d1a47e40e055669c802152e09b5f2e18f12b425e21cd45d1b2f19bdf705082ff

Resubmissions

19/01/2025, 01:40

250119-b3j6masjhm 8

19/01/2025, 01:33

250119-bysbfa1lbx 8

Analysis

max time kernel
339s
max time network
338s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
19/01/2025, 01:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

protocol.exe
Size

711KB
MD5

3d09041c447a2721fde3ad9aa076c113
SHA1

8ccc2716426b467779ff87c31fd2e81e4ec7f580
SHA256

d1a47e40e055669c802152e09b5f2e18f12b425e21cd45d1b2f19bdf705082ff
SHA512

6d0601a855f88a154e57c6f053fe0c3bb7fd9c19bb51397a540205eb75a3f77294ad2239608ff4a7b8ac49d4019289feda767771a9f9b2e5f76b39aa47839c5f
SSDEEP

12288:GdiPLzQxznrAiQ5Bf2BA6wm723iTqDNU2xqZIh7+sLi/jvITJPw61xgHyfAgfbJR:wiP4znroL9OAD9n0z9NQ

Score

8^/10

steam discovery phishing

Malware Config

Signatures

Downloads MZ/PE file
Detected potential entity reuse from brand STEAM.
phishing steam

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133817240766399708"	chrome.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 600836.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
5032	chrome.exe
5032	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
2824	chrome.exe
4232	msedge.exe
4232	msedge.exe
1592	msedge.exe
1592	msedge.exe
1020	identity_helper.exe
1020	identity_helper.exe
1644	msedge.exe
1644	msedge.exe
5756	msedge.exe
5756	msedge.exe
5756	msedge.exe
5756	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe
Token: SeShutdownPrivilege	5032	chrome.exe
Token: SeCreatePagefilePrivilege	5032	chrome.exe

