hxxps://vidaramlokm[.]fly[.]storage[.]tigris[.]dev/vidramrubim[.]html

Resubmissions

10/03/2025, 09:25

250310-ldz6naznw6 3

21/02/2025, 05:40

250221-gczraatqex 10

Analysis

max time kernel
195s
max time network
196s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
10/03/2025, 09:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://vidaramlokm.fly.storage.tigris.dev/vidramrubim.html

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133860724350866595"	chrome.exe

Modifies registry class 51 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe1000000011149fdf4c81db01180d06165581db01531e31bd9e91db0114000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\FFlags = "1092616257"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\IconSize = "96"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\NodeSlot = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Videos"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 200000001a00eebbfe2300001000686a2835573ca141bbb10eae73d76c9500000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "2"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\Mode = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000050000001800000030f125b7ef471a10a5f102608c9eebac0a000000a0000000b474dbf787420341afbaf1b13dcd75cf64000000a000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000900444648b4cd1118b70080036b11a030300000078000000	chrome.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3181990009-820930284-137514597-1000\{876E0327-4128-448F-8ADB-3F0260713A8C}	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\GroupByKey:PID = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\GroupView = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\GroupByDirection = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\LogicalViewMode = "3"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	chrome.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
5208	msedge.exe
5208	msedge.exe
3208	msedge.exe
3208	msedge.exe
928	identity_helper.exe
928	identity_helper.exe
5920	chrome.exe
5920	chrome.exe
3656	msedge.exe
3656	msedge.exe
3656	msedge.exe
3656	msedge.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe
4172	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 46 IoCs

pid	Process
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
5920	chrome.exe
5920	chrome.exe
5920	chrome.exe
5920	chrome.exe
5920	chrome.exe
5920	chrome.exe
5920	chrome.exe
5920	chrome.exe
5920	chrome.exe
5920	chrome.exe
5920	chrome.exe
5920	chrome.exe
5920	chrome.exe
5920	chrome.exe
5920	chrome.exe
5920	chrome.exe
5920	chrome.exe
5920	chrome.exe
5920	chrome.exe
5920	chrome.exe
5920	chrome.exe
5920	chrome.exe
5920	chrome.exe
5920	chrome.exe
5920	chrome.exe
5920	chrome.exe
5920	chrome.exe
5920	chrome.exe
5920	chrome.exe
5920	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5920	chrome.exe
Token: SeCreatePagefilePrivilege	5920	chrome.exe
Token: SeShutdownPrivilege	5920	chrome.exe
Token: SeCreatePagefilePrivilege	5920	chrome.exe
Token: SeShutdownPrivilege	5920	chrome.exe
Token: SeCreatePagefilePrivilege	5920	chrome.exe
Token: SeShutdownPrivilege	5920	chrome.exe
Token: SeCreatePagefilePrivilege	5920	chrome.exe
Token: SeShutdownPrivilege	5920	chrome.exe
Token: SeCreatePagefilePrivilege	5920	chrome.exe
Token: SeShutdownPrivilege	5920	chrome.exe
Token: SeCreatePagefilePrivilege	5920	chrome.exe
Token: SeShutdownPrivilege	5920	chrome.exe
Token: SeCreatePagefilePrivilege	5920	chrome.exe
Token: SeShutdownPrivilege	5920	chrome.exe
Token: SeCreatePagefilePrivilege	5920	chrome.exe
Token: SeShutdownPrivilege	5920	chrome.exe
Token: SeCreatePagefilePrivilege	5920	chrome.exe
Token: SeShutdownPrivilege	5920	chrome.exe
Token: SeCreatePagefilePrivilege	5920	chrome.exe
Token: SeShutdownPrivilege	5920	chrome.exe
Token: SeCreatePagefilePrivilege	5920	chrome.exe
Token: SeShutdownPrivilege	5920	chrome.exe
Token: SeCreatePagefilePrivilege	5920	chrome.exe
Token: SeShutdownPrivilege	5920	chrome.exe
Token: SeCreatePagefilePrivilege	5920	chrome.exe
Token: SeShutdownPrivilege	5920	chrome.exe
Token: SeCreatePagefilePrivilege	5920	chrome.exe
Token: SeShutdownPrivilege	5920	chrome.exe
Token: SeCreatePagefilePrivilege	5920	chrome.exe
Token: SeShutdownPrivilege	5920	chrome.exe
Token: SeCreatePagefilePrivilege	5920	chrome.exe
Token: SeShutdownPrivilege	5920	chrome.exe
Token: SeCreatePagefilePrivilege	5920	chrome.exe
Token: SeShutdownPrivilege	5920	chrome.exe
Token: SeCreatePagefilePrivilege	5920	chrome.exe
Token: SeShutdownPrivilege	5920	chrome.exe
Token: SeCreatePagefilePrivilege	5920	chrome.exe
Token: SeShutdownPrivilege	5920	chrome.exe
Token: SeCreatePagefilePrivilege	5920	chrome.exe
Token: SeShutdownPrivilege	5920	chrome.exe
Token: SeCreatePagefilePrivilege	5920	chrome.exe
Token: SeShutdownPrivilege	5920	chrome.exe
Token: SeCreatePagefilePrivilege	5920	chrome.exe
Token: SeShutdownPrivilege	5920	chrome.exe
Token: SeCreatePagefilePrivilege	5920	chrome.exe
Token: SeShutdownPrivilege	5920	chrome.exe
Token: SeCreatePagefilePrivilege	5920	chrome.exe
Token: SeShutdownPrivilege	5920	chrome.exe
Token: SeCreatePagefilePrivilege	5920	chrome.exe
Token: SeShutdownPrivilege	5920	chrome.exe
Token: SeCreatePagefilePrivilege	5920	chrome.exe
Token: SeShutdownPrivilege	5920	chrome.exe
Token: SeCreatePagefilePrivilege	5920	chrome.exe
Token: SeShutdownPrivilege	5920	chrome.exe
Token: SeCreatePagefilePrivilege	5920	chrome.exe
Token: SeShutdownPrivilege	5920	chrome.exe
Token: SeCreatePagefilePrivilege	5920	chrome.exe
Token: SeShutdownPrivilege	5920	chrome.exe
Token: SeCreatePagefilePrivilege	5920	chrome.exe
Token: SeShutdownPrivilege	5920	chrome.exe
Token: SeCreatePagefilePrivilege	5920	chrome.exe
Token: SeShutdownPrivilege	5920	chrome.exe
Token: SeCreatePagefilePrivilege	5920	chrome.exe

