hxxp://itch[.]io

max time kernel
1193s
max time network
1167s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
06-02-2025 15:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://itch.io

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 8 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Panther\UnattendGC\diagerr.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagwrn.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setupact.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setuperr.log	UserOOBEBroker.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FileCoAuth.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133833298483702103"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\two-point-oh-point-seven.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 28 IoCs

pid	Process
3940	msedge.exe
3940	msedge.exe
2472	msedge.exe
2472	msedge.exe
2544	identity_helper.exe
2544	identity_helper.exe
4112	msedge.exe
4112	msedge.exe
4864	chrome.exe
4864	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
1116	msedge.exe
1116	msedge.exe
3784	msedge.exe
3784	msedge.exe
1884	msedge.exe
1884	msedge.exe
1772	identity_helper.exe
1772	identity_helper.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
3580	msedge.exe
2788	msedge.exe
2788	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 31 IoCs

pid	Process
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
3784	msedge.exe

Suspicious use of SendNotifyMessage 42 IoCs

pid	Process
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4616	SystemSettingsAdminFlows.exe
3560	Raldi's Crackhouse.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2472 wrote to memory of 1548	2472	msedge.exe	77
PID 2472 wrote to memory of 1548	2472	msedge.exe	77
PID 2472 wrote to memory of 1936	2472	msedge.exe	78
PID 2472 wrote to memory of 1936	2472	msedge.exe	78
PID 2472 wrote to memory of 1936	2472	msedge.exe	78
PID 2472 wrote to memory of 1936	2472	msedge.exe	78
PID 2472 wrote to memory of 1936	2472	msedge.exe	78
PID 2472 wrote to memory of 1936	2472	msedge.exe	78
PID 2472 wrote to memory of 1936	2472	msedge.exe	78
PID 2472 wrote to memory of 1936	2472	msedge.exe	78
PID 2472 wrote to memory of 1936	2472	msedge.exe	78
PID 2472 wrote to memory of 1936	2472	msedge.exe	78
PID 2472 wrote to memory of 1936	2472	msedge.exe	78
PID 2472 wrote to memory of 1936	2472	msedge.exe	78
PID 2472 wrote to memory of 1936	2472	msedge.exe	78
PID 2472 wrote to memory of 1936	2472	msedge.exe	78
PID 2472 wrote to memory of 1936	2472	msedge.exe	78
PID 2472 wrote to memory of 1936	2472	msedge.exe	78
PID 2472 wrote to memory of 1936	2472	msedge.exe	78
PID 2472 wrote to memory of 1936	2472	msedge.exe	78
PID 2472 wrote to memory of 1936	2472	msedge.exe	78
PID 2472 wrote to memory of 1936	2472	msedge.exe	78
PID 2472 wrote to memory of 1936	2472	msedge.exe	78
PID 2472 wrote to memory of 1936	2472	msedge.exe	78
PID 2472 wrote to memory of 1936	2472	msedge.exe	78
PID 2472 wrote to memory of 1936	2472	msedge.exe	78
PID 2472 wrote to memory of 1936	2472	msedge.exe	78
PID 2472 wrote to memory of 1936	2472	msedge.exe	78
PID 2472 wrote to memory of 1936	2472	msedge.exe	78
PID 2472 wrote to memory of 1936	2472	msedge.exe	78
PID 2472 wrote to memory of 1936	2472	msedge.exe	78
PID 2472 wrote to memory of 1936	2472	msedge.exe	78
PID 2472 wrote to memory of 1936	2472	msedge.exe	78
PID 2472 wrote to memory of 1936	2472	msedge.exe	78
PID 2472 wrote to memory of 1936	2472	msedge.exe	78
PID 2472 wrote to memory of 1936	2472	msedge.exe	78
PID 2472 wrote to memory of 1936	2472	msedge.exe	78
PID 2472 wrote to memory of 1936	2472	msedge.exe	78
PID 2472 wrote to memory of 1936	2472	msedge.exe	78
PID 2472 wrote to memory of 1936	2472	msedge.exe	78
PID 2472 wrote to memory of 1936	2472	msedge.exe	78
PID 2472 wrote to memory of 1936	2472	msedge.exe	78
PID 2472 wrote to memory of 3940	2472	msedge.exe	79
PID 2472 wrote to memory of 3940	2472	msedge.exe	79
PID 2472 wrote to memory of 4564	2472	msedge.exe	80
PID 2472 wrote to memory of 4564	2472	msedge.exe	80
PID 2472 wrote to memory of 4564	2472	msedge.exe	80
PID 2472 wrote to memory of 4564	2472	msedge.exe	80
PID 2472 wrote to memory of 4564	2472	msedge.exe	80
PID 2472 wrote to memory of 4564	2472	msedge.exe	80
PID 2472 wrote to memory of 4564	2472	msedge.exe	80
PID 2472 wrote to memory of 4564	2472	msedge.exe	80
PID 2472 wrote to memory of 4564	2472	msedge.exe	80
PID 2472 wrote to memory of 4564	2472	msedge.exe	80
PID 2472 wrote to memory of 4564	2472	msedge.exe	80
PID 2472 wrote to memory of 4564	2472	msedge.exe	80
PID 2472 wrote to memory of 4564	2472	msedge.exe	80
PID 2472 wrote to memory of 4564	2472	msedge.exe	80
PID 2472 wrote to memory of 4564	2472	msedge.exe	80
PID 2472 wrote to memory of 4564	2472	msedge.exe	80
PID 2472 wrote to memory of 4564	2472	msedge.exe	80
PID 2472 wrote to memory of 4564	2472	msedge.exe	80
PID 2472 wrote to memory of 4564	2472	msedge.exe	80
PID 2472 wrote to memory of 4564	2472	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://itch.io
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff858863cb8,0x7ff858863cc8,0x7ff858863cd8
  2⤵
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,11297481501508764168,16089462458035147902,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,11297481501508764168,16089462458035147902,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,11297481501508764168,16089462458035147902,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11297481501508764168,16089462458035147902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:3088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11297481501508764168,16089462458035147902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11297481501508764168,16089462458035147902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11297481501508764168,16089462458035147902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4072 /prefetch:1
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11297481501508764168,16089462458035147902,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,11297481501508764168,16089462458035147902,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4136 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1896,11297481501508764168,16089462458035147902,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11297481501508764168,16089462458035147902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,11297481501508764168,16089462458035147902,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:1908

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4248

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1888

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:3188

C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
1⤵
- Drops file in Windows directory
PID:3396