Suspicious use of FindShellTrayWindow 58 IoCs

pid	Process
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
5032	chrome.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5032 wrote to memory of 3332	5032	chrome.exe	83
PID 5032 wrote to memory of 3332	5032	chrome.exe	83
PID 5032 wrote to memory of 232	5032	chrome.exe	84
PID 5032 wrote to memory of 232	5032	chrome.exe	84
PID 5032 wrote to memory of 232	5032	chrome.exe	84
PID 5032 wrote to memory of 232	5032	chrome.exe	84
PID 5032 wrote to memory of 232	5032	chrome.exe	84
PID 5032 wrote to memory of 232	5032	chrome.exe	84
PID 5032 wrote to memory of 232	5032	chrome.exe	84
PID 5032 wrote to memory of 232	5032	chrome.exe	84
PID 5032 wrote to memory of 232	5032	chrome.exe	84
PID 5032 wrote to memory of 232	5032	chrome.exe	84
PID 5032 wrote to memory of 232	5032	chrome.exe	84
PID 5032 wrote to memory of 232	5032	chrome.exe	84
PID 5032 wrote to memory of 232	5032	chrome.exe	84
PID 5032 wrote to memory of 232	5032	chrome.exe	84
PID 5032 wrote to memory of 232	5032	chrome.exe	84
PID 5032 wrote to memory of 232	5032	chrome.exe	84
PID 5032 wrote to memory of 232	5032	chrome.exe	84
PID 5032 wrote to memory of 232	5032	chrome.exe	84
PID 5032 wrote to memory of 232	5032	chrome.exe	84
PID 5032 wrote to memory of 232	5032	chrome.exe	84
PID 5032 wrote to memory of 232	5032	chrome.exe	84
PID 5032 wrote to memory of 232	5032	chrome.exe	84
PID 5032 wrote to memory of 232	5032	chrome.exe	84
PID 5032 wrote to memory of 232	5032	chrome.exe	84
PID 5032 wrote to memory of 232	5032	chrome.exe	84
PID 5032 wrote to memory of 232	5032	chrome.exe	84
PID 5032 wrote to memory of 232	5032	chrome.exe	84
PID 5032 wrote to memory of 232	5032	chrome.exe	84
PID 5032 wrote to memory of 232	5032	chrome.exe	84
PID 5032 wrote to memory of 232	5032	chrome.exe	84
PID 5032 wrote to memory of 3640	5032	chrome.exe	85
PID 5032 wrote to memory of 3640	5032	chrome.exe	85
PID 5032 wrote to memory of 2640	5032	chrome.exe	86
PID 5032 wrote to memory of 2640	5032	chrome.exe	86
PID 5032 wrote to memory of 2640	5032	chrome.exe	86
PID 5032 wrote to memory of 2640	5032	chrome.exe	86
PID 5032 wrote to memory of 2640	5032	chrome.exe	86
PID 5032 wrote to memory of 2640	5032	chrome.exe	86
PID 5032 wrote to memory of 2640	5032	chrome.exe	86
PID 5032 wrote to memory of 2640	5032	chrome.exe	86
PID 5032 wrote to memory of 2640	5032	chrome.exe	86
PID 5032 wrote to memory of 2640	5032	chrome.exe	86
PID 5032 wrote to memory of 2640	5032	chrome.exe	86
PID 5032 wrote to memory of 2640	5032	chrome.exe	86
PID 5032 wrote to memory of 2640	5032	chrome.exe	86
PID 5032 wrote to memory of 2640	5032	chrome.exe	86
PID 5032 wrote to memory of 2640	5032	chrome.exe	86
PID 5032 wrote to memory of 2640	5032	chrome.exe	86
PID 5032 wrote to memory of 2640	5032	chrome.exe	86
PID 5032 wrote to memory of 2640	5032	chrome.exe	86
PID 5032 wrote to memory of 2640	5032	chrome.exe	86
PID 5032 wrote to memory of 2640	5032	chrome.exe	86
PID 5032 wrote to memory of 2640	5032	chrome.exe	86
PID 5032 wrote to memory of 2640	5032	chrome.exe	86
PID 5032 wrote to memory of 2640	5032	chrome.exe	86
PID 5032 wrote to memory of 2640	5032	chrome.exe	86
PID 5032 wrote to memory of 2640	5032	chrome.exe	86
PID 5032 wrote to memory of 2640	5032	chrome.exe	86
PID 5032 wrote to memory of 2640	5032	chrome.exe	86
PID 5032 wrote to memory of 2640	5032	chrome.exe	86
PID 5032 wrote to memory of 2640	5032	chrome.exe	86
PID 5032 wrote to memory of 2640	5032	chrome.exe	86

C:\Users\Admin\AppData\Local\Temp\protocol.exe
"C:\Users\Admin\AppData\Local\Temp\protocol.exe"
1⤵
PID:2912

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3436

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdaf96cc40,0x7ffdaf96cc4c,0x7ffdaf96cc58
  2⤵
  PID:3332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1828,i,7362770158041375144,17917892788256385482,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1824 /prefetch:2
  2⤵
  PID:232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1952,i,7362770158041375144,17917892788256385482,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1960 /prefetch:3
  2⤵
  PID:3640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2204,i,7362770158041375144,17917892788256385482,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2124 /prefetch:8
  2⤵
  PID:2640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3084,i,7362770158041375144,17917892788256385482,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3136,i,7362770158041375144,17917892788256385482,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:1636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4448,i,7362770158041375144,17917892788256385482,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4404 /prefetch:1
  2⤵
  PID:2244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4616,i,7362770158041375144,17917892788256385482,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4796 /prefetch:8
  2⤵
  PID:1748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4332,i,7362770158041375144,17917892788256385482,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4628 /prefetch:8
  2⤵
  PID:2220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5048,i,7362770158041375144,17917892788256385482,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5028 /prefetch:8
  2⤵
  PID:4696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4804,i,7362770158041375144,17917892788256385482,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4768 /prefetch:8
  2⤵
  PID:896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5040,i,7362770158041375144,17917892788256385482,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5112 /prefetch:8
  2⤵
  PID:1480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4812,i,7362770158041375144,17917892788256385482,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4772 /prefetch:8
  2⤵
  PID:4900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5184,i,7362770158041375144,17917892788256385482,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5256 /prefetch:2
  2⤵
  PID:4164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4860,i,7362770158041375144,17917892788256385482,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:2012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4584,i,7362770158041375144,17917892788256385482,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4924 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2824

