"C:\Users\Admin\AppData\Local\Temp\RC7old.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2212
- C:\Windows\SYSTEM32\schtasks.exe
  "schtasks" /create /tn "System" /sc ONLOGON /tr "C:\Windows\system32\System\RC7old.exe" /rl HIGHEST /f
  2⤵
  - Scheduled Task/Job: Scheduled Task
  PID:876
- C:\Windows\system32\System\RC7old.exe
  "C:\Windows\system32\System\RC7old.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2912
- - C:\Windows\SYSTEM32\schtasks.exe
    "schtasks" /create /tn "System" /sc ONLOGON /tr "C:\Windows\system32\System\RC7old.exe" /rl HIGHEST /f
    3⤵
    - Scheduled Task/Job: Scheduled Task
    PID:2872

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault35328f4fh00b6h42bfhb367h4ba574828bdd
1⤵
- Suspicious use of WriteProcessMemory
PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffe4fb946f8,0x7ffe4fb94708,0x7ffe4fb94718
  2⤵
  PID:2404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,9267725553102442360,6936955300832228523,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,9267725553102442360,6936955300832228523,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,9267725553102442360,6936955300832228523,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
  2⤵
  PID:2360

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4892

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1508

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe4fb946f8,0x7ffe4fb94708,0x7ffe4fb94718
  2⤵
  PID:3428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,17762541317124765819,2490713421284564728,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:2592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,17762541317124765819,2490713421284564728,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2452 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,17762541317124765819,2490713421284564728,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2992 /prefetch:8
  2⤵
  PID:3648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17762541317124765819,2490713421284564728,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17762541317124765819,2490713421284564728,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17762541317124765819,2490713421284564728,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17762541317124765819,2490713421284564728,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4464 /prefetch:1
  2⤵
  PID:4252
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,17762541317124765819,2490713421284564728,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3504 /prefetch:8
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,17762541317124765819,2490713421284564728,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3504 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17762541317124765819,2490713421284564728,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1
  2⤵
  PID:3500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17762541317124765819,2490713421284564728,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1
  2⤵
  PID:688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17762541317124765819,2490713421284564728,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:5240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,17762541317124765819,2490713421284564728,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2148

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3556

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3632

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffe6fd8cc40,0x7ffe6fd8cc4c,0x7ffe6fd8cc58
  2⤵
  PID:5668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1852,i,5747170529557220129,15456621695193573231,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1844 /prefetch:2
  2⤵
  PID:5816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2192,i,5747170529557220129,15456621695193573231,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  PID:5840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2264,i,5747170529557220129,15456621695193573231,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2448 /prefetch:8
  2⤵
  PID:5896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3172,i,5747170529557220129,15456621695193573231,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:6112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3320,i,5747170529557220129,15456621695193573231,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:6120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4076,i,5747170529557220129,15456621695193573231,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4576 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4724,i,5747170529557220129,15456621695193573231,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4876 /prefetch:8
  2⤵
  PID:5420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4904,i,5747170529557220129,15456621695193573231,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4896 /prefetch:8
  2⤵
  PID:2560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4872,i,5747170529557220129,15456621695193573231,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5112 /prefetch:8
  2⤵
  PID:3480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5176,i,5747170529557220129,15456621695193573231,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5172 /prefetch:8
  2⤵
  PID:4784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5180,i,5747170529557220129,15456621695193573231,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5056 /prefetch:8
  2⤵
  PID:4512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5092,i,5747170529557220129,15456621695193573231,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5192 /prefetch:8
  2⤵
  PID:5196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5204,i,5747170529557220129,15456621695193573231,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5232 /prefetch:2
  2⤵
  PID:3192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5512,i,5747170529557220129,15456621695193573231,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5048 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5216

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3940

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\1ee20956-4c3e-4771-ad30-7656298b09b9.tmp

Filesize
9KB

MD5
ee11e5c3f8b691ab8008d371bb1f9e87

SHA1
8e882ac12b086e235059fafc355437ab7259c276

SHA256
8a816e49954d2b19842b9bb414eb472705321f3d30bd0585d2e4008113c02f88

SHA512
07702e9889ec60b0017ff6923d94d6b5f5f5caad16c76ae7bd57a9b87e9779bd301bdc91eca2ad015190344e90bd6d214e69cadcbf19410a259cac7f8da3dafa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\2b518669-e9c9-4ec4-a51f-fe679550ad36.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
efcc309d3925201496e08238034359c0