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
- System Location Discovery: System Language Discovery
PID:4940

C:\Windows\system32\SystemSettingsAdminFlows.exe
"C:\Windows\system32\SystemSettingsAdminFlows.exe" EnterProductKey
1⤵
- Suspicious use of SetWindowsHookEx
PID:4616

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DevicesFlow -s DevicesFlowUserSvc
1⤵
PID:4992

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
PID:3504

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ff8471dcc40,0x7ff8471dcc4c,0x7ff8471dcc58
  2⤵
  PID:1112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1816,i,6636101524651160946,13120756293144698681,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1808 /prefetch:2
  2⤵
  PID:4980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1812,i,6636101524651160946,13120756293144698681,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2024 /prefetch:3
  2⤵
  PID:828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2200,i,6636101524651160946,13120756293144698681,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2236 /prefetch:8
  2⤵
  PID:4772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3120,i,6636101524651160946,13120756293144698681,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:1656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3172,i,6636101524651160946,13120756293144698681,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:3976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4460,i,6636101524651160946,13120756293144698681,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3580 /prefetch:1
  2⤵
  PID:4260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4740,i,6636101524651160946,13120756293144698681,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4632 /prefetch:8
  2⤵
  PID:3720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4796,i,6636101524651160946,13120756293144698681,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4820 /prefetch:8
  2⤵
  PID:1668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4872,i,6636101524651160946,13120756293144698681,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4468 /prefetch:8
  2⤵
  PID:4200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4964,i,6636101524651160946,13120756293144698681,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4956 /prefetch:8
  2⤵
  PID:3396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5056,i,6636101524651160946,13120756293144698681,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5016 /prefetch:8
  2⤵
  PID:5100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5136,i,6636101524651160946,13120756293144698681,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5052 /prefetch:8
  2⤵
  PID:2052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5204,i,6636101524651160946,13120756293144698681,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5284 /prefetch:2
  2⤵
  PID:640
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Windows directory
  PID:4544
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff6d39f4698,0x7ff6d39f46a4,0x7ff6d39f46b0
    3⤵
    - Drops file in Windows directory
    PID:1280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5216,i,6636101524651160946,13120756293144698681,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3508,i,6636101524651160946,13120756293144698681,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3444 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4712

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4396

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff858863cb8,0x7ff858863cc8,0x7ff858863cd8
  2⤵
  PID:3512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1824,1124929492347605693,11780250690149796753,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1844 /prefetch:2
  2⤵
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1824,1124929492347605693,11780250690149796753,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1824,1124929492347605693,11780250690149796753,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2500 /prefetch:8
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,1124929492347605693,11780250690149796753,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:3452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,1124929492347605693,11780250690149796753,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:1864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,1124929492347605693,11780250690149796753,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4484 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,1124929492347605693,11780250690149796753,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4508 /prefetch:1
  2⤵
  PID:3608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1824,1124929492347605693,11780250690149796753,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3144 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,1124929492347605693,11780250690149796753,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:2320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,1124929492347605693,11780250690149796753,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1824,1124929492347605693,11780250690149796753,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4936 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,1124929492347605693,11780250690149796753,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,1124929492347605693,11780250690149796753,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,1124929492347605693,11780250690149796753,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:3796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,1124929492347605693,11780250690149796753,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
  2⤵
  PID:1080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,1124929492347605693,11780250690149796753,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
  2⤵
  PID:1752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,1124929492347605693,11780250690149796753,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,1124929492347605693,11780250690149796753,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
  2⤵
  PID:3720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1824,1124929492347605693,11780250690149796753,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5816 /prefetch:8
  2⤵
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,1124929492347605693,11780250690149796753,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6152 /prefetch:1
  2⤵
  PID:1892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,1124929492347605693,11780250690149796753,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1
  2⤵
  PID:2180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,1124929492347605693,11780250690149796753,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6380 /prefetch:1
  2⤵
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,1124929492347605693,11780250690149796753,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:1
  2⤵
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,1124929492347605693,11780250690149796753,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6860 /prefetch:1
  2⤵
  PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,1124929492347605693,11780250690149796753,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6980 /prefetch:1
  2⤵
  PID:1036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1824,1124929492347605693,11780250690149796753,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=7252 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1824,1124929492347605693,11780250690149796753,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4808 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2788

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3548

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1184

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E8 0x00000000000004E4
1⤵
PID:5016

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4764

C:\Users\Admin\Downloads\two-point-oh-point-seven\two point oh point seven\Raldi's Crackhouse.exe
"C:\Users\Admin\Downloads\two-point-oh-point-seven\two point oh point seven\Raldi's Crackhouse.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:3560
- C:\Users\Admin\Downloads\two-point-oh-point-seven\two point oh point seven\UnityCrashHandler64.exe
  "C:\Users\Admin\Downloads\two-point-oh-point-seven\two point oh point seven\UnityCrashHandler64.exe" --attach 3560 2115434057728
  2⤵
  PID:1028
- - C:\Users\Admin\Downloads\two-point-oh-point-seven\two point oh point seven\UnityCrashHandler64.exe
    "C:\Users\Admin\Downloads\two-point-oh-point-seven\two point oh point seven\UnityCrashHandler64.exe" "3560" "2115434057728"
    3⤵
    PID:3156

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
37d530c1a58c3496069204df266f671e

SHA1
25dc4e03fe9b30779bd11145f307d9f59f986b6c

SHA256
d95afe0012bf36e745f69771e1cb8b0dfcc6bfec3f0fde82828d69c2ea73028f

SHA512
cee1d23cf72904f233094c149b76a2d8e0280a530463a0bb9c451773016deebac5382420a7bc44eede2ba3fe6033ffe245d3f160f6f35eb0179b60b7116c24f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
2ffbc848f8c11b8001782b35f38f045b

SHA1
c3113ed8cd351fe8cac0ef5886c932c5109697cf

SHA256
1a22ece5cbc8097e6664269cbd2db64329a600f517b646f896f291c0919fbbef

SHA512
e4c037be5075c784fd1f4c64ff6d6cd69737667ec9b1676270e2ed8c0341e14f9d6b92fde332c3d629b53ae38e19b59f05a587c8a86de445e9d65ccfa2bd9c16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
2589966f391660363ac92b21872ff181

SHA1
20f6009af7860ec690fac6b2bf143d25b6442e5f

SHA256
7456baaa88cf928822eae6bd6784fe47b83fa1f8f2b4dd8e0de03d86bfff2011

SHA512
429a30800c1310eb92226f0adf9d20bdb12132264ffd4127a55ab4d87577f32bd9df937b71d51c70e20c56188faf03d9c96990f45ff6ae94ead59093413e61f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
89e0ebd8552cfb04f865e491330cd4ca