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2692

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4808

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:4940

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd9a693cb8,0x7ffd9a693cc8,0x7ffd9a693cd8
  2⤵
  PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,11360698572031072427,11669770783503505792,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,11360698572031072427,11669770783503505792,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,11360698572031072427,11669770783503505792,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
  2⤵
  PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11360698572031072427,11669770783503505792,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11360698572031072427,11669770783503505792,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11360698572031072427,11669770783503505792,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:1
  2⤵
  PID:1552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11360698572031072427,11669770783503505792,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:1
  2⤵
  PID:3376
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,11360698572031072427,11669770783503505792,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1912,11360698572031072427,11669770783503505792,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3476 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11360698572031072427,11669770783503505792,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:2304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11360698572031072427,11669770783503505792,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11360698572031072427,11669770783503505792,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
  2⤵
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11360698572031072427,11669770783503505792,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
  2⤵
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11360698572031072427,11669770783503505792,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:1156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11360698572031072427,11669770783503505792,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11360698572031072427,11669770783503505792,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1
  2⤵
  PID:3532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11360698572031072427,11669770783503505792,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:5552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11360698572031072427,11669770783503505792,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:5560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11360698572031072427,11669770783503505792,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
  2⤵
  PID:5284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,11360698572031072427,11669770783503505792,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
  2⤵
  PID:5396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1912,11360698572031072427,11669770783503505792,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6568 /prefetch:8
  2⤵
  PID:5512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,11360698572031072427,11669770783503505792,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5960 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1912,11360698572031072427,11669770783503505792,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4952 /prefetch:8
  2⤵
  PID:1032

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4572

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
151d3eee07f316a67e99447d74273b69

SHA1
f691567c299fac269db31a2a2b6a6419d86ae7c7

SHA256
bb7e02326328a8c09331b5ff2228dfb29ca70f274053d38361d9c35b055b1120

SHA512
4188eb8ff8bdf3be0faca785631759fa565c6d1d5bd52431fc21d3ed4f828f53e64040bfd6b8ce59af848cf736f4659c362d041fd43bc838e7252b7e8aa8a62d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
d474ec7f8d58a66420b6daa0893a4874

SHA1
4314642571493ba983748556d0e76ec6704da211

SHA256
553a19b6f44f125d9594c02231e4217e9d74d92b7065dc996d92f1e53f6bcb69

SHA512
344062d1be40db095abb7392b047b16f33ea3043158690cf66a2fa554aa2db79c4aa68de1308f1eddf6b9140b9ac5de70aad960b4e8e8b91f105213c4aace348

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
6f603d1a452c74cc2a300989e5830309

SHA1
87283afaeb4c42d7d133f473ec7bd15e845e1a2d

SHA256
17ad7bffabd938ccf6e0ce91c9764720cf67db6107f9127fe8965ae7cf33f83c

SHA512
617a97773eb8d87b54c1aa721fa3de5c40bff52b895731f919aeace2e894f8e8a439a157316fb9c88021eaac2c55c2398e39e768175b9384c5e0d1a944ac9fd8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
fce9f5e9e6ce27ef2f6e8b89af0d626b

SHA1
8d909bfba1e913bf8df9eaa3f9a0067e46cbbfc7

SHA256
ec11ab3e184d23e20ce386f59ee89c8920b2b60294afcd0920a0184f2302856e

SHA512
231a4ba985d82e1bd36396678bf6240e1c8be08bc92451bcbe7559a2aa20b94417c7c724ccbbce269788fb592b1516e3d0ed11ea2da82ae4b3b93d63560cc91b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
d978c851ff3b189e570ea4523268ae00

SHA1
629cd8d17780d8736acee537efb7113ffe7a60a2

SHA256
440e572d494a0a060cdd44176af0d3bad69003fa93553b513756a7a450454bf5

SHA512
4939c7500bf7f75d7a99bb961a52633f09dd692edb4d3e0e0781776a370dd2d6589cfe2c9e7974b91836122caa9f7cd73eb35ffd08daeb4ae909426fca72be1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
fc424da077970d65dd737bfa41cffa40