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
5920	chrome.exe
5920	chrome.exe
5920	chrome.exe
5920	chrome.exe
5920	chrome.exe
5920	chrome.exe
5920	chrome.exe
5920	chrome.exe
5920	chrome.exe
5920	chrome.exe
5920	chrome.exe
5920	chrome.exe
5920	chrome.exe
5920	chrome.exe
5920	chrome.exe
5920	chrome.exe
5920	chrome.exe
5920	chrome.exe
5920	chrome.exe
5920	chrome.exe
5920	chrome.exe
5920	chrome.exe
5920	chrome.exe
5920	chrome.exe
5920	chrome.exe
5920	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
3208	msedge.exe
5920	chrome.exe
5920	chrome.exe
5920	chrome.exe
5920	chrome.exe
5920	chrome.exe
5920	chrome.exe
5920	chrome.exe
5920	chrome.exe
5920	chrome.exe
5920	chrome.exe
5920	chrome.exe
5920	chrome.exe
5920	chrome.exe
5920	chrome.exe
5920	chrome.exe
5920	chrome.exe
5920	chrome.exe
5920	chrome.exe
5920	chrome.exe
5920	chrome.exe
5920	chrome.exe
5920	chrome.exe
5920	chrome.exe
5920	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5408	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3208 wrote to memory of 5456	3208	msedge.exe	85
PID 3208 wrote to memory of 5456	3208	msedge.exe	85
PID 3208 wrote to memory of 1896	3208	msedge.exe	86
PID 3208 wrote to memory of 1896	3208	msedge.exe	86
PID 3208 wrote to memory of 1896	3208	msedge.exe	86
PID 3208 wrote to memory of 1896	3208	msedge.exe	86
PID 3208 wrote to memory of 1896	3208	msedge.exe	86
PID 3208 wrote to memory of 1896	3208	msedge.exe	86
PID 3208 wrote to memory of 1896	3208	msedge.exe	86
PID 3208 wrote to memory of 1896	3208	msedge.exe	86
PID 3208 wrote to memory of 1896	3208	msedge.exe	86
PID 3208 wrote to memory of 1896	3208	msedge.exe	86
PID 3208 wrote to memory of 1896	3208	msedge.exe	86
PID 3208 wrote to memory of 1896	3208	msedge.exe	86
PID 3208 wrote to memory of 1896	3208	msedge.exe	86
PID 3208 wrote to memory of 1896	3208	msedge.exe	86
PID 3208 wrote to memory of 1896	3208	msedge.exe	86
PID 3208 wrote to memory of 1896	3208	msedge.exe	86
PID 3208 wrote to memory of 1896	3208	msedge.exe	86
PID 3208 wrote to memory of 1896	3208	msedge.exe	86
PID 3208 wrote to memory of 1896	3208	msedge.exe	86
PID 3208 wrote to memory of 1896	3208	msedge.exe	86
PID 3208 wrote to memory of 1896	3208	msedge.exe	86
PID 3208 wrote to memory of 1896	3208	msedge.exe	86
PID 3208 wrote to memory of 1896	3208	msedge.exe	86
PID 3208 wrote to memory of 1896	3208	msedge.exe	86
PID 3208 wrote to memory of 1896	3208	msedge.exe	86
PID 3208 wrote to memory of 1896	3208	msedge.exe	86
PID 3208 wrote to memory of 1896	3208	msedge.exe	86
PID 3208 wrote to memory of 1896	3208	msedge.exe	86
PID 3208 wrote to memory of 1896	3208	msedge.exe	86
PID 3208 wrote to memory of 1896	3208	msedge.exe	86
PID 3208 wrote to memory of 1896	3208	msedge.exe	86
PID 3208 wrote to memory of 1896	3208	msedge.exe	86
PID 3208 wrote to memory of 1896	3208	msedge.exe	86
PID 3208 wrote to memory of 1896	3208	msedge.exe	86
PID 3208 wrote to memory of 1896	3208	msedge.exe	86
PID 3208 wrote to memory of 1896	3208	msedge.exe	86
PID 3208 wrote to memory of 1896	3208	msedge.exe	86
PID 3208 wrote to memory of 1896	3208	msedge.exe	86
PID 3208 wrote to memory of 1896	3208	msedge.exe	86
PID 3208 wrote to memory of 1896	3208	msedge.exe	86
PID 3208 wrote to memory of 5208	3208	msedge.exe	87
PID 3208 wrote to memory of 5208	3208	msedge.exe	87
PID 3208 wrote to memory of 5844	3208	msedge.exe	88
PID 3208 wrote to memory of 5844	3208	msedge.exe	88
PID 3208 wrote to memory of 5844	3208	msedge.exe	88
PID 3208 wrote to memory of 5844	3208	msedge.exe	88
PID 3208 wrote to memory of 5844	3208	msedge.exe	88
PID 3208 wrote to memory of 5844	3208	msedge.exe	88
PID 3208 wrote to memory of 5844	3208	msedge.exe	88
PID 3208 wrote to memory of 5844	3208	msedge.exe	88
PID 3208 wrote to memory of 5844	3208	msedge.exe	88
PID 3208 wrote to memory of 5844	3208	msedge.exe	88
PID 3208 wrote to memory of 5844	3208	msedge.exe	88
PID 3208 wrote to memory of 5844	3208	msedge.exe	88
PID 3208 wrote to memory of 5844	3208	msedge.exe	88
PID 3208 wrote to memory of 5844	3208	msedge.exe	88
PID 3208 wrote to memory of 5844	3208	msedge.exe	88
PID 3208 wrote to memory of 5844	3208	msedge.exe	88
PID 3208 wrote to memory of 5844	3208	msedge.exe	88
PID 3208 wrote to memory of 5844	3208	msedge.exe	88
PID 3208 wrote to memory of 5844	3208	msedge.exe	88
PID 3208 wrote to memory of 5844	3208	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://vidaramlokm.fly.storage.tigris.dev/vidramrubim.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff5eaa46f8,0x7fff5eaa4708,0x7fff5eaa4718
  2⤵
  PID:5456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,40373694059915242,8253393501420113556,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:1896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,40373694059915242,8253393501420113556,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2552 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,40373694059915242,8253393501420113556,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
  2⤵
  PID:5844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,40373694059915242,8253393501420113556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:2192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,40373694059915242,8253393501420113556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:4256
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,40373694059915242,8253393501420113556,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5276 /prefetch:8
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,40373694059915242,8253393501420113556,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5276 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,40373694059915242,8253393501420113556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:2352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,40373694059915242,8253393501420113556,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:2688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,40373694059915242,8253393501420113556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3956 /prefetch:1
  2⤵
  PID:6064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,40373694059915242,8253393501420113556,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
  2⤵
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,40373694059915242,8253393501420113556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:5144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,40373694059915242,8253393501420113556,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,40373694059915242,8253393501420113556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,40373694059915242,8253393501420113556,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
  2⤵
  PID:1624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,40373694059915242,8253393501420113556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2680 /prefetch:1
  2⤵
  PID:5728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,40373694059915242,8253393501420113556,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
  2⤵
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,40373694059915242,8253393501420113556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:1
  2⤵
  PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,40373694059915242,8253393501420113556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:2156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,40373694059915242,8253393501420113556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1800 /prefetch:1
  2⤵
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,40373694059915242,8253393501420113556,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,40373694059915242,8253393501420113556,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4884 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3656