SHA1
6fc3e6636387eb3c38e7255b7350874e3fd36eb2

SHA256
f80d30799c76671d7a492d0338a79636b4e991ba2e6ff2df2645b0c053c1a073

SHA512
020fbf2b7d119972ffeebd834b3bd0e614693c04840e81d5f4a29cbdf78ef21ea84f7eca06aa6a9d9a7912c3aa258064680d1b3bb92091f8d1d4347bb878b15e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.86.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.86.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
05e58c4e115c4074c92715035f8f8003

SHA1
1da3245bcf98d98858065554660bbf15d9a29a0d

SHA256
63c36adda18d740a1f3500020b4ed22050082c2a52ccf9bd8248cda7cc890876

SHA512
c98f21175845dc139eedce16f36d9d183a2fc448f546715c74f3fb2b657401412e25a63dc6e0555440c9dc72285d7cffa3139543fefed7f7dc72ad6095b5d067

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
2c850730f3db1951399b7dfda066b418

SHA1
495d46f99fd5cf9ec53b32f0210121a524fd13af

SHA256
df8cad786bbe817348b23dbbff968d8f082bc2ad3b5f744bd00a41c4c29c400e

SHA512
af9665fba088aa8ef61166e7f2a80bd7c9f6b27dcbc6ef84e3c5243119c7af274effe2149d146d8487e1f73ae11d4f5e62d4cdb2790a1d15235758b66c2faf1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
cf3e02698627ce12a019b9da55e14dd2

SHA1
b013f3113a2a421670217a3033a778cec7117b01

SHA256
4dd57b6539060367c37da7aec527701a212418695e7269ff31b9be0fdfc1ee56

SHA512
2ec9a3fc9472815b6aa3db69d4f5a0edef0194dc984b4fcce744e4151f3d00420e579ddba9c5f3b74feed0a92a96563c68503a334c56498a5f5c5f7acb4c7a69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
5813a3769c50acedbd2aebb50750eac7

SHA1
19efb2fac114ae1ca3ec45a76164abb7ed09f364

SHA256
2949ab6c64339ddcef673369ca1726af223570e1a2131223aab54a5f0cf35dd1

SHA512
a268a2531db84236691a69b68ae896ff9af05d68f3c458faeed091aad36a42f07ba038ec95294d4960745ce6196dc71e3df8cda1c8edac6a4d616a8f539ca490

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
02b2529fd49e4e7f59dc3f1b1ab112c2

SHA1
f8c0b4133b6e958c1996130caa60df21b1035122

SHA256
139fcdce4be7f443b9e13971288b2d87fabba384b19ded882259a6145a05a34e

SHA512
77fb8250782666796c88cc815769afe4538241ce78a8fb97a4d1ce4fef0988cbc48beb8c0288ea1e52975b4bfb65f5ea51154b7243a4b6fea7c227472372ba9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e685c5b999d18ffe11d329ab61e3842d

SHA1
c20384c3841d6a3d47205127abcca46f36ac9362

SHA256
8c1bcb0c11c27bc921e6ccf74620dedd4418cb08728002e2531942758bd0a488

SHA512
fcceea8f240e68582d12d44452b7eef74f42b8a01f9578cd1cd342e1163ea8067096e8a59e34e08b83724f196c95bd550eea8b44ceed6410542f01498b412130

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2ecc7649f5c867e2c8a4b9ef4014aa5d

SHA1
f84d4112f44168864e093e5b5eb5bc6dfd6ce3c3

SHA256
8abf6a1e59d48fca59277282f348520eef210ed8e44cab0973c857c6387298de

SHA512
a08ad6327d3879f1e443ee4378b861db378a4d620a891fd90718159fb055700951c49bd97f2f187923028803d1da840a4157c2bf30bf24ca09d992bc93b80410

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
964241ccd4fc86a0fa5d86cc0fb5993b

SHA1
28cd5a1d397b586d1c15c74b5da768e8f1ca9e69

SHA256
38509858b71b66ed398206b798590029480fc5248f8457b42e0b79fd3ccd708b

SHA512
4183fc32cd46fbb65fee5026a5c61d50df463a9cb936e48363bdebf589ce100603a690e1db8c46391ab79c0cee40723c49ad7da61bb4c719e90d76b0ab40cc77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3807af0912e7b44e873a8ce79f9c8ea9

SHA1
919051e1d1b301c6bb7535336a6d75361863e0e1

SHA256
4828585abb80acb02d25507714bb495201998e145412bd77e006530f11ffe69c

SHA512
ed4cc6a6623838b528f149b0d4116fb98dcb58b508f2bc22b1b384e8134531edf5857260e73ed8b45b062a197e4437f8c2475c179a9d32502e6439f1541f287d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0ff3cd675dc11eee12177de4e0e1d194

SHA1
4f019a13ec60d6ab178193d47800816d1ad66d2c

SHA256
991a13531b01bb5524c11918c71a3cb9f04550d76c83fb02fb869d1c26277547

SHA512
05ac69e02a7b0d2ae9b224257167a32a149a9c3d73feffc8e3beefa34f76847c4ba64edea788729036539ed5d74e0f540c035c990cadaa092f512f5cf1a06f3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9b68cfca7ce7dc3c99826b6e731ddf62

SHA1
425e83c1185d772cfcd1574b180f08e966729223

SHA256
933aec8590fc813674711107ea107cb3e048d1434aeaa790cd3dc0492af92f26

SHA512
f244504572ed94f2f8e1135c8a4b20d2b2dd7c1b1cd1da70284e1520d84495eff1614b2eaece1c7134c4438dec1410c1d3802b726356848084cb087974d98bf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
037df5dec5d9b2a611af41d0e05b7b5c

SHA1
e748f28dd4719fb2c24881d2a5d4230397d794ed

SHA256
10c5c56861f334eadcbb951bd8af762a3c6ddd579bcd6e191118a44372c96267

SHA512
cf6f99272b49819c7d4d836c214b08320a0a624b7a05010b3d640fe6855c24928caafef7fec62ec69e3949ba43650e995df868f22c12aa5707a9781dc6822b08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9c924e0cbf623db687b255a47af54ac5