SHA1
b86e31211b5d4edef875037a0e83e2796a483bd8

SHA256
f91d61f07ba8a091446f9673a93e06956f6c45288c3dd7a44b29d05b94e2b007

SHA512
f7f1f76d7828a1876b00b29ddb365bdf8270a68a9f8585a46c54c39c600702a76dc3e873742b0d3a25a61de71181c8fbdc0775564482db2478e1a91157802dd3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
bba5082027a62535a9d2034dd86f106c

SHA1
f2484c4b6ab5d1f0400bfd67c1988c27a20618eb

SHA256
b763a4d45dfc04cd94b52002567b29fdce998650ed520304fe437868720f64f9

SHA512
057cddeddbc6144be188a617ba6660a8b80e36a33aec569e6446946af4fbc2304a1be381224a7d3b925bffe37a214f0650664963c340e5e9aaeac7be6fbab0bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
6a984fc56511cc5d0a125d11fa3715e2

SHA1
ebba8b7d0fab7abb919321b0826d6cd25bd51719

SHA256
9986f4b0bab6dc7861ad0891ca16a3991ccb326f9b8c9d8fafd674805f014f26

SHA512
0d192d8750a695e78a494066a823236cecdbc2eddc6f25bab72d73a328d675683ff976fd02d3576c9fcd0731f0477d5538f170e4bc3e7294a4c0e6d7b52a0d6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
de6958911e51a9669aa268761d85f4b0

SHA1
b6b064fd1ee4add20766c11c4533656ada7e074f

SHA256
471f738b49f6bf93221114ee4fdc74a39eabea76899ee194a42977893e7a1ba1

SHA512
3032a6a059808c4b3c34e6c43ef375b643e32f7f42d0f7e57a2573948e9730e5259dd6c58fc3a1cd1f769f4623a2adb2c839d9bcd8a0c65904af0666c579628f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
5ca37321b506179657526436ada0b582

SHA1
933c4e450f0e33a35d0aa1f326c2b340dea1267e

SHA256
fb20d9a9ef87260c6bc15f6b39879bbb76deec985134542c2c006f5fadedb7d8

SHA512
51166297295cf3919a6c5c37ed434681ec7f4cd7daa7e635569e429a3e941a7e6d926727b3aa14f41dd003c9888e16f4d0a684a7fbe8a9ccac96c9ac460dd8fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
992aca5f656233b4ec52f929498ad703

SHA1
de8311102a3f9416e3a04e4d64002cfeecb85b58

SHA256
c97ad0ebf91fb18d8bf686007956a687e63e6b98e66b45242f81cc855ba9542a

SHA512
b6648b4e30cb78361f705c473bf29e54e2951c66638d6b1a43c5147d7f8588fa0d81a1786dd999eb2e6bb916c42b10385210d445a5229861e522ba20738cc83d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9271eec5e94e8037234209f58d139be2

SHA1
ae97d391f68a5927ea8079be97e4c42e03d14f6e

SHA256
39963d29ee3c5fdba3e85b43531b34d9b1ee8f91a072650273d3a0cfb00baaab

SHA512
ee912fd58c997a523457181718b7399b448e2ad803f2d93dee82088f3f4dd8dcb4731faf15b03bc3189add4a37b46f7331a09c25b459def1dd4748379f003ea5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ba608a1fa51599e03ca20544937f8b07

SHA1
fcc035b375046a498b9af0ae656ad5b9bb693c30

SHA256
e7679477ed0b03a95300592a6e010377bfd1d7df083cb2121118420b18b4c4fe

SHA512
71eae7f938d50dcff6e0f46d7ac15851723462ebaa2440fe4a9a6d0ce0493d36847f8cacd8b6ec2883260298bff1d33c5b0f6a5e7d725d82e4e51eb53c646b48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a30ad11b8f5c287a0035b66dbae33ca3

SHA1
edfc2b5affca386d3cca9e051aa8d117733d2469

SHA256
8f5f122fda76242efc6b923f4876b6f3edcc2592c7fd6964181dcc3d05587194

SHA512
5b195ba41781a63dfeeca471d347f531a6196c188a0fdf22d3c0f40867b45f67bc4a0f0a7a38a53ff3d62716ea0dfd11698daf93b980f455d4d04f80cae95d8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3c7b44ba28e1451245dc57a1195b2961