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:996

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5204

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7fff4b3bcc40,0x7fff4b3bcc4c,0x7fff4b3bcc58
  2⤵
  PID:4804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1924,i,14136749580323205439,11210947352644791657,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:5168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2088,i,14136749580323205439,11210947352644791657,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  PID:552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2264,i,14136749580323205439,11210947352644791657,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2492 /prefetch:8
  2⤵
  PID:212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3188,i,14136749580323205439,11210947352644791657,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:5820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3352,i,14136749580323205439,11210947352644791657,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:1112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3752,i,14136749580323205439,11210947352644791657,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3744 /prefetch:1
  2⤵
  PID:3280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4564,i,14136749580323205439,11210947352644791657,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4612 /prefetch:8
  2⤵
  PID:1444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4644,i,14136749580323205439,11210947352644791657,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4856 /prefetch:8
  2⤵
  PID:116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4984,i,14136749580323205439,11210947352644791657,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4956 /prefetch:8
  2⤵
  PID:1632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5068,i,14136749580323205439,11210947352644791657,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4952 /prefetch:8
  2⤵
  PID:4516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5132,i,14136749580323205439,11210947352644791657,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5244 /prefetch:8
  2⤵
  PID:5040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5236,i,14136749580323205439,11210947352644791657,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5220 /prefetch:8
  2⤵
  PID:5076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5232,i,14136749580323205439,11210947352644791657,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5276 /prefetch:8
  2⤵
  PID:2688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5196,i,14136749580323205439,11210947352644791657,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5252 /prefetch:8
  2⤵
  PID:5776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5756,i,14136749580323205439,11210947352644791657,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5824 /prefetch:2
  2⤵
  PID:756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5520,i,14136749580323205439,11210947352644791657,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:5624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=3532,i,14136749580323205439,11210947352644791657,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:3620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=4884,i,14136749580323205439,11210947352644791657,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4760 /prefetch:1
  2⤵
  PID:3312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5688,i,14136749580323205439,11210947352644791657,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:3156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=4488,i,14136749580323205439,11210947352644791657,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3604 /prefetch:1
  2⤵
  PID:1908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5760,i,14136749580323205439,11210947352644791657,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:1820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=4052,i,14136749580323205439,11210947352644791657,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3496 /prefetch:1
  2⤵
  PID:1276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5512,i,14136749580323205439,11210947352644791657,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:5076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5228,i,14136749580323205439,11210947352644791657,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:2688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5180,i,14136749580323205439,11210947352644791657,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3384 /prefetch:8
  2⤵
  PID:5824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=3496,i,14136749580323205439,11210947352644791657,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3512 /prefetch:1
  2⤵
  PID:3984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=5372,i,14136749580323205439,11210947352644791657,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:5176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=4952,i,14136749580323205439,11210947352644791657,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:4644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6220,i,14136749580323205439,11210947352644791657,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6244 /prefetch:8
  2⤵
  - Modifies registry class
  PID:4724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=6240,i,14136749580323205439,11210947352644791657,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:5260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=5560,i,14136749580323205439,11210947352644791657,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:6124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6692,i,14136749580323205439,11210947352644791657,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6700 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:5408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=6724,i,14136749580323205439,11210947352644791657,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6824 /prefetch:1
  2⤵
  PID:3656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=6392,i,14136749580323205439,11210947352644791657,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6600 /prefetch:1
  2⤵
  PID:1100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=6616,i,14136749580323205439,11210947352644791657,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6924 /prefetch:1
  2⤵
  PID:4724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=6608,i,14136749580323205439,11210947352644791657,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6612 /prefetch:1
  2⤵
  PID:232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=7160,i,14136749580323205439,11210947352644791657,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:1660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=4976,i,14136749580323205439,11210947352644791657,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=7164,i,14136749580323205439,11210947352644791657,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=7276 /prefetch:1
  2⤵
  PID:6028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=6280,i,14136749580323205439,11210947352644791657,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6728 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=6760,i,14136749580323205439,11210947352644791657,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6712 /prefetch:1
  2⤵
  PID:1660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=7048,i,14136749580323205439,11210947352644791657,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6736 /prefetch:1
  2⤵
  PID:5400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=6440,i,14136749580323205439,11210947352644791657,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6540 /prefetch:1
  2⤵
  PID:5908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=6716,i,14136749580323205439,11210947352644791657,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=6648 /prefetch:1
  2⤵
  PID:1332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=7592,i,14136749580323205439,11210947352644791657,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=7600 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4172