SHA1
a2efbc1c12f0019d85914e1f8983a1c15d65d9d1

SHA256
25f913bec6b1d1e0a4343361a6e653c3c41d370b87d6c0504ed27534889ae375

SHA512
f78cf14a001b3f7a5aa461a49dc60b8edd2dca1460a5db8bccf09c21b5684c4ecfa6f635c1ef210dc3bd0391c501d0b80a94ec31af3c19861ab8cfb373b510a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6b2b4362609301315ad0a8cf9b6bdeb3

SHA1
e8d6f961cf42d61119cd322b27bd1936de4cc5c4

SHA256
9502993dd2790a686b54f98c2df249c418f67f15279e128c74bfe8041769546c

SHA512
bad0b99de73a56356ac5bb4e1d7b69344ffce7b8cb409f255bd9a180769e0cf3c6b72ea00c26b3277f78614b003b90f1032f89e25323b8b8a68a9087c24220f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a3e161e50910822d4c9fe7c5eb76cb8f

SHA1
347c1b5e0131b57b0fb618ce9b0c460b95ad4883

SHA256
c20e9b3a61d897c2cc42a7c0519f9071698ff957193c95a920d1abca81c2fd23

SHA512
767d256e504cf1d582b05c0140cdfb8c10f20890833d186707151eafbba16225a50632194a61f7b2329af1969ce3361747f5ded3c77a085793ef2d3005dc79ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d7afea25db1d48cdc6495e2954fcd360

SHA1
f7af13fa90424e8a1c9caaf8a53ca2edf55915d0

SHA256
2ddfd4710e5739e4f5fa630d0bd44386eef26c6fda88ecfb9f10b7e553c85f9f

SHA512
3c01b3b533fc34a5d16613dcb7978db971f560321bd69756dd91e0a970282cdfa71304593208688addf30a914d84f385494fce68be5139d7504ff35927b8fe85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
2c96663bec8904d870705ae2c4d47075

SHA1
7c694d71966bfc803648284b77689673252490be

SHA256
f57fed4344d3393ed49beda9ac10faee9c7e0e091fa58c0578d36291fcc831b7

SHA512
360962677cb2b0cf48ddaa39934f9025743a01a10b0b8f57d687f4bc84223ad4efa73ab261d467fc7d3c316e9c11b06161130aae56ea09ea20cdcdd7641d9b31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
55b8083c45c64564a248650900df2510

SHA1
754e015081514525d26f59648ef134b91ca05d07

SHA256
5acbd9e08d05f39707a5141fb9d59748e66f3e8ef22a475c2a726128d99a77bf

SHA512
a1f304ebadde91713de0476e84a738d398a28e8c9c8bd042de662344747aadef611cb9629a73a5e976a6c705b871c155ecebadb65c5acb747cd2f8b4d7de9811

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\bbdd30b0-6811-4aa3-a127-ca9b9993a9a9.tmp

Filesize
9KB

MD5
d314303dabc56844f8ef27f60730790b

SHA1
18d1b2c22f267085c06871923c9a82d0eed57299

SHA256
22dbd9b6b931f90eec1736ad54d9429e95414cc39ca6a24b2318bd58c9aa7a06

SHA512
93641b05725c2bfd15164488eed22a0809936a85d62e24f8ac6da496cda7f6c7e5d8c5cab65b13546430bb46ef596b815794ee53b2b37c6ab36263118c8f29e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
236KB

MD5
9512669d3715db5533af67a7a8f61da7

SHA1
52a085df9f2fc70f463bb68da03b95780147cb6e

SHA256
cb093808594853bc7020288c9e5642fbb68553f47042cc12806ba8360900c5c7

SHA512
21ae8551f9ed3818a69833ab2efe7b9b6e168ee5b654be10c23744c0bdf57685f6d1cf64b28d21bfb6cf2136462e8ae29df0beacb6e110d3df3dd23d476f012e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
236KB

MD5
67791e917208bd03c899d1d9bb8fecf4

SHA1
3ea5dca694f66ddd85f85de84c5a7ee479bb729f

SHA256
78da47b362d7f2f4e9c9b52ace47bdb4511576497081542e009f94df54a0a67c

SHA512
a2d469635b985df9f13d585e2be5dc787d102a0a0d6ec7b23279ab2fc4eec794263bcc8442b5eee9745d30331e41959efdb3e1e42f9b28bbdaca8da488529a16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
236KB

MD5
31119f7da6b32b3e1e2ce010a4ccd369

SHA1
578f08cecca6946bf4470ac0d9b14dd812759762

SHA256
8c7662905d2f630f6ad4cd1335e0a5adaf4be7d5292c843b872be79db7daa853

SHA512
0e8008911e9f4f887c7b2f06ca24e0315f0ea4440da2936866a9efee52de25f06adc32ffd860fe2bd4ef06052fa32ab8c6476fa53cc6f1ec18cfe7c818b8da03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
236KB

MD5
55731835fc6044d39f3e38b6ccb5c0f8

SHA1
e3b70606928ebc712192b8c56aab488ef738e84e

SHA256
a53e13771272f4e3e3a963387b00fe6cb93c6b49ce4018321a67e43633d9c588

SHA512
a646ea1f2c38f12d6e523e13d9818e0eac0c8bfc92de0baed56ab7ea7e820a63e10b4152309c94455f78615e7762b53c9d85ce1478cf83abbea4351bcecb12b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
488f3fff5fe90c7f68d40dc4823c820b

SHA1
43d5eb653cfb1f846c3e42596efbd69486074b5f

SHA256
248c79ac235cb52fb0c28a2340eed20d62f3297a539be80e9e4838f247656745

SHA512
e7e325b39d1f98b172a227663099f7112e5bd36998615cbddad826c66bbc8da5a76195bafeb1d4541303d537de30278a58a0666431a19c3a4adcb03d34c57ba0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
aad1d98ca9748cc4c31aa3b5abfe0fed

SHA1
32e8d4d9447b13bc00ec3eb15a88c55c29489495

SHA256
2a07cac05ffcf140a9ad32e58ef51b32ecccf1e3ab5ef4e656770df813a8944e

SHA512
150ebf7e37d20f88b21ab7ea0793afe1d40b00611ed36f0cf1ac1371b656d26f11b08a84dbb958891c79776fae04c9c616e45e2e211d292988a5709857a3bf72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cb557349d7af9d6754aed39b4ace5bee

SHA1
04de2ac30defbb36508a41872ddb475effe2d793

SHA256
cfc24ed7d1c2e2c6585f53db7b39aa2447bf9212487b0a3c8c2a7d8e7e5572ee

SHA512
f0cf51f42d975d720d613d09f201435bf98c6283ae5bc033207f4ada93b15e49743a235a1cfb1b761bde268e2f7f8561aa57619b99bff67a36820bc1a4d0ec4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
1d2e4512c91168f4ca66d3909eed19ac