SHA1
ce7d7a84a3b0636f46ec604881f513387b737d86

SHA256
9136a3e237e128e04b47dff55acc9462d6e7c836380fbd0b05ec5c79502d91f8

SHA512
94eaa927583baefb5e47bbc0fe0d5a0d2b1ab2d513ddcf48839d794c46e6d135b364d93ef7c18270ec2ce30ebfd2779deb370132cb2fa580069aa71718379b91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
356ef92b0e99ddbefe9bd75aad55d45a

SHA1
7a8373abbff87cda15d680af87b21ab756efaaa2

SHA256
564a32d1336f5841a7ac29b775eff81cf5d72ab8d1ecc4dbdef90cd2922fd9f0

SHA512
f1ce5f87ee1ea33749b554e3a9da8b95ba9074c74e34f2bc553f9ce49aeb3250205d6422937f5f4ad614ed8814d39cb298fcc1eafc0817371f1084b25a15c73c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a2cadaaa6407809445d6313abee8972c

SHA1
6e02d65d35d1b2529820634abba294647edf4ddf

SHA256
dfb4b143faaf6436826dcff6d062c687a7c397c164a5f124a56529c2170b47f9

SHA512
8919f619f818511fff044fd27d71f6ae415a2a22066ceb1060d39c775008694a7291f43dd76a5458bebc4628191814776e538fbeccadab408d52c5677281b0a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
89201f853a00d262da0fceb4d752bc5f

SHA1
ab80263af712e69a9f78e268052854a3ee93a819

SHA256
294c5262c1c63277b65d3615bda74ea47505937ae0261ac2dd67791ace80dc35

SHA512
9c159eb557a8a2fd646380238c50ead38cc7fbeb7c7238929dd37db854ae101e489416fb344d25707027f726f462443de3d8593411f5e26cc51ead3d0583cab9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2e3545bfddfde2c3c5a2b362c0ae9d82

SHA1
2306fe1d5bf9d32998ec87f074996b284e58861b

SHA256
55ffb412e4417f4dd68b95a61e8b3ff63d7fa09c12f0feb198e93f428cb90503

SHA512
97b09b4f17739d61b819626c441114b57a5d02d30f894c27ed2ed679158408bcac712ecb910817cfce1037e8eabe9764feeb2bc8e5ad74f13b32fb4bd7962f0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2bbb14ccef4607130b92c86733b3eeeb

SHA1
6ad469a7c2d9f11b41eddca3adc3e1f4d0c8de7a

SHA256
dae01ea858df982971f4d6d070029254f31fd721a8d1f5409be34fb88d9cd221

SHA512
94bb5c7d896188aebd703b295c73a6c3524ab26b9dfeea1f85ca2aa2030bb3c4b737fd4623a72b6f84812c326413ede967fe0808d3dfe554cf5e5aafc23ffa10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3d6611b2896c9b0000471a613b8d5110

SHA1
cefbfe26d410667515037b3e2baea06456103e16

SHA256
1bac7ff46f59b5c121bdfb7524e4b677fd3404e8adb6e2d72d202539d9017fa8

SHA512
2cdb6bc5b10d6862051189dfdf8fe2ea097aa8384fef174da3ad56ebc7cddd2eb4cd70a5034cc120b60ce3633c8efb9be35c8dcbcd7c326b82ba2050ce235be0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4f0304c032053dfb0ad3ca746220ac4d

SHA1
bbcacb96ea58bbd10ea980fa75bb7bb5a577b5cb

SHA256
28691b7b5cec054d971c54477adf41eb5722f7cb0b7568fabc1037bb78148e36

SHA512
b378d4d304bc5804471192ab0da4ee20368779c57b25773aa074ffd1b9fc69ba9988d93cbf47b00b68a59d040be1cf7cdbb4eafe332cbb731cfb5c9dd749c79b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
581ab84b98b7bd9f90034dc8ff14ee40

SHA1
b4ecdea17d25317796f7827e93a8b917327445be

SHA256
224616338a60a001162bbf5d7407ce12bd529c4e27c340313232abf2633c0b3a

SHA512
d51a955f5bc8a4a9551f1bef7db5934cc655d1270a31a9ee2e342029b1d4e856e7a3eb661cc5ab86e8127cf36e2f1c046d9ca3c60fc2d34452862e50e1b02952

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7107f1c08d00a23b31b8c536cd8730cc

SHA1
6c848ae9cbc1c1cc1417b0457c22f154a5ed64aa

SHA256
caeb465c6280e91282f9d89977ec8a4ee4ea682534c1c6cc2a36f28c97924084

SHA512
b10de0eefd2dcafcf3e7f75c68909c99b254bc3832e2dcd0665d2f23781d16ec46969ba2156049768d8b3812d6798fcace4428fbcbed4298fb1ed5ea5ca832b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
28ac70f13c4388a4cc7505e53b4059c9