SHA1
00f311b758811db70fd87b07c640c6264a0c2da0

SHA256
3408f1b840b71e00ef3cd985bf2a53fe13dda297047386bc7ac40363f538d9f0

SHA512
731b67585240ed6ca425152aeb1eff8d1dc4aec71d9d30c846779b563c1870d9696f7efb552c23aa661159766d4a579fd30a5ee2a30f3cb4df0e3688c6f72f48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
e0e83c299fd2deec517ffea9c04547c0

SHA1
90d86dbb787893c00d14dea577600a39f74cab41

SHA256
690b8638a8ce31b43e3190460f80f63b2111bfbb41ba5ee24abf6433c379ea43

SHA512
f2d916cfb7e7bff59dfdacb1d343e11bd2938c1432bac1c82c0b417b0d5ec85eaac70b28747d0d58e4b4a2360190a983f6513577e7a5349b25dab07a1d262d46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
382428cfb5fb7aafa0bf625cd173365d

SHA1
8c4150c1b615262ef28de9168657557828e955d8

SHA256
418218d479482c940df30534d047072d706a54f87a37797b616b63dad8d35784

SHA512
d98fe3d9bbb2e1ed73e21bfa14134bda3d07851306e4f118898d14b5f5f17f978074f133c4a5d461eba4ee2c1655c94087703dfd68d6d5a4becd69c5e48e732a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
cccbbd439797166fc3e3af30576c39f7

SHA1
29023650d1c928ab6c61168d7e7703413c2e66b9

SHA256
f767449c22a7c13b1f65cbf7886a46c0d1c1df7fb06f6dd392f749cbee3b8407

SHA512
9ca2c9f0502ef23aed904cea41f952616eb75920324d4218267f1bca5ea9ced5118c387791320b89820aeb8b7d7c3051299d873ef525fa62938da388560a64b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
3f48bd9c70e7a3200e0d74a96962372e

SHA1
0ce876636706acbedc526f065ad594e77d0dfe6e

SHA256
db96ccf370a34070a0984e39e4f400a7726d7f398e592f1001ee2894fbe4c7ac

SHA512
2ec23f32a3d719c67eda363dc5a90417468fbd64950a1a77caabc8fd659d7143bae1e00650562976ac0c41f7aedec98adf7bb141748ed204e4fc87aa959eb91f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
278dfbc97ca88702696de69cf20fb319

SHA1
68b5b51e5c3fb47ab2b99b10d2b1ee3c4e1a0419

SHA256
4af21189386c6cb9557bf827b4b6c99797aa6d448fe6e114af03b0e32632f4c7

SHA512
91e66666ff87af20e8f76edc574f097f788ffb6773a80c31dbd3fc4bfb46f8496147afe019cd4221d8c1a21b324500e77e41f281ca7f761e8d9f13b8321880c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
13dcd59490febca11f24907157173f2b

SHA1
011909fcff4602eedba3c4144dc5f324652e01cb

SHA256
6db678449444a30c8c8a4224fbccdb918ca6cb8ced858e63845d8198ebf2e51d

SHA512
917441f3363577d39aaa67565966b5341d8bc607d76447f648f1dc2649f11de76cdb97216fc4e51be33b3632f92ce32fe5823efebb789538ece7ffd49bf82e93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9e4527d58feabbd6292f221728a4bc80

SHA1
c46310d1e853241cccf03bb0894337528a0bf86f

SHA256
50f122deaace59598b0e560cc5c36ba46c0c5edcc60630f69dbbc633791dece2

SHA512
61a6b4d2fb1c8be73f7eff83063513a8d9308b022a21ad9dc39b34d82841d8c94d16d548adab9a7776e47c3acb7410300c1a135cf20cb121408d3f7ddc0863ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d0de52a086adecb532277179cc59034d

SHA1
143186e1439bbaa24eb5058d12f4f07ed824b109

SHA256
df980e34d2efb53ab93f08ec8686714cdfb625c7e9cd881a68f3a0947ca4e2ac

SHA512
078045d55f70bd0ee323405acbcdd85f51b36c2686eee492ce72f1e043173c7009705fffd9d92ed89524b2ede757fcca5a8dd7c30d1aa18f057155c5d0bc9756