SHA1
42bd5c3e490b61870a403d4e3c55adc59998232b

SHA256
8d43d088bb4cb54ca98a0ce4b113dc9d044baf5c6a9ceba9f72bc0889ce1660f

SHA512
6d5b8860ecb13c0b0acd29444bcb9683ac51209ebd01338760f8ae89669d9c1df386280ea481fa8b8f55901ae944ae11ff88965ff8398fa3fa1f3e2d95979677

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
0014a3c037ac5f5f0d66d71f5ae62546

SHA1
a34e148342c06e94b301969af3d683a6f69b17f8

SHA256
8836076e8adce77c01b3f99a2edbb5f74793eaac795f080a26b14e7e1bab7e55

SHA512
4c823a25dbbe66729cc6e60ebe5aed7db741decd2e5681e824a115edb6ee685bdf8293fe05a289890628bd0dfb3864fde12e97610de192dac3b5a5dddda3177b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
f0250433037cd50b16af4ca29927569a

SHA1
1d17cd392393bf3593b01818cce4f243a3ce4462

SHA256
23d83c921176ca2adf167cb5865341a2f1fda39a3ec500f3fdeb996174db45f6

SHA512
0f79a9f08dbe1b2820a765966373256e9ef71f949bad44c4c1be2af4d5216697469b5a3bbe189010a99db1e4124419676dc04655738082264344553e3edd2625

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
bf91fe8f369d6757652ffe6f5daf5346

SHA1
7a2973a65adacc563c82e1ab415c81fd0cb6247e

SHA256
1a901e54ac305f1cce21a3fe50288e0115bb4c7290543a4068a68ceee8b0e127

SHA512
4136f833d17a48b745fa27b807d0544c25f02e2e7fb0de69119d89f3eafe8f45584b773ae6c26701d71219dbc67c7c68da78436656e96fafe1b99fc09d758c90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
3KB

MD5
e91f6fdcd18fe45e930dbc4f871e7d8c

SHA1
54f3ffa5661ffe8be069484d2eb1c026cee576a1

SHA256
a9c1a84e1612a08afd78e7f0c3f59041e8b4e86ca0c91eda838abf6e14fe3d79

SHA512
6d39e9c39a9309c503405f3969e130367663c5d76b3726c23950684006b079e4d644ce820fcf70d90ebfb672df0bdf316b989f2dba7b3e20ded5fa140ec39dd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
790caec3383a0f73bcc3cfb52406285b

SHA1
0d4b1bd7788ddad2c689009c5127c81b518af765

SHA256
b936af0e03a65e45fca176648280162c287bcd34f2a521383499d32796a3c9a0

SHA512
7dfe513fca80497d44c29f03829311e4d2cbe474b212b02fd209ee818be5ab0f893e6e613a742d96d4cab5d1c57550264e37e6ee21806357aa3cba0bb47614af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
929b63b97abb9d5c8add3ba40e2e38b0

SHA1
9e98827f1d8a646bfc5d8deac769fed84828c3aa

SHA256
a658b04448cd91a3b701f354c212834d09db91487e2df708cf26b1106a2d717d

SHA512
1363548b78c5318964a54f6bb359ae13e86a1eb4cc5724a26f9db96e9d436eeb184cd69394e4054d821e23ba1dc417f22c03b938091d1945848dae73cc50359a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
1b0ccb5a5214ab347c8e3cc575226226

SHA1
d39558d011e4490692f8729daf22108ba9373ac7

SHA256
7b85ce83f82d20a00e88e8f4bad8dd5f5bca59f1f2feb4acdd416c59d41b9473

SHA512
acbccce46987eade78c819b8e2c06947b74caa28235f49cda12c97e6292e975dd5a19e8227e784d9c4953f511f80ce5a1ebcbff6701ac546d889d46337bd1be5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
ed2c37a3a9d6023cb5b84162be9f7f63

SHA1
42d8ea6f49aefdad3bcf82606ceb24cd1f683e59

SHA256
4ae6c3908eb74cb8b992a2f1801669775657cb3ad1218b29d6a90373d9220a85

SHA512
a07bb2a77020db148c3adbe677ba04fda716cd613b5b6f00d0cde40fe174088151ce78543d6797f8dc7dfd664f342b4926e1fffdd518fee3afb0076eedd405e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
116KB

MD5
231c83f279d50c84ec2cdcfcf36cb11b

SHA1
7363a347322aa2564d2a92f6e8bd7ed0ff3bad63

SHA256
c7b6851a8eaeb476ac0f33edb375498c37fd3a3a77f1fd1ac1b1d3c0200f038e

SHA512
e4b363217ed58fdd6e272a7d453d98ebae2e7a5311bdcf104db6d4603b5f335686fd22a9398ee10793ccf6d885ffd7efbe610e6e9968e51fe407912ef4c3f70f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
786B

MD5
9753161e8662c7d19be1e09a13da21e4

SHA1
04d0db95020cefd7d425ea0b79cfa348cd31f623

SHA256
ba5d400dd1a69b3bb41ca836eb96b0ffa90d4ba50794b108b7d421fc866f3e28

SHA512
4256eccd10758aa036eee54641b0b10d381090d024979b8002385e3365ced1919666db65bd0943fdb3d84a8c0e29d077bd480d9aa40e77ffa7cae6d716d400fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
bb15eb956f99e9b7ffe8e7280ed9093b

SHA1
2a50c8f37d9448ee1ec1f5e0f8b864d396802f44

SHA256
dbe330437f8ff55f3a6f6b27823a56af5a9c9891fd21669cbe4d05b91e153ef9

SHA512
808f9af99d983ef79fc06964cd9ae05726968ed392b12cccf23290284df21f33466755cc76b568e67eabfe32051fd52afcf5762a4a5557fd0a9193f41c60d56d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
943B

MD5
526e3d4d725e2b21a589cb32dee6f6a9

SHA1
a8e1a739c18050b150ab65bcf8ba2ede05cc345d

SHA256
cd8ff661040efa6684acbe8574ba355dee58e223aefdbe4eb42fd5fa7a20b046

SHA512
0bef057d8f28073c2794979fe00c7d91bf6feef013d4329c8014a17436eba3120de75a39e05bbdf9473608a266b07497c0b5278812d17b7bdd5a069f3426c135

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
2812cd2f8714d629dfeb796e8aa7934f