SHA1
44cc747333a9ff86f03c27b229ef8dfd02e4d605

SHA256
66d9d6043cfdbace8d8802ce666d94f81609609467a8f1d47cd937617565815e

SHA512
0d8a706a46fa61db4bfa989c637ff7d14d06fd584a33cfca3207ce5a6aa4f3e74c4438055597c147ec05bf1c23bd8d9b1ae568df136c541aa429058bab1b4fdc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4f6669a0673e67cbf86e1547d43cc409

SHA1
30ed99d793b7891e1d0f949e6d85cff25053dff2

SHA256
b60ed30ca9417fbad6027f4dc9589320f8ff1702491b73480e1ae5ad92aaf3fa

SHA512
df9fc4527d518a584caa82ba40e955303b1e03db33c5d172c48a1c55e364de6047b3a0045f96079eb9d57071abe91c217df4b59267a64238c7e6bfa419c9f028

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bc443bfabdb8fbd95f3e42b253422271

SHA1
e9543cdaba3c935e1afd1e7a23734c8307989a9c

SHA256
7256fe68df679509a3c5f95472395ca30070b560f08e7065006cbc3405b849b4

SHA512
1be296208f4461510d145b44ab6c67b9e697aaa6a6217c5aa61061b13b1cf7ce6c96923a052c46f3ce7dd1cf87deb49324ed923a1fbe452450cfbdf5839d2af8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b65e41653e462c703df527c4b3ac6a63

SHA1
992b68713da3342c0687d5bdeed0ff2e9635a89a

SHA256
599099c833a34d44161f4873ca8607f537403f15193ac4599b502881277df2af

SHA512
ca61262b637c2c66313590603a02a42bf5e2ad95c23d8d3a6a767e135c6a70ab21ee8b3422ad2e38ac1cfb10e26f1d4090c8a581a63537d553c0dd1c8093bd3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1275814c6536c6f470caba5aa22c1488

SHA1
fe11b07602cb8326e8501235ff6a23721baa87f9

SHA256
10e7a81c7ad7a174cd36b45d05bf1d81070222b68fc4622ca53b4d3ac8d20f62

SHA512
57870ce6271bcc2cac55ed7d7c0de119f4c25d28bba638c842c8ec8b6e6ccdd32b068d5f690ff443672eae5dc25913577746342709b7f6bd30f5ebb791f98d25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bf1468228f4c81eee78e514c7f5cf4c8

SHA1
3904c0481a53405c61b9bef07d9a4e5dd9ddcb86

SHA256
533e869bea161e63c4c75c4c81d4c219a101e6d77670c704c6156c39ca62c755

SHA512
bcb7c7a9df71c32d8cd9562553455776bb86f9e42f6ba67df278d8296fd0b86f8aee8feaf9d27503820c62047990d296863809c094e1de278744f67969274320

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fac476cde5bf38f91a7f769319a3d069

SHA1
95bcdb4c1b24f2241dac12bc8bdf2463daa6b15b

SHA256
9027ff39c5a82cb66b8b895997bcaa5825c4bc22bbae2155a294a63e02e9057a

SHA512
783054f8ed4826e08933aa36654940bf2c24255e39ebcc3d0a5fff8b507351763a03d0936158aa763a38ace14a4b31e61b23f9b71979e582b040c52fff213315

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
db8ad74bab1694c67e1ca406b34f1d66

SHA1
58fc5875d2e04c22aa07fb8b88399fa0e5d8e7f6

SHA256
e8137ed491f1c091440a8843b89c00d8b267b6aaa16d568650cc737ba4d74782

SHA512
a667bf3886ee2ea5bbe0e6f7aeaea00287bb57493c64b93cbb543fb831fab3b086a2bd2551eab162a5209a0a34964eab4affc188f50d58ca91a7fb6dcbfa9158

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
38b848f916ed3d627101d87e6ed6d5ca

SHA1
11625bb6a3bc1ae398705c5438156398c2aeb893

SHA256
8cacf51be2807d330dfe09a3bcfda6b0f46b2dc2b79ea22f59e2d6712ebe113a

SHA512
2284a02207a16b855e1cd2ee0a0225817dc9c06bb4cfcec69981646f85c46e8a8225717d5baa429ef52e9b3d766859989519abd1566f982198b348a1e88485ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a62f95b51cdefd479381d44bfe2f8683