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3156

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1328

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x51c 0x4f8
1⤵
PID:3108

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\81b8123d-7a99-4389-834b-46171a63fcd2.tmp

Filesize
9KB

MD5
6edb90c778182e16a1561a4f582de664

SHA1
a15037143e8cd62cd9d9ada5e7c115b0532e3ccb

SHA256
22c58d951929f63a03af9baa2af55979b4dd4e66c096e127ea59e058cf79cea4

SHA512
a3e50e23dfaf7a8c4e8f10147a0ac7e47252d9246eac8ff0c484c78b51d6ad843429149f1dc02828f7591a69432293bd3312e39afb96d623721dd8499037467d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
9829633e2125d14a32f0fb2443c3417f

SHA1
069974f4380b76a7e1428ba5fa9901b1f84fcdd3

SHA256
394ee4a8a6d57e00d88b2723c199d5efefb4a50d87c99cea72aacced9a6f5acb

SHA512
0426136191587a91a73fc168d29ab35549b2de13262c2a163909610a19137e7e05942f17f8bb04ede093adf66d283e1a9821ed16a6abb11d8e0b1163857dfc5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
26KB

MD5
91c30c07a2ea2c88ab78ca545c855bff

SHA1
2dd0405da7457fef6dd4cb22a664561e71165b61

SHA256
9b675cf3626f1cadc4e8e7a2ddc5a1ac6155d2c7b3f5c27dc550fdb2a63f2a18

SHA512
5a5772fed0328bb090fc7011006cc53ffb6e5c29ff248ec707efe511321b302a06a53b5450d31cc544b4891fe0b5fbbf149aac94410b721812611be473910eb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

Filesize
96KB

MD5
dbfe614f5755c6a9231e7841cf867df7

SHA1
b8f1ec5fe9d69dcbf267e3ca09c5c8b1abce5a2a

SHA256
45e5163ff1242e179d8eea44722007fb232dc26a4e526acf7fd80a5938dff9db

SHA512
d038cd7d3fe9f32347c924cd42811780dc5d423f2822075880b57d0532f4fe5f1438632ec79120fba1aca5c8f1d7a41aa494ae596c2bb95d89d5fa358e3629a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

Filesize
49KB

MD5
8991c3ec80ec8fbc41382a55679e3911

SHA1
8cc8cee91d671038acd9e3ae611517d6801b0909

SHA256
f55bacd4a20fef96f5c736a912d1947be85c268df18003395e511c1e860e8800

SHA512
4968a21d8cb9821282d10ba2d19f549a07f996b9fa2cdbcc677ac9901627c71578b1fc65db3ca78e56a47da382e89e52ac16fee8437caa879ece2cfba48c5a6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000060

Filesize
42KB

MD5
eee03ce848a5a631bd3e1a0ee50ff819

SHA1
b5f295cf855d7b84f23f3c470798ece20123369b

SHA256
86f842c42a38202f16aef617bade5ea0a945181e81fa4f96547ae35d826bf80d

SHA512
07a0742fb10f441a0f7759411e4248a8c36b271b16691bfaab7014ba167e10f88c0705c7eb01555f69e60c060e34267a79871c98ba411840441de1cbef5ff9f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
215bd06c9938149bcb0e71bb3164c214