SHA1
ba86811d0a535afbb46444ea9cc938cebd4749c7

SHA256
176f3a99585254fc5247f157f9898b2a90e2e1d0825aab557438f3d0a4c6e2ae

SHA512
14d829ba9c9da7a0821ce430611b6dcc8622bdf29de74521501c14f3b5b2d7b3546dacd02ea19393d9d17a1ebc6b9e2b2105259ba26687ca3453bbfe2ddea620

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
82f1089e0ec1aa6c0281e23cfba96e13

SHA1
d0a553f5dcd9f2012d983b55f60439ef8fb74e01

SHA256
1df54edacd2463cef18c9855bdcaeaf0008380bfb9cf07d5de7a986339221af3

SHA512
502a3b3e69a2449363c9dafc5d8e4f18e3737e07ccab3b3232a851f0c0c5d6ad8972213ab6b44265c96dbf2450846d90e0981696624ae96fb13df094a054ca92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
bedb661b6de611736902bf63e12aaf47

SHA1
8bb531aac5a156799bd3aafd9d9a371beffca61b

SHA256
8ccefc98cb669fb76ab8dfe2e5467ecb28fc7b21fd69402c8fb816ea3e32070c

SHA512
e99b222874ac143ca59699ba8842f4babd59e61e926a30303b4064dbd255e142cd7b0839fc35b3896c85e4e9711823b385560d4608b3326b0273101fa1245877

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
943B

MD5
0da9705c410a81ce4bf26e4b4fbe703e

SHA1
7592d4c552bc12cdcc1be842767699b8f5530e89

SHA256
988a9291d6c7e07d49f8e411aea9fbc3d26f4ff935976b8e20cd4cf8ef6e5cb4

SHA512
8ca6de9e144d4d4427b968b4ce98eb6ec71a18cd25f5c81737ec1388820d7f5ff63b4cef6f5b9ccad5c0dc2f33427d00630a37f5e7888b91077fe32e7b8272db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d5c0400cac52a5360a0449e2cc94b84e

SHA1
242cdc8f5faca2df1fe091a9acf52e5b42cc895c

SHA256
f7b323dc313f105faba2701b0d653c86802b11ded720508842095de41f207cb9

SHA512
66963f7d8c2ab64cffc003cbd53dd79a4ff800395c7b6c0f1d50efaeaba1eceb63be21b48d5e132cac20d4840b9df01f1d5832c34f05b13c307dc04df1a4348c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d6b8660f86d0c0c18c1c55c2a4444a22

SHA1
3ffd8a2ff06ef1d6d8fb671026800033ca113789

SHA256
aade00141ca21d822b8322bc6e0e2dba6e4c01bb65436562410784f02a04c418

SHA512
61800c57f8ba03811b54d6628ae9fdc55413a9af789e7a33d2c049fa70709ee685f54c6c1720783c4e9f07abbb3df92238ffdf07750ebce0bfe18589ededdcfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3b61c4224ade4d1266e2eedeaa67ef99

SHA1
1595f8cc23a458459cfa1bac56b421b4eb29d913

SHA256
935d2c497e4f277e25ef766f987ae5b8476747213f119a4b08c0d7884f604b43

SHA512
545545f9f2333c3e8b23c349855638a17bdd343b1d118fa337659b0881d1c190383e6da6b36edccc7ef1a8287d7470606e22b680c44af57972951a8c1e1f2cf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
90bcc61686fc8f0956922a2660093607

SHA1
a68b2c37f35f6801f1f6f83af6782bc6c9a6b7e8

SHA256
b348ac413d7869c093741c92f5d6ad9b65cea39ed5de4ab965e8a724f6e9aecc

SHA512
cdf137b454b75a6e8eef3e1e2d257f03724638b7df2964060ce3a548fce6057303e70e71ed9f828db84f86e86abd10e512a631a24d08535eaad998a7ca9bd15f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e2b370fdab8938cca9cad8ed9adf733c

SHA1
899babb74b8737c695927c36c6dbab1992724d66

SHA256
b0b03f83c03ce4ffb57dfa6f92ad777abe0eedb083d17acad8fe3a523e76a3f5

SHA512
f64fdd9d069a22ca862fa58439610e80116c360ce81b36db270f921881eba2074333d532c9396d002b27b404af83506bac5d408e7ae23e46f468f6750b025c0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a59353bf16ca14b06764efa1039a4525

SHA1
6679e96b4ced295bb389faacd8675a17576c83ab

SHA256
b3a28f3b8f405b44b948017e9a545994189e5c35225103fb3b21156b9aca0c72

SHA512
f8c21d9afa2cf287bf74311e483fde8e64c251462544c87cc8619f07925113bb1fd7baabd3686ff925c6fd2f0eb779dffcb909e6c974d2aa9ac495270838d725

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
bd7160276961979dd26ea492dfb26fec

SHA1
c211ab483b91cb033d47f8c2762b2e1c0f3defd2

SHA256
5cb433579d0a3cb57bf9ec57a1ad1e7a101e182e8ebcae98219a05463c10bc97

SHA512
f851403080e04ebb799254793666c0b3002b31de105f870747605ba1e71e6ed0727e6aa919537974a2ccbe902bee35276dfd58f11f5f54a4dff8389db1254324

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
1012204511166eb1897d7c6752b8421d

SHA1
db6ba556c2a9dbfaeb85307263c68e811c625b23

SHA256
5f3f38e630f71fd64a4a2ed0a3b8b70e891ddf219ebc27fa56d4b6afaab85392

SHA512
87ba0724b254e150948b478f57cce9b306bc675cb7a62e9f50cfad2567278affe89da2400068a5201caefb255ed2f8757c9e526a57fd7d1bb4abc9a5ff454d6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
89a9a1faed65ad36535e651956245ba5

SHA1
5439313e7abe8f8344766b0eddf1ccc088a65bde

SHA256
245f9250ff0e2dc1c8808c483cb91937a20c51366dd791736c167e0f270a82e8

SHA512
5eb7771440ceb5ad89f1f3bd9999be4fe12d2bb1ee9903672754faf68b092d06c435c90f54ba0e67eb92bb06fceee68ad46331c4c71fe3597338c85fd26b0564

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
156B

MD5
fa1af62bdaf3c63591454d2631d5dd6d

SHA1
14fc1fc51a9b7ccab8f04c45d84442ed02eb9466

SHA256
00dd3c8077c2cca17ea9b94804490326ae6f43e6070d06b1516dfd5c4736d94d

SHA512
2c3184f563b9a9bff088114f0547f204ee1e0b864115366c86506215f42d7dbf161bc2534ccaee783e62cc01105edffc5f5dabf229da5ebd839c96af1d45de77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
7851cda124f7fae1951032077d90f955