SHA1
de4cbe03826844ca11c3b0f69f3966b1776d915a

SHA256
50260dcfa0db1c7080bb4d88aadcee132570377b8858a5c8e346b281453d4444

SHA512
39f19d919d96d9c4c65556869c1dc307153ba5c6bc1e6356fd88694b39428243806bb54c0a01b1c79ff94c37e7882f36bcdfca50d0381cad731a37810a042b68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1ea6ef3f4ae49dda2d94b5a3a8f59ba5

SHA1
7dab3fdfc2084140cd47cc47b1940548eedd7006

SHA256
52af91401f96b3fa7f677df3af2a666f122b3876c8dd086d45d6dbb49e10ceb3

SHA512
981e06e736e8d0cdc3ad7c9f68b715eff130d648bbd6b6cf844b9dce573e817b453a0298dd91dce34b98ada345eb0649a67a29ad944a93bd2646e1e36fb0e048

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0bd340afdfa0efdc92e0213c9354eb5b

SHA1
cc2d230f1170ee830e4f78493ac718697fe1d1bc

SHA256
da074d35dc49d9a0149dfbd423450fde4ff15c4ec98cadb0683e436538a3a2f2

SHA512
6ca0fa2b61a11c976040aa89af0d78cda6f31a2e7cf55d975baa1a1fdb2ec4ab19ac23ff1d89865ed046774cfd5bbc6baf277ad0e52f3fd8202b0157d83a01b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7056b539c24dba17a76866c018d659af

SHA1
ae38146e9b51ce7cdc8a61997d39504abdc2aec4

SHA256
a637ed98278068f07a913265a3f137a53ce09797eb877547a0b085cb0b343903

SHA512
1a4dd208e18d451dc4fe614572b6e98834ccb13b141eab0a0bb0e4a4cec73e6e60e5be0795b21125454336f23b13ec25dccc2d32944fb61c03a23ca50ae9db32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fb22c705c6e22f30b4f5743f5201c9bc

SHA1
c77d0c5c312a8f9245a22d1177e3088600cd4457

SHA256
6e12294e09c1b403bbc5200bb052043023c066859bb4e7781e3b5a904bbc7e61

SHA512
bd168f3e68add5f76584e846c3c7bcec62b16df1ba3788f5e563b78e0be393bad01a1d47c704be41773571d93eca5da322699dec2057a3c3eb07333e92ddcb2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9485da70d6adb95031f9c44b21753a41

SHA1
3d919e523832c13e9532d1f41dd4c10183edde1b

SHA256
2e61ca3110c89e72db397646a13b6a438ddb77de85d0fca863bc01f1ea3a52f7

SHA512
856144fd7ca0a245ca28b5343cbda5bfb0fa47d9172d7c16e23133e800f2aed71d19aea3251c611a98bc262d693b127b565656c704770418f9339f00226a4cda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
09f604872a89b380ae266afe5d15d96b

SHA1
8caf3ebfb043220deb386cdecc2ae77dbcb4d1a6

SHA256
21ca192f4b32b7029d3f0e3701debf41993f8ec09a6bc8542d8d71fb63ef45d9

SHA512
05d5fc5fdf1f25eb88815a3c0948e645cf6161382869cfdbd1bb04be7541077f6a5cde8684b8135b4ec81c79f53f65288ce0b9eb0cd158faf8eb7aa1f94f6256

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ae40aca7780becaf6111f8e2377f24f9

SHA1
8db0f2f2ebe1f3bd219a8522be08a7b7184286da

SHA256
79706aae3d65a29370e50451f276d457ab2a8812f4926bac22e95d452eea72de

SHA512
383e0bea53bcdb66c9bbce28215e4b535980f852f8703b6169b0a32f42b984ed02ee69ab9d1840f3f02c5543d2bc94906c9add94d3816700cb376a54eedc4d5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1a512a1c0b84280a30626d066b1e72d7

SHA1
a9327df8137c8c38174f193e2978afc22609cc95

SHA256
56dc9a530419bc6d3c950251db9ddb277d5f3b375fa0de85a19d442f3b0cdb60

SHA512
e85262e8b245b9d7e8e906283dab606d633302e4db352067841b1a7070007e4bc3a5ca1c8e26a36d6c9bdeaa9f2349011edce5f064ad80e745b1e579d3061798

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a2d9c24a44fd8d668b065548a6dcc291