SHA1
580027ee689473fa7e0c68fc6d8130ea586a778e

SHA256
daa919ebc6b9be42627fa349bbb8aebdfbd8d08be7e8c063e641852970cc2aa4

SHA512
ca4e1f9be2e3b48ef0753802e698d5e907d5e5b0e25596b8e7e2a7ee5424e3597598269885436e0f3b3eb538ca5ce3526e7c8fed84915d704a22be62237f9dff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.aliexpress.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
17KB

MD5
5d3db7681811bb6e31f7d4126c521675

SHA1
94b8218a4d8052188f97453ccdbef19daa5784b3

SHA256
045cf98aebf3dd0c7cdf014453fd5c2bbfe80034f9f701a30c8014c0c013dba2

SHA512
31d74269ba7668e2ae1da54940a73af16ecfe8d296e29316d03f5944ecf7bc8ea09d107df05bbcac94e7718139af700ad9fe770ee76144bbabb4d45bf862ce78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b5ba7e148eb4f6f6fe3574ba2eb63f95

SHA1
2c30623355a341431fdbc42395971c9e5f48ea8b

SHA256
32431410bf5aed7ea4abe021cd3f10073d698b5d4a5aed9ff441e8802f183256

SHA512
118c65abfcaf5ebd8e0170ba2a29e1953949d9540149de23f13d20c9338fb36ac900b83003df19091c9411d258ce1fccd0f402e4c68aff8abcddf8224f2a23ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
a47b2547f7e733b0326cb6d148825294

SHA1
aeeff78a768da37dc2e2890fc242467e4f444ad4

SHA256
70b273cefd389c0836f88ada36b13f379d0eed13ae0fb80338cc7e31ad03f277

SHA512
ab6bc6fbf5d8eafbaf3fc0cba273ff5ab92b3959d2f2e1a48abdbd757aaaacaaee833451469aa67433df117f7349f1f7c64cd60adb44aae185d9407081caad24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
6e7b0eac0518d5d6471512feaaa05b28

SHA1
90c98b85d6afb33facca54824150504a4f41c5c4

SHA256
f190652b9e7bfbdd4a4d5211f4cde6781422b19513b7e3d7cd00d25ae3808c22

SHA512
54d4ea011fba6e2da8ab7aa1c9d7b5d29133d5cf3f1a130f15c1da116259c24611faedf1546b55da304032f383aed8524b1f9e5782c67be39750c6f790e1ed0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3313c31406b965240d990c9e3a557a47

SHA1
c1303e3bb8e7cb4f3b615d2284b545dc2b56c9cd

SHA256
a9abe91747b59cf8ac2d997e5686c9acedb1bc67cf6c34cc85b4ab2b47d44232

SHA512
ffdad55555b9f4bd9ce1b0f77710957b06a2993c35180f4ab7eac56bb7e94650f0d6482e51566fa55592f8436e3dae147bd64562a13d1906f4e4eade98a8caa3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
db74d7496e537d0c4d732f5fb6923c9b

SHA1
df34e08533fda130c61bcb2a3d8a7ab3c94c670e

SHA256
a44f999b9d8b7eb1a0a9957899738003e3b91a53ba3358102b9ef46d7ad7c55a

SHA512
220e4c371d2d14e8435ee673088690fee4031d1c73b75e4720092fe0d9b78790863f372fc07253a44c74ffe8567d971308e0bb5161a362d857425c8360a3d440

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
3df751c8f7f8dcdcca3c8326341ac2a5

SHA1
486b1c4102fbff940de010dc1d5a5627c5585adc

SHA256
784ffa2ee38ad687cd3becbc3d41bc1bc37446a865d5c9a0dc5a984a71ea9d02

SHA512
cf5a2a69f2373cd1ad6751b040db973d482b26ea8dfcb688a4c8e809cf17f3f907d878b96e6324af391dcc02d84da7092c35421253283a8570008e61cde5d5fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
b5e42a5844d77eabe78fba6e3b8c1213

SHA1
dc964d23c3255aaf5580dd728eaf110e27682763

SHA256
0dfbedcd81645021b0f412f42a9fae60873415468efd9bcf105ee4ee7a727f75

SHA512
b081a9017c4e8d347426052e9d6d28fc1173344cd926e636fd8046c573a784f359fa61eb265c8b0842081070659f0243a2ee2fe027b31b023ad4b63f12dd4a44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
367d747d946643d8a1ae4ad3317658e2

SHA1
b5f443e95e091fcddd04ffe5bdb94e89096ae198

SHA256
9d7829d5d7d949bf3c4d40219a55d1c60ca353f85677a06c12d070736bcb1dc9

SHA512
84d2cb09b9d25d8f73e277f82e99e5df489864f65cc319ad6ad21f3bf9dfe3e165e541965d4f5e7aa6541564a7fcc527f0121ea28b396a06a23babcff2d394c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
c9ad649ca920746f21f38c46a64850a5

SHA1
6bbf7b7a033ac241414e14b69503f2a2289e36b0

SHA256
d22760358149e3878e72c142b2f05685013ebc5f04154dd654f293530dc7e827

SHA512
8d1972a9c67a2864380affbed16945a46263a4899339039a488d7a1ddc6605e9aa0c4c54354f40c4ac6296fced9864730c6508c5faf89aa863a267f1543994c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
0a463919ac5562dcfeba2fdfb7dfbadd