SHA1
a579506431089a494acbf70da51084ab348c2547

SHA256
9b5aae8ea7bb2cb7b65a5afa1a7721ee0c69ee14121838f4ce353d600adddb8b

SHA512
d3bd515653c155ea9d7f66990354fa9e54972af0e7c0bfbdf9b598424ea228fdf0da15ec5ec9f5767b22f2683b13204bdf34f77069067eff7a207589e4f4b8a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13383329749110727

Filesize
2KB

MD5
c16dd52ad121e66ae71beee4ff8597e0

SHA1
200e5dd6cc5f0c4161cae8d29df2efc95e929064

SHA256
9ab724c0159ec9be729e7b27037f69bb97165a8b80fcf6aebbf82f6fdf3399b0

SHA512
e531c40dd4280737f9771eba4066c470c3f66fc0b7d0028197fe0ae5aae4d2ae87fa04bc798fb872255029ae277ff029d70839dfc18a1d733bb260343dcdb6bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
d13be89a295ed4b3b457fc786536a2ab

SHA1
0af6d81fee0ee9b0531d5f242d904bb1e1437865

SHA256
27d2ceea641454505e1b0accc8c2d40abd41308b38a3e9424b362ad08ed6fb7a

SHA512
720a954234a3e8bdd157dd4919c0b7036031a8ad1119ea54bb134f39a9d8c35b560eff70ddbae57302b43556b9e8f965bec55c944186522b9c01296285eb8ac1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
e2d46ee8ce05c1e9d2b984f3e99c16f6

SHA1
1ca1963527239a56fc4293e2015518ae0924ede3

SHA256
01f9ab9f11fd188ec2e72fead9049ab422dca05768162153b8d8a0343fd18a45

SHA512
ffc4dd37f558ee36472bd4e1fba73b724d14c21dc21a561e32671d02b3a90e99c3f44a430f86139cdfeb70078bd688492d5be6e0fe174945f920d73dea9274b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
1719b2e19de1403308919d9b821d9c30

SHA1
94d7a74c18e11efb4834bb0cd5e2a25dd8bfb1c9

SHA256
affa42c03077104389e5ff2a6244ec95656d9bfafe4369f6c7e0331fcd0b3d04

SHA512
40b29572f210bc9bec81eedf43b8621cce16a100e7e8dbb03df6405ac366c96fdf6db558d1471f4045fd98145231a235b9cceb9e307fc249e8299cfea88640dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
368B

MD5
504d282d3935c071350c3ff3a51cd326

SHA1
b7603ae603e2546297d8070007a4ad261a0d2df6

SHA256
7cdaa2728be7a98fad88a4ff3011a0aed6a0031610f5987a586aabe7d13b2619

SHA512
bdbc354092117370f316969fe2d4422d723f7d4579e0c714f81ef214a303ff429d874638ae2285a11857f89ad35100beb04243cec39ec4bca33d6329e8b915ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
5370fe804ba3e95af157fdefde23b994

SHA1
2a60318cc7fb2782ce8fc631e6821172b30a6ff6

SHA256
13e85c78d5105f43c1020e6d6f3cbdf78edeba3448217faddbc171618c325ec4

SHA512
ce00420665f91e28ec8e49bd5fc8ca3cab5c59d6745dfc162a54597696214cdf719f8406431441129187ac13448208f07d6d08b6e817f1f1c700ac758356e97f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
498fb80ef3599059586e5ba449453731

SHA1
9f7c92b4be8703c723ee5832a419ebb33c7d6eb6

SHA256
affd8f58b2a1492c5583320b15ed5a5819bbe6fca4ef2f5cfba7307ba94fa968

SHA512
4cfeea8f0fb146a271879845ee5fe9af5922dbce71fb2da68a5e6b22324e6d4f9f05c1c6c0133a7023b2f02c603e799b5e1a12d2dcbfbf889ccf9c0bfb4a6558

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
ea9b7655d37527a2ecbca538b3b2dc50

SHA1
12fdb6c499102fda9c212fd2910c3de754f58f8d

SHA256
225178ff370c4ac9f0902a43c292c284a3e232ddb2de843694a623ec4a19e1c7

SHA512
b4244c3312205f2b0dded9832c5bb4cdde47aa4c6eccfd309e47076cfbcda1d7e5c1dcc341d883d2891702aad105b1cac937dd141b6d1af2e23fab1182e5885f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

Filesize
482KB

MD5
6e5d79818fb8895917e0143f79f2625d

SHA1
eb29414eed3b02f799a654fc63aa25e622436a97

SHA256
c14711f4a1dcf3b6956e767a7b3fe9f0baadb27c7fbbc6b62468c6dc22eab0b8

SHA512
11172d7bc54bac03bd8863a1a88b00a12d85d4bca8586ce4008b4767167f96f02f8b15eb18c041fb48be398a17169ced598a6a94ff46d56173e5e240f0b63ebf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
19B

MD5
0407b455f23e3655661ba46a574cfca4

SHA1
855cb7cc8eac30458b4207614d046cb09ee3a591

SHA256
ab5c71347d95f319781df230012713c7819ac0d69373e8c9a7302cae3f9a04b7

SHA512
3020f7c87dc5201589fa43e03b1591ed8beb64523b37eb3736557f3ab7d654980fb42284115a69d91de44204cefab751b60466c0ef677608467de43d41bfb939

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
6a845c105854b219b2ebff8b14a17312

SHA1
ee3baf2301ba63ad290738b6536f0b01db10e0b9

SHA256
763db050167ddccf69d500c4b5a7b6d92dc0a9e62843dbbd5810a8271175ccf2

SHA512
8d1b8bd8ef24f1221fcf4ac134057e37fb8d7d24a26903cd27207e3dd32272ce727aade9b20b90c1365e149e0c4819d7b0f8f43b22a3050c37f187a770c2b771

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
318B

MD5
b7b7d05dd5dcb3dfa8292b17bcec8f69

SHA1
e98464d3272e4bf1b4d680ea5a7ed41b09df7594

SHA256
d9c2a61077dcbfd626391c622c4c4ea4a7ebbb67bc782fe1f85d391276fcb857

SHA512
8890f8d6a91f4043441540b333389f29cf3e0f00870414df91f700b8273b7bbc32d92a8923aefc955a99fc6b3f1f639f6fd5aec620b5cbc39933ee583bcc8311