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1d3fc9d62361dbebf079768f9c9a1f7d

SHA1
81509d024e983444f40080c3ec99820f42f920e3

SHA256
3c73ea7590004ee8fc75577deb650befb60877db4bdfd5a564da06d10d7fe206

SHA512
34781b0d18e4517e9ce96a323ca336e47430209907c0e813470ee08d55ad230d8bff8236c2bbc0efb08c278d88d5544b4aaac39ad916e06962d59613702b4ff5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1cdc9ed5dab6ea9f063a42cd924497e5

SHA1
998dd89c1c9e5e7ce56992d28ede6e544ac16593

SHA256
cd35b26fe0bcb6dacb881e886fc300c3cd3799e7e1943c066d4478e1bed6bc0a

SHA512
231f9b963dd6f2ca141b711dfbd94dfe2c4c0b49cd5fe44af1444ec5cc02d17d31859e3426d9f6d6514f91167f4ea84a489997416f72a49bff192a0ae1992fc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e9296e15a09ff3ce8e34771b82620e50

SHA1
9b015b5fce3854202dd0ce4d15c16e4a9251beaa

SHA256
94951d7cc44a77c4f9ef5fc7de1b95abd1ced6c86b651f242b274241b3383850

SHA512
dae3b8b4932ea55fcc94ba49c311de7b27d32d32000cbf13bb7f598efb253f4083771767905b20afcf8a0624e8a33247084778dd945a1266bc8a9116af9dc6ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8f5e960b10ee9cf1ba6b5d16052c82ce

SHA1
22165377c1019b96a0db6830862b3c96188814ba

SHA256
9b0794656c5fe0ad3970ecace25243db07e0cce64b2f3e15ddb85af3631db08a

SHA512
79669e1e3f4e8e0063aeab85314c01602118f6cf13e0dfe4fad5def0c88c2641e8a720fe217c6bfbdd590ad973b5ea6091a62ff4ecaf75bc35fa9c83c6c2ac3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2605eb05e9329c992179fe1a729473c3

SHA1
4cb5daab1d2292f8a4e2acd51bc41335accefad2

SHA256
470e324dd46dc7b2e44ac7d64aab4a4f09449e1e34561839fa239950ddbf6709

SHA512
093fb1ed1aad44f9c50367f1dcb26c01397cdd7589028336298be0362a88d81c756a81b29330060ae217cba374148fc10c382944f9b7c8a0c464823c71a78652

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c89521dfec31bfbb24b6278a0595f786

SHA1
ed027138ecd964b9c2f04847208f8ddbb7d62220

SHA256
a745936490dfe494129405d463b58415b2b4f07baad3d237cdcd80ea32aa8294

SHA512
80489f9b47d576a93963f03acb88c3b52012ded8fa049e307774caeba13534f3c8abc1ae1d3b6223db90fbbb10ac36a2cf873745ebe26c517741b6aa4ab2bebd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b21fa9db033d0d7d7b859ffc8e3f8a71

SHA1
303a5eb321594524276fd112089576929837eed4

SHA256
1e8971c29478e19640e642c4f4444db7b68a7a5609b076fac9a32cb16231690f

SHA512
bdb69dfe6e2537e33cfc2800d1f1b932b2c700b61a928e74e45c9f89abd23b808829a0f78021a2a2b59c62f35e6886124c3196f386eaaef31510258a5038f1ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
afa0070ab1e3bf63ca0ab91e1cefae29

SHA1
d0c53892cef1a181e7db67cd151dc4b9281a0d1a

SHA256
459c3bd4f472210ee2c0c78d00485108bbff0723a44142d33b0a20567d2fb275

SHA512
a9695a0db9e07f3424afeb5a1e30727d44612ac387c44db47ae18f4e867c626f7e9a19c31ddfa17f66b66b8fe050c51312ff85c530eca588216852abae42cb16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
be663993ef5bf8b0a78917e4451d3b6e