SHA1
d090365961b1c86378b2a5a57bf60ae5052f6a4b

SHA256
d4f3781d0e9a2aa9987c6680130881ef20d385a3c351b6c88cfe9f54bc8466be

SHA512
c72aa3089ecb4a7a7364f62dc962bc7047fb084b89fa01e6bf8cc4d81af8d07a04d360e416cfc98ff0f691cecaf8de7e99f4136542da18e634bd19f15940444f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1fdf15393d5af8a87ae162c4c6e4a3c9

SHA1
72cf66d153cfad36006a9ae92cae77dd5bd79896

SHA256
b81213fb70df0f376548fd2f05244b1d1a6f9297ed370e2496e164ebf1d4c8a0

SHA512
6ebfebe0252e8e7be28ac80ab2a1b93efd8839f2064619058a6fe7dad32e1751819685266995895569793065d5c03f974159af57a56dad854dfa58c78f53e0a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6c1280d6f36e7b910fc51c0f8b7a6c5a

SHA1
adb729922942a1daa05c9cffaea55656ef03c355

SHA256
e331a5106c422909c47d85c9f883546f0b35b2e20f1bbd6e9b80e1a5aaf6cb4b

SHA512
683f71ac3d314d90a3a618d6dee192225f87adefb3df1cba7585391637146dfd1b1c19e72702967b9f7c13a0e90914cc8b07e69f0bff8b738e6cc357c6587cd7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3e396af2ce75687a81ac07333eebb4ed

SHA1
390e25f40832c68d50578b07a05c29c8551a02d5

SHA256
be67c5e103521b8b47fe94306a1fd926be33727ef62902c46a4ce128aef19b3c

SHA512
787be3d2780fedc43a9b27e3f106bd028b7bcfaa8ef3822bbe65fe0a5bf645328712798aab96679661f8b300bf405ecef87a0607fcbc2dad4c80a909e6168098

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
24a9de384893ec23334b358fb69588f1

SHA1
b94b54bd916ac6a5c14c16dff89c4f37f4af2ec3

SHA256
43ed08e8724ef5c0461ccc0ba42871b1d72c9a53c5f24fa2c707ac9897d3f087

SHA512
cbd8e3d3735930389735e744f0c732c51b7704e4ee4f4fbe08c639e15e14b0166ce1941d83930a8299fda5b97781b41af84b3a9f94d92861f128b5f37d6d0e84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c2826c9bebe367cae0a40a72d300508a

SHA1
0d38371702d794fa9bcd4c41e738a63f25350d39

SHA256
ce84d1bc5bb789b6477939ccb7523629cf3a3881c9b8b102028109862ebdfa1b

SHA512
a816c4912a84f227c36c62941aaf83a617b96658bc05087aaca80224f78cfae0e54aab432d6b404c632ec3890c8e18cf072e3f7126e027222b72986870f2d3dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cf2a5b1358096dbb66286dae7de508e8

SHA1
3b24c57930929b59c2f591dbbb735240b1622553

SHA256
089bf4d64e412d1dc5b42e4a35de0c91c4e453cac241c4d59e24d8af643fd911

SHA512
db038d010b95b02a5c5ae154c788e13b2c782fc8818a2fec8df352ec3db3f478032e9a96b9334f818c2ddfb41fa1e9e1543e095d49745922be8ecd1ddb8d8161

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
d892a5edf805b77b9fff5f165a7cdd13

SHA1
a8f7aaf5ac365af5d0133cccbd221121dcfada7c

SHA256
36bc4823c46df2cc1010bc7afc125ca1df7bbeeb2c93068ae98d66e189480a03

SHA512
79836b3907e65a87de9e03c7b21b1eab2352359f784950b2d3735d6d0c3a0d674458b1e1fff2e6ccdf7eac4979bacfbbc303a94a4df14a30d533d7eed32f3aaf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
190695664507405c6c8dec4b16136056

SHA1
384bc349ace1e41f34938c6d589619c933a67ff9

SHA256
f39cda0aa7d72f906382d036da1b615f05b2f5c731e49036966dbf0406090ff4

SHA512
e9cc03489ca56119a46ac13f2847d862dbdabb8f5c12bf9458d176cb5ecebe6d952b431e3b5c5ffcdf0e54390ae1ae51a3ffcc4d545f3cef11c06b4242881d2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\a23f649f-6482-42c6-b73d-f45c920afc2c.tmp