SHA1
ccc38ad916f77b84d9f57d3b3fe6fd1f658776ba

SHA256
8faa7d29223b77e0ee917536cd47c0222b584984798b662c30cd7d79d7359cdb

SHA512
cae12c2c5b704dac87a5d36ee74517d5b0cdacb99effb9a9c68af1d0c3253003c2c9503760748e215a351b936fb3aedb57655bafa014753eead8f3e2331fadce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
124c269714e8f864acf8106da6346a01

SHA1
c365976e09291db4d9e9d14781d144e33f9bfe15

SHA256
0732f4c74958e4df44e0d23c118e83e0321fc5d56e487b99529b4f5edf9b8388

SHA512
177603384abea6558a31d981734d2479f57631ea21794c45888034cc998d665879fbde778307c2882232f967581b337654cb733bc7d8366fd4e5205aac8bf846

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
0b0b7de31dadfec29cedbff50bf301b5

SHA1
8391f6b6c4d834abea78b14e0f9118ae83838fae

SHA256
3c04ccc12a36345376cfb806fa01d757e894c564643851b1e16b73b30eda928b

SHA512
96baa7754864640c6e0a73c103b3042689f2669ed7a320bfadde5607f6d10863b6ccf61e4dd09c6059ffe3b8a5dfcc896425d46cd9a16413202f7a6930a51f4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
94b464cadd7aab64fab849cde4f54055

SHA1
af0c95032778784f0ada60026b0914531b16b0ff

SHA256
17da0ba0854c83d83c1b9e0159fe39de7f9596a1412629d5bcf4f1297a718133

SHA512
10f5d97a60842fb73ebe9db7802fffef93eb055df4a7e970b720c7e6c2f52e982acbd6fbc3c1e410f9915249a7d59cf99a03c7b2ecd90f3a9a26e61601058d32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
9507808a195ee9ac21cb1c070c87af12

SHA1
ffc18647c459b6a4a5f73d47ffd050426be9b80c

SHA256
c111b2914e12eb634577a27747865764397b0cf020feefe4a720cf6cc8f5530a

SHA512
c6402ea7e50e3408754cd7a034f320cf25bc888f19039dc8d8a43f4e6ffaccdbcb904c34f93797e172973d90d498399e7890b29d919293eb9565fc0fd1500851

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
8af811ee21c91780015104b9f60f3772

SHA1
e02678aa515801305518db683b2c6178abcea104

SHA256
50b81b2f061af553e221722ff8f8f72880ec0f51dc91f4e059c77c7d24289481

SHA512
04b1ce49453835dfab5d6a2f33206348e107a474ac20415b49a20a485af635edcd7628371aaa008311ef2c6f4fb377c024f12d80b60a92126effe7f944324c72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
0a7d97738a836711c320b4dbb480c0a0

SHA1
211d468d815289591fd1f7efce266929a96cebd0

SHA256
95197d7e2c7da81e34a62c62157c99fe80fcd5e7876271159e0b751c32c86b5c

SHA512
c0845fd1fadaf35e5ff1f05a444ba9dc56873c4e51c578e33d883ed5b0b319698917ae77f51adf601ac9d21bbcf9c15c9f0f9018d25fd862a84f11406b8a8a7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
06cab6a5928fd9bac15f84629999fb1e

SHA1
b17ae48f5a7af86f86b0daa7ce556f75c4a39e15

SHA256
6187a1c59d530b3299cf356ee0f8741e45740a5f13c0ba2375b898e88450817d

SHA512
e370fd59478cc8c5483596425fa14d2955e681cd8d41378027bc533cdd02682fad9dd0567a94a9f109bf7fb70f11d8312d738c247f60e89e35cd552488e44b3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\0add8b2c5aa36c66ca183e832a89951244498948\01b970dd-ca42-4304-afc0-81aae7aa396c\index-dir\the-real-index

Filesize
72B

MD5
a197deb3099ce69eacc607ec3a74a5d8

SHA1
fa2d6716c2fc0a8b29938020cdc9b1397bc6115c

SHA256
9478f1f4bcfdc1c059e445bcf73b25694699f72d87259c35f99edb9dfa0ed78d

SHA512
8d8c9a5c34f6d6008d2df827291ed636de2879303b2044fa6a3813651869eb8b51ad37127f4949a6686d359309abcd03180896832e537bc3920e1ef02d21168a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\0add8b2c5aa36c66ca183e832a89951244498948\01b970dd-ca42-4304-afc0-81aae7aa396c\index-dir\the-real-index~RFe5932ce.TMP

Filesize
48B

MD5
c59a5f175c93074253152e035b4f714d

SHA1
d191ce10831092f5b769008c0df0794cf5310bbe

SHA256
5da168dae6e62b73d5d94100c73d8d64720a82f41ec0aa65c1bed952b8c9fe4a

SHA512
e191e905ffe7e43578434e3f2293293192057394b453c8a4aab6648f166c959631330d0281c19eb9d9d046913d4270fc040e978f651c54758216a70bbb2eea57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\0add8b2c5aa36c66ca183e832a89951244498948\8a2afc01-79b9-4dd8-bc3a-18b4657a2813\index-dir\the-real-index