SHA1
341420bd5be7d1ef25d15c8a01ead0b0945f1b5a

SHA256
5a563acada1b05d850fa8feda0b195d0bc2bd290d19541fb1c82240588c25a6c

SHA512
c4de97c19006ecf8b0fb91c56fa5724f112075a848e7bdc48b1833f3e09bd59547d27d4db7fdee7dc163b00f502766f0c3909396f0513f7245d3d27406a7a9e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2ee1559c9b68b65e9bdde00e4f9deaeb

SHA1
ecef5e8607f37dcc3ceb79536e55bcbba23d7646

SHA256
b807732bb10ff2ebab815f88d0e7aecf6c9feb226ee5a462cbf54b906eeb23ec

SHA512
74b73388f84e773504219d02e434f6418e6f47daea09404851b46e7e7153774b2a40799054623153d0063442620475e9cc1238c70c46ddf0ace20f3fd2c4f829

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7f202fe85c5a8b2c1f47b17c6c2905ce

SHA1
857f60326aefca8cb30dfd0f24b9ef71376d08f7

SHA256
4eeec5a6db49728ca73a39d459a0ae257eefc9ec0571015b30cd91785442e13a

SHA512
0babd71765b9a099c387622486a246245f1a535e10acc70625501dd3a0cf08d91e36e7efff2c20bc621e446cdbe26e84f266747bfc3d78144a033853579147af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ea73691f286bb7c756824e3af5fa9223

SHA1
d63710b133d11bfdb4be519f3aec8e6ced27540f

SHA256
69dab22218772c492e4e13c790e8e0e45e84eb40a3b1f4096e7ee8eddef208cb

SHA512
9127f8b930c8eaebbc814c3f339ed4d4151970a491bf9ed0707b1fa7d556e8c780b38ab74506e37e9404154f347bdc56b166112419e5c5f371fea789f3c092ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4b748f1e826fb1ca3ba807ee8b56c857

SHA1
06a090bfd19f8620b8306461cd9105f85f8c5d05

SHA256
82cab74b1724f9ea46466bd7b9618450033a4d1d9412cbee1d14c4ac67c5ff92

SHA512
f40c975043dec44a1c9dfbc87bbd0ee60cec8dbbb6512a9c5994143e7431e7d07d15450df85a2e5ede0f49881df36111da32a0b8be6030ab9b42b548ece54f05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f5070350f3d1db1ad95fedf59463be7e

SHA1
a6085f8d336020cc726cce69a647e1637e585426

SHA256
c3ef77e3954d464cac8d7ec879750f9d954c8af03694c1085841a8e7dc73805e

SHA512
7d029363b87f5299f967d00ab7c7780ca1acad9badcd5b39e7b4d76628abbe73a577a90d7dc20f970658bc77e36825e4c666de238aad78b5d6216b7f51a05e93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0c82eebda6407ee789d659a262635ea3

SHA1
d817cddce85b55e9441e9027af4f19d881721f02

SHA256
18cbc5dc90f8fa4aa1defc0b23b66a211b893c8dfa3f02ab0a243858388c4979

SHA512
7b65efaf608837fd46c3979ebb73f62e99ad924608350705fc89cb4898621e0ebe060a1412765d1224d6524e3aede60c0d7df1059ed9e8324c232d6127e4d475

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
81505071ba2ddda773429798cdd3a910

SHA1
473e6248843f1e621ac0cdcbae11cb4c9faa45c5

SHA256
8532c55494003c6778c61331e0a86ee10316663b7428e0319af44e1d64161e6b

SHA512
397927650d3519456d1f4bd6cd1b54d555c050808ee349f9c09540869656fef571fdafca36f85346a3f9ed6be8c282d1251514c9fd6bdf7bcf1e4499d9c4db08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
176ecd51fce06a1a0204dba83194dc11

SHA1
69e91258db3d7d1e6419d32c8479fff110b0939e

SHA256
f839185f259b85a72e50e3a341655605dcc3f9f847df46b0d840a9c2b80bc9d3

SHA512
0dfabc13fcc2b0810981a8cd51c352aadfbe02c08bbe997ad40759c51c8598c3927e1f7bb49064d7d612c3c40fdf365666fd765e218b86e5ff8642f9f73eb427