Filesize
9KB

MD5
62f49003a414cd793b9fcaf351734e7a

SHA1
5680b650ed97bf11d0ed231f60b93013b41b1c06

SHA256
114701979e200d87832fdc4c9fd9cbeb6f0c8af5e8a5f13eb619245c9d57ac26

SHA512
9ea5354ae984c5d8048bef48641824f9604ed6615e3028d6c5b2e59dd837e2ff78688b19e3a40a8b98806545f1f17fe785c7e3aedb9f711d13fa88eef779c8c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
230KB

MD5
324abbc7851aa0a0fa972bdc1ed0634d

SHA1
d602ee34824b5cd8a1ba13ad98e29692139a568c

SHA256
dbefd381c4785dddd2fbf928119c9e8801d3e1487a5df68a894891ab8fed32c7

SHA512
14fb30b7639b3bbebebbb4e75fbefc669f0e5cca29580e69a6d5a933f992dd7a8f2839e37b0c671d0467f4c5dc3d6c0b51a569466afed95eee7aa41c66ff47ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
230KB

MD5
a056ccfc0718498a4d8687e9b0002897

SHA1
1a5539871caeff3675445c2deb675736289ca661

SHA256
9ab5e962c0e03ee5a87ecb98e36deafac190244c9f741048eaef79b43d944e13

SHA512
fa86c786dc3824abb71eff8f43ce7fbb7964e283e4bb1a0b00a9c3700ae56e08c01481c88ec88a0a37a5a2b423968ecac5eb456c549e41125b2f9a334acea7ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\RC7old.exe.log

Filesize
1KB

MD5
baf55b95da4a601229647f25dad12878

SHA1
abc16954ebfd213733c4493fc1910164d825cac8

SHA256
ee954c5d8156fd8890e582c716e5758ed9b33721258f10e758bdc31ccbcb1924

SHA512
24f502fedb1a305d0d7b08857ffc1db9b2359ff34e06d5748ecc84e35c985f29a20d9f0a533bea32d234ab37097ec0481620c63b14ac89b280e75e14d19fd545

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a0486d6f8406d852dd805b66ff467692

SHA1
77ba1f63142e86b21c951b808f4bc5d8ed89b571

SHA256
c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be

SHA512
065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dc058ebc0f8181946a312f0be99ed79c

SHA1
0c6f376ed8f2d4c275336048c7c9ef9edf18bff0

SHA256
378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a

SHA512
36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
66aaa7f28ab97af4a40e8ececa827fed

SHA1
e6eb2654f8d587101372138ac57fe26ed931b8a8

SHA256
9cc4f1e9e61127bc3339adbdc2439f5ac6773e644b2bf5db714edf42ce94ce46

SHA512
b6c7568f9143f11c839d072e0dabb6d702e99404e693e9495a2e88ff44fd2b3108dbea06f183a5d4405b9991927aa3f3db7cacf6c569b8c2e95b7e93b948c82d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
575882dd77cee7a76523ef571dad7540

SHA1
ac1f931c58f484d2470e4c45ba578267a200933b

SHA256
5e89da1a1886281e759a49c018567c7845e7b3d042d9b9e7033a15c57b919e5a

SHA512
e79e3f07422eccf4ec755fe005d71eb8ac49660c43d0919299f80d810ab84a6e6cf84676da63deeeca9594de4def78372dcb294ee72f0cec0684849c6cc48b24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7ad89389f7d01770703a91b7f5495177

SHA1
a831b0d4349b46a717fdb0d88fce5f37bdda75da

SHA256
3f7065e07d70954fe1bb865bf41c0534af730e7005f813367416c4fdfcf1200e

SHA512
98e4bbe7fdb8398ea864e272e0bc105acae14ef60aa5221689b37990ec1d3f0af40a30ca5b8cbb210c33b942055625b99e14ec7548f7a5031449639f23083694

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4b6224eea97e29112c0170b955d84cb2

SHA1
b5487568181733a174f6f045f86f717f6e72a9b1

SHA256
840fd5f42acb2463f2ac22a63fe9c6c5835257ad48057e587f5b6763ce5d0acd

SHA512
c35ad01228e10245e3f05ec05324a2adafdaccfc18b5548cb8822c793672f8461cc8ceb7e4e42b02cbf9416d83c03ea7f6cd33b6d416d8d03baa42151328ccf2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ebe8b67577d8747c93433d8803a28855