Filesize
72B

MD5
18b9873aa8b1696ccc4934fdff68301a

SHA1
62ef8b1e87315cd36f2504afe288a1f3daaf6aa9

SHA256
54256932afbf51f8e79deeac9369eecef48fe8a55ba9cbe064c0f27bb8f4aea8

SHA512
c9774991d8c05741deb34607e84c4d62af556153181357e995fdc218ab31e0284e04efbfff13b216177995befc97b0239e36f1d3cc5292fd9b8c74ed86fe9b40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\0add8b2c5aa36c66ca183e832a89951244498948\8a2afc01-79b9-4dd8-bc3a-18b4657a2813\index-dir\the-real-index~RFe59331c.TMP

Filesize
48B

MD5
95ef6dbba2ef7c22dfd2e00840ed15d9

SHA1
499c054db7bf1ac5ab1365431300128f23c3d352

SHA256
07576823acfccd94669cdc33f58619763bf58f3ffc29bf214cdad9eba4f746b5

SHA512
4f550e390febd06d0d833acc9d58fa3b80aac06ec9b527e51b15ece726428ce880b9eab51c5e94af1e7bcb392c52f11852b24d66979af59c5828fe81bb563963

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\0add8b2c5aa36c66ca183e832a89951244498948\index.txt

Filesize
169B

MD5
2952e1e2b8875553933988ab6bd135aa

SHA1
d899038a0c4160001a53d8498bd2139e43626238

SHA256
237efeea5cdc81a5c8ea360195b49fed778eda4608751b8cdc6c5e055ddaee1d

SHA512
f87e8c6e0120b52602a0d5010ece2599f0cf753b4652fe78b79ac2aa7b2973cb2e4d3937bfe762f074c347b8ba6e0a56ce28116e92f9a3138a0ae6766c4173eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\0add8b2c5aa36c66ca183e832a89951244498948\index.txt

Filesize
173B

MD5
a824f36a7f1c1cce6fc6365bc93653a6

SHA1
c3452a8f31a399f6cc90078504bb19a5f3432ee3

SHA256
2c8d485515b38630922f65979c7dd1a63035cfe2ac91ff89bcbbf56c39d5189f

SHA512
1890f1cd9b56e197348ddeacd03c2bceff7e842159288ff0f36f77f3d44cab1405940226c9b6f8dea4c6f61cc0b5e420e120cc64f131e8c4fdf94c5020f75e67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\0add8b2c5aa36c66ca183e832a89951244498948\index.txt~RFe58e49e.TMP

Filesize
112B

MD5
3e04e35557b5057dc9c275c22a183853

SHA1
640c6a6d2dc1dbb28a08f4a55e9303165606e2cd

SHA256
5707dd20084e54b2c01168cce162a0d4cf4d461e5d1d7ab39e98b9855c8d4aa4

SHA512
6fdc2a110d7f8a780f5f2387d6da3d8111271f4242e228aa8ca9d2bd97d36af77219a49a233fb2409631cd502567d0e2b97023964df3caf69ae663192f05594a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\9aa9b959a1c63b8ff27131d414465ad3d8ef314d\6f3c9372-9ae5-4828-a32f-56e2cd61d4f5\index-dir\the-real-index

Filesize
72B

MD5
f2a1cfb4a7cc8253bfa603a30f72aa8f

SHA1
3baceebe59423e600ec9ad29dbe115647406a476

SHA256
6a98db1089b68d53d1d1e6da46e9a3f8a1713312a76a3d6e4448ce852462348c

SHA512
b7f81cda6f668a30c75c66b69f4405ed557057b2e5c3860b19cde3c96175e114f3b47ae4a853b824605d510aed03cd0712545f350671afa46df4272dc143d080

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\9aa9b959a1c63b8ff27131d414465ad3d8ef314d\6f3c9372-9ae5-4828-a32f-56e2cd61d4f5\index-dir\the-real-index~RFe59450e.TMP

Filesize
48B

MD5
0eebf2f9e07b158980bf9f2d9a72af8b

SHA1
e3f1971af32b19f97a831a2f8f76b43cec8a667d

SHA256
9050f666a0e5cd4bb423abfe20a5dadeb6a4b5449a9fbf365aa437c305f6951d

SHA512
c8f9baf79bb9a89cc6f12dfd0bd49b326cd82e83e233f5af17f55ce84e11c6f1915b8bd148fbeb6ea2b6c6500953809d42b2bfd4ac0f6fe48b6ad0ab9933c8c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\9aa9b959a1c63b8ff27131d414465ad3d8ef314d\index.txt

Filesize
116B

MD5
de68301cb1c4222555dd54201412e330

SHA1
1fc52d865440701d29ac07cc0533e0391a4e1e37

SHA256
8331b18ded64ffdedbf3b037edc584db2948610d4c960572985349b32eaef52d

SHA512
e15bd2a9602d3d5c5c424cb6576c9fa6b0a9e4a3d57dd4aed39621a1faf6fa801a9ad318e7969782424d3c38685b0747a2b87b14f2894998318ecaa455ea4d77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\9aa9b959a1c63b8ff27131d414465ad3d8ef314d\index.txt~RFe59453d.TMP

Filesize
122B

MD5
547cc195b57978a40e5244080d509f3e

SHA1
845b98495a441afffb70695b6ba19fd045a8eeac

SHA256
9f4e23f114310a922fa78895319f3a540acadb477bf091b01ece2cfff9932a9f

SHA512
91a25069dcce80e77c69e93ef96cf777f3c798ec4a82cf13769f4bc0e3b504358f0948795c82b294238d171c758938acacfd564d2aae380611ee096919a8798d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\67a473248953641b_0