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
23658951e8d7fe5789b287e88f0b5196

SHA1
b6e7662a846a3f68e1b24c032412d38e72c03280

SHA256
51e70463d8dc06ecc6fbade434b85bdba852c4a74d3fbf813a57f7dae76450e4

SHA512
e6e3e90127150745dcafeeebce9c58088993820935cf7bac432e546eddba91f761ba5f6f3070615dd4f1632d483698e24d65349e3afdb401778387fdf325d3de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
230KB

MD5
7c7eb5a518156d947bd66a8e66d84bc3

SHA1
d86f1fa0591189e402976437e4d8d2e591cbf175

SHA256
0bb53a5519a6874c8514610af2521b6ae9e5ec1c2ebbd5a8420c06ac838efe32

SHA512
3adb5c50420ff1086fb4a84b83743ad4644d10856a6c298f2926d1f0c6488495c2d300defb6377e3570e3527f2e72f1c0f3b2c78cf3233d8a4cd629d3806df85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
230KB

MD5
b514fa498a3bd8444d0dfe76044ceaa7

SHA1
afb6a4f2e06170167ff0458cf5ba08e638463af8

SHA256
ae880597f71fa1a4d7ec8237f837c83cc3387d7eb6302cbf8b6cbb7fa9df8a5c

SHA512
8d6bda05bacabd8511039826887abec53f1a3279c1a5c219278588c9b489a5ab98bf49c9f1f7c206e1d80d2d1637592163ae39b716874765370b2df612823d3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cb557349d7af9d6754aed39b4ace5bee

SHA1
04de2ac30defbb36508a41872ddb475effe2d793

SHA256
cfc24ed7d1c2e2c6585f53db7b39aa2447bf9212487b0a3c8c2a7d8e7e5572ee

SHA512
f0cf51f42d975d720d613d09f201435bf98c6283ae5bc033207f4ada93b15e49743a235a1cfb1b761bde268e2f7f8561aa57619b99bff67a36820bc1a4d0ec4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
aad1d98ca9748cc4c31aa3b5abfe0fed

SHA1
32e8d4d9447b13bc00ec3eb15a88c55c29489495

SHA256
2a07cac05ffcf140a9ad32e58ef51b32ecccf1e3ab5ef4e656770df813a8944e

SHA512
150ebf7e37d20f88b21ab7ea0793afe1d40b00611ed36f0cf1ac1371b656d26f11b08a84dbb958891c79776fae04c9c616e45e2e211d292988a5709857a3bf72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8a9d6a4b-c728-4827-8290-64c6b97ede44.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
49c0e188b81fcd16f359d3d7cfb0c6b3

SHA1
76e713158404cf5aec0d542d095b8879819be60a

SHA256
f734edc8d996d343561d896a0249f005375514e07c14048104c5749b0b49cff1

SHA512
88ff5c9335fbe9213236b0e8daabdc4969d2d9866b720d493978f289f5218fad38075f60f0787cbeb812eccf0f7c5d6222b98e8978dd501311ba12a640e15c75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
738B

MD5
2240b0e471f87801234f36a3580e6db6

SHA1
ec8daaab0633190b9e96bff310d7d58579bd97e2

SHA256
f2cf6417b0720b0ddd90080d1c010819e8938b07984f217d64673bbf92959e43

SHA512
dbe23182ec11d44396de8ffc2519b83c658a6f235d9dedcf6de2cd17cca72ad6de9d3ff98bc8b63973e4b6ebc75ece9995225aa9a1e58fddddc0b02e1706ad96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
edccd1b2c91295cf7ebacb24a8b00223

SHA1
6eb5c77535420916ad5678bffa1e5ade28628013

SHA256
51874f2565b26b6104a1d85f5e05e08f3faf23efecdf615807c364e1dcb83cdb

SHA512
3732708e2e76f5e16bb2b8bb82859a23ed5ef827ac308e2726cf22a633e413cf2636d7354eac71007af5c9bd6199cf5eee6ffce938f9fd6c83860780da6a7474

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
279e90983a6de60368669324c19b35d6