SHA1
2e20818c0d4c1bf0952af37ca91da6d63d389c90

SHA256
4537af9c8452c23fca37979881933ae5d035bbdc5e7445ecb3c01a88b571d641

SHA512
0c401bd6b9e139ea7397febc2265f8bb7091c4d152685047852acf4a13537806f67a3f630081f51c21a12351ffac2aaf952fa0d16ed5f9363ed53bc657598d52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
5b3ae888232b9a3a622e9a19c8c3e6ce

SHA1
8924bde8c2fbf8694bf1606cb2edd105acbf06bd

SHA256
1c870401684b8b3f135611cd89f31da08367115f06882a9a0ba7b6c958cc6c7a

SHA512
09b0b874a250df5cd9254b53c0e99de5003e70639d5a3c4de12210b4ae46b279828c61b85c0712d522cdeefc4c3b8d981c6eb7518d4a2dd0e444031d743fcf25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
1492f51d7bcf027683d412ff51637d2d

SHA1
fc1245b6984439dfd101e83e69f572e2479fa28b

SHA256
712fa1ed8e4cd671cdc001dc28611afbe7646c81f2198f423fd71d285aa196c3

SHA512
d2e9b460da8d0981c082e9855292fac0c5c0fa26c88cffcf266f1141f2fa2694f5d4c7619141ad029d308fdd7493315e25efefe934be0bb18eb1ac1e6b2ac3e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
3bb48fe137bfde6e18ef244996b41fd8

SHA1
e9f6d9335505042ee39f1017ae40ee4210e1fef7

SHA256
eaf4e3aed73b7c814bcc587c8073c8adec647b92533cd9b99ac39d68a8b5224e

SHA512
ab6e1d596cd221b8ce527d7205c76fc7d1b8e4d59f28a6132d68ae004102a25cf350271664e55cde6682650ba055e07776940f4a01b4e5aa0e0399a1b49658f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
cbfe90cae60dc56583ee61a841ff7342

SHA1
b0fbce963535d2f023e5c14ae6f99077ed1d3425

SHA256
e31b86bb59a9552f39a609034781ea8d935fa4935e84c6626ae375e9b6d79d3a

SHA512
98095cd93b2aa686523bdde55a7ce83813ea0471b9756e2e50ee48d23e15bd1a0fb372e184ea77e8bbffa30bbd77f992f5faf49f812b2f15be8c1508c84b457a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
3ebe20687a1ab0aa59a7f1822bd71743

SHA1
1c49e04baa6202f5feace066a95e9d54c50c079c

SHA256
6712149f89434950cd10a5ca83ebbb81f883226964514fd0d2c2d618af02eb2a

SHA512
bc09a9e66774b2f1fd7b579ac017d8e8105e2062199927470b12acae1712dc15dd2f3e5155dcb681417d86634a9c795fde60402ec8465f6a414cba15f9f2bc5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5644_2003675436\15b2e173-6350-4712-93e1-c3f8d2d82569.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5644_2003675436\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Windows\system32\System\RC7old.exe

Filesize
3.1MB

MD5
5efb08d03470612d11124136accc84fa

SHA1
46abe602f6566ff6103f504ef8ae73f43eae19c1

SHA256
853cf003dd01ec972a222a28b1e8b260fb06fab20245e609cb7df103d110343f

SHA512
13a1fbeae357662e2e2a60e511a3bce2f63fef40a96ba49f25e745dd466ca3da24de5155f0f2233e8d15941f353a21df14247ab7b4ebf84ee419ca7d7b7ae74a

Download Submit
memory/2212-10-0x00007FFE58A40000-0x00007FFE59501000-memory.dmp

Filesize
10.8MB

Download
memory/2212-2-0x00007FFE58A40000-0x00007FFE59501000-memory.dmp

Filesize
10.8MB

Download
memory/2212-0-0x00007FFE58A43000-0x00007FFE58A45000-memory.dmp

Filesize
8KB

Download
memory/2212-1-0x00000000008C0000-0x0000000000BE4000-memory.dmp

Filesize
3.1MB

Download
memory/2912-11-0x00007FFE58A40000-0x00007FFE59501000-memory.dmp

Filesize
10.8MB

Download
memory/2912-12-0x00007FFE58A40000-0x00007FFE59501000-memory.dmp

Filesize
10.8MB

Download
memory/2912-13-0x000000001CB70000-0x000000001CBC0000-memory.dmp

Filesize
320KB

Download
memory/2912-14-0x000000001CC80000-0x000000001CD32000-memory.dmp

Filesize
712KB

Download
memory/2912-15-0x00007FFE58A40000-0x00007FFE59501000-memory.dmp

Filesize
10.8MB

Download