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
68912813e1b9040d7dc8c31b9bf74d64

SHA1
03f42a9795f6f2de333f0e77dedd65a42ae51540

SHA256
ff1c06c60483f48fac271d405b217a529805dea727543a553511cd66b89621a1

SHA512
e5a6cfaf25aff4bb3b607fc5991520f7dd0a5b6fefd5d9798e951f5e26c528cdd5c31b66f32a0aee8b565cca9993c095fe454eba0d93622512493d3cc972da86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
c1427e8d9c4b834b98db0a296a93614d

SHA1
55eed9149a751908503393a1206396c2bada627e

SHA256
cbbede793952e02832f9ef39304596cb8bd14b5a70a429d3e2856981e99ad05b

SHA512
6280a9e64199f48f3c86894fe97b256b5f2fa3775f081894442cfc97b20cb31c00fb84f6e26725560611c857477135121ae84d94713b57bb5dd913d5fe531820

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
0e8b0c51fc0482dbd7261bc7ab3b83c3

SHA1
553063282fc5566a8d4fdc3ef1b3a7a5194976f8

SHA256
0b8c60a83096084d39b424d47bf042d26ce7cc30b9dff484f3dbe6777cf183a1

SHA512
d7ae4cefeff7e675168a213ac5e3ed03f35f6a92df4a0ede2f3a880a91ed115c2a023ac747147677d601be58cad06161c0dab4ff478f98f7d86b7450e4d0d2a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
1c29e08b662e4e6ddf739e4c3afad055

SHA1
b1d5a87d50c47d5a5ccc9321263a4224368b1b61

SHA256
a4a8b98d64ecec30618b3ee772c4f97d594c565400fd43be8b48ea6bc1f86b5d

SHA512
7f6e41cb112ac8342668cef6acdbc5ac054c6d6be535e245e3d569e82bfceffea787a195f6b79fedada375e3cdf26d73c3fefde31391d3bcc0a29d94924e9dbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1397f435a33a24a8a897d150ad93b933

SHA1
018bffbaf5d31f249a2637ec2c70e12106fe51f9

SHA256
f10a75456d4a41689f8f9d57cd62bbb53074fdd21a57f06b4b40262e0f7873dc

SHA512
8919bb2d785f5d5287b62276f26e1635636ecc1ee54ae9a7cd6c3c802b771b942337bbd767b60d372ddb8eeca5ffd95f1879e25c9684fe376fc4d0c8350c48ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
42180167fe8efb41d04b901ea8f763b6

SHA1
18284cf383e77849dc134ab8a57383025c9a0c88

SHA256
d8782c767ff1e6a4334ebfaaab90f5a0cf2b5adc2ef90c2a153c26b1334da6fa

SHA512
6b3a97d436447b19888892a00a100002bf5afde39f395166610b972650e589e1dcfa79f7b46cdb57c9a064704cf80459741e0e6c6d61caa392e79737d546e290

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4ecba23d9223b5da498d440387978915

SHA1
d6e95b273744c2bdac4d8c5e9fbaf8431a14a4dd

SHA256
7bb08ad06edd6d181b3d4b295aad2d744685833edc9ebc7c9a5aab3865fd0b5b

SHA512
087c8a99c4b2530564fdac351431f1e537185f653ceed0bb9d1eef47530d9d7603bed7e722969099c28bd84118733233bc200debaad68b6c296416e1199f471c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
da7bbe74f5f64c56e14f0aeca0569933

SHA1
20625a0fde890c636d08606e293670a446ffa0f3

SHA256
eada090a19146a0faf2efc76354b83bd347dda4c4644a8690d8a32efbe41be57

SHA512
8e0fdb4d4883dabd814c34b03440d17845af2105f41ce6a85bb4667d19d0da95b53dda1b61f8223c79f1b45108eb187397edf4d33cf88760ed624268745033d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
620d1d6bc66b1246ccf5252f715b6aa8

SHA1
343fbcb7950033b8fc30df1f9622ad4e13ff2d99

SHA256
59b5b4bd78f80e6357cffa4efa8ef85131a28c3306995a7edb5196020d67d6d3

SHA512
22ab73d25c3062679a668658e7adcfefd011ade2a050eb70fb0e2e5463331603c69b3d933ba28b4da108dbca18a4681d9348a6a591e43766f5a52aeae3568855

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\8a208827-d995-472a-923d-377b75a90d16.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4864_545317686\823a172e-c9c6-46f2-acc2-12ad70f7bf89.tmp

Filesize
150KB

MD5
240cd355e89ec1f3566bb2ef1f361dad

SHA1
2ade60eb20f0fb16657a4fb024d207a931dc927f

SHA256
1f0388d23a4d8492e2f9839392b22a6957deae8750b60ff860ee939811594295

SHA512
961fe2017949d185761d8491ab4f7f2ec3b0562cfb6fef202c34d685a87f2ea032f53d653e4c1d492dff1fb43d738e7727985738c1a956a1a18aae77a3d7f3b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4864_545317686\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Roaming\RaldiSaves\0.raldi

Filesize
1KB

MD5
78f15ceb391b9b47e2617ad20a6e4cf1

SHA1
380fa0d6738e8ddf1eb9a3a88dda2b450731616a

SHA256
78ac89341ec4c35f276a5b1437ac0e4832e4ab54caabbeb6a2128163a57c46d2

SHA512
f77df7f84cfaed8298d411ba0f3458bad2522e3492ffe3c9cb2ce160a2130a9aff5fe750a91fbef259935e22dcb8c0be18ed447887840200cfc7a81d7147eab0

Download Submit
memory/3560-1966-0x0000000061CC0000-0x0000000061CFA000-memory.dmp

Filesize
232KB

Download
memory/3560-1967-0x0000000065C40000-0x0000000065C65000-memory.dmp

Filesize
148KB

Download
memory/3560-1965-0x00000000685C0000-0x00000000686D0000-memory.dmp

Filesize
1.1MB

Download
memory/4616-274-0x000001D57B890000-0x000001D57B8A0000-memory.dmp

Filesize
64KB

Download
memory/4616-275-0x000001D57B890000-0x000001D57B8A0000-memory.dmp

Filesize
64KB

Download
memory/4616-277-0x000001D57B890000-0x000001D57B8A0000-memory.dmp

Filesize
64KB

Download
memory/4616-276-0x000001D57B890000-0x000001D57B8A0000-memory.dmp

Filesize
64KB

Download