SHA1
a547936bcff622279a0032041007ccf924bb83fd

SHA256
1089c404e0551dd4b9261205736c2a22764e20f95dc9db64608b9b1c88741fea

SHA512
ec80fb082c25b2bef484db85cdee96dbe3983be8d26c2306cfc02a59e0b7fd651093ee4e893890ebebc7d773d03d25f87bcfe2c11b2872bfd614a63656af7b49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2b98ea8878c294885de305bbe55b6aaf

SHA1
a57fe0785ecac565069fcbfcbef74bad5fd80ea2

SHA256
ede9f235f95e897f444e9e0d1b09a6e9f72a7bb596ee2d027097d4acb911db25

SHA512
0035dfae0d0dba711eda8f36e9a8e0d9c401e7125edd558644a904666d394e2731e340cfa2dc2cee12901cb09a1b7b731e0cfb82c7ad99969ec724e03c83a32b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
202df14335e6d2916a4ba89c69558617

SHA1
7f8139a9ee8f67fbb26a54b692f672c532fc1b60

SHA256
267cf34718522ce7838dbe66bc582ded4d852b3e702f86c069e2dd808cf55b25

SHA512
120f443eb8e36a8caa9805f791ff09ab60748b701e6277b4303b648f86d0e486a43af566ec56be39e05fba272d5a9b473f8672ab4db8e255efbee7f45cbead1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
40bc2a1aa76cf0ad823e81293d42a9a3

SHA1
73dba7720c55895480230c07bd8e690d5a7c1cc3

SHA256
b178ccb6dd09b0fc7afa57240a36cc09be7ca59de0634b4303b3170a5f57e5d6

SHA512
a360f1bc4ce1e9a5f7d0a4f3bff10842d82a86290393fa32835a52270d785ea50293f46eb4a337614f6306a8cf4f80efc256958a45db72559857e30c604d9914

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
c1c228d75de5e8a14f5ca2b49df43480

SHA1
6cabe3b75a9f2a6b6e35c26041e1b11aaf066e47

SHA256
4f9da637aa49bba985f815aa8810f020afbc5b421b1617a3aeb6e632820d6c25

SHA512
16d853b40f8d82a44d285ae5b18e31534c279d81fb97ca3d40ac0bbfac9cac7917af26510b2db79c98e8fbce65b1a81bc3c751eafbd01b57fe0157b7d4931d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
75ad59e4b3d6b7d9d0c90f45599bef5e

SHA1
9a62c30b2ef357dba0052d657c68f9d781a30dbd

SHA256
37fa1179394827cbd60ac113d7dfce26a2106634ae441006876d738a2a833951

SHA512
fb3045751403999eb7c76101abddaa7ccec0a50503020ac845299c60654cfdade2186fe312716337bd9e0c684e77bfeee359930f2857d0563e303ea3e5dc5468

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5a7d30.TMP

Filesize
874B

MD5
1c8912259018171b68f5e685ef65386e

SHA1
4e5255d50f524af46f48e7a38b9b1b0832ee601f

SHA256
3817a3caa74ade6381bc381b31297c400311304f0af95ad8a5c1bdabfde8022b

SHA512
835ebe26269f85dc94a5696d1156a2e871ede585e347da4f2768587b6f2fee0124f55ced49b7590839c7406ba391c239a864b826b4289c7f96c31206cc555594

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c86e68d03b44e217e0e1f0fc026ee169

SHA1
e376405b89bb648ac12fe7e2f3b6f49ef49700c1

SHA256
a5cd5563355290b782c00a6885f5665da7992ee86de4bc05d630a815543460f5

SHA512
fe163c009064470ae377345e7af4ad29050e796894b570facb3d5d8d3532a1cc4ca16925e160b5c82d50aee0570726e57f62d4f0c731939bade35e79059b1f19

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5032_369197278\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5032_369197278\dd1d2e69-a2fb-4540-808a-1e840446909b.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 600836.crdownload

Filesize
2.3MB

MD5
1b54b70beef8eb240db31718e8f7eb5d

SHA1
da5995070737ec655824c92622333c489eb6bce4

SHA256
7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb

SHA512
fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb

Download Submit