Filesize
5KB

MD5
47e7b45c2743967852ee0dfe1a001bbc

SHA1
47472e886a3436b95ae657d7513cbde18dcb9188

SHA256
b2f659a24a5116f4d26421f7640f9b1af8c60b437abc867eeb3b79697cbe56af

SHA512
e372e3ba2f326d6ee2bf3f42ab5d599e9b40952ad309566c4a27aae09a2c8c169a7a15ac469c0e52249e7f640a0794a04c870f913e1ff9f5ea364cff8489ce95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\67a473248953641b_1

Filesize
18KB

MD5
7e91f618ce2ee84874071d078efbb03e

SHA1
b813d7143bb5aa268c979983840735dccb4971ff

SHA256
cf0c25c7cf35525ce95dd9791f95678bac5b0123dba184c5ea24faa35689a9f9

SHA512
167936b383e31e59a970691da11dc8739a484ca392f1216d1436f6110e974dae97a0c23dcd98d61b6a6b9fe1004004452a60fbcb7d4aa00b504e9a15d492d4a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\ba23d8ecda68de77_0

Filesize
3KB

MD5
8b9cbd5d5df83044461002faa9913b6b

SHA1
587b34d16c2dde5b9edeff1f28571d0c2075e0d2

SHA256
e2fe0c597abd57b19f5110ed33c8d7fefa01e9fdf532015509aeeb4f31ee8eff

SHA512
9c15bee5dfb16c2b494d79954cad867d29b2ad121f29c4932da1c9e0147c145f1d4c676056e47569d0b0821216d77ed6bd400cfe39de5053ff358f9fe2c7f4e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
144B

MD5
7fcd4db5640c6290da08f1e1c27aa46c

SHA1
b809ddbf311a1b80902739f96d32aa5898548574

SHA256
c46d4aba3f111a19167ae87b563aae636c0156ac6c63abeffe083175a6430db2

SHA512
7519075251b8fda02480cddc2fa46597cd8336cec26ddad5210dc10fcb9b6cb8190a23757c9c030067c7311c8481b8bbc9f22c88e4289d6dea2a7b9e428062f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
168B

MD5
9adbe95e01a366a3adeb39a90b1ddc5b

SHA1
61707897fcbb4676021761d869df75e165279ff5

SHA256
596bfe0cc3b2dc2358dba4aa6bd0354bdb49e63bfef9f84f7b023aa451fe2276

SHA512
1763864d84470ee063ce544f6a1a55687dd14b3872560f18d769ee9c65de53979fce026166bbb1455e3500e872d273b2db8487208ec529a89ed31ca8320d0939

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\ac1866ba-d9cb-4a6d-bc94-77dcee262473.tmp

Filesize
12KB

MD5
f178033bc51135fd0cece3921eefb5c5

SHA1
e9445823a9efceae546516ba6be87927f91a734a

SHA256
f368af16a0e3b7493315b65f14a4fbc85701916588f4c4d41444f3627c1cf96a

SHA512
1a0f09d1f0a2381238bc20a99f0bd47395b050f3f7b06966c95a4e97d5936e895481b3ec1850d1214906781416a876bcea59b6facab04a46a5c83425fc7e5e44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
245KB

MD5
939927dd30c4ca3d627393c5509b1214

SHA1
aceb43753c367c6fffc3f443add13ea00f4a77ce

SHA256
7fad6ae3b26d1653f04b006169e6ad5878fc4a921c3a76bb1f14c06f8de02543

SHA512
e2bb706ef563d03b18bf1c54b6a7aff94108726f0541e53fef0179e253d155fc7b009b46c2b98f6b0af17ae91538c56797794f90c3bff03dff3f02242e7426c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
245KB

MD5
ed52af929ff0e60f5ea102f6b3b7f6a4

SHA1
552348b7fb68e20be245048666a80a2221b9f898

SHA256
e32d2bde5aa81f0e018a8faec30c0ec6abc4b4cdaa88fa8c8f4d60dd12b8f66f

SHA512
378f7beca01063c0a92c3867bcf328809e5a69969228c547daf4c69fd5b71f25153b1ba5f452ab5d94ed372ca7d519581e56ed3de3ea33b495fdbb19b7aec8cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
245KB

MD5
4aaba6897f8414ea449bd2746f902a66

SHA1
fc5b72a9049b64ddb92f8396191408d6db52d99d

SHA256
fa21f69d4c491a91be42fa88bed638402072526bb5cd7fb58fff1b5e931ea6bb

SHA512
fc694bc2e3eb7e5c55722d50b66c826de888287ad7d0dda1c82275a8858088b3c1079b12175e2e49e0a8648c3078a98caf09747b1d86f8ee31f75bca4c33d698

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
245KB

MD5
a7d38678f51990c008107110b381fbd5

SHA1
880694803aaece48fc2921f953564df1f80e4f95

SHA256
250d1f742da74e447cc53fc9f2ce923f3e89a88752a1114fdb9fbd77ef35c429

SHA512
1721bb66c47a6b4bdabd7a74f352ec8f2508d2d9d3b28be4bc6f9a45ecbff844cf5b695affc8600cb362c49a4e6eb1b0fde7513fe6dec7ff6f321edc983f9873

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
245KB

MD5
f0c6036dcd7fa3bc66120a29a16f27b2

SHA1
41e12f0b1cfbe53bbf0fe91e91e3104e93959792

SHA256
d52f63c87dfeab05448fb7429d545433692877b12f12dbff676df17c7d2db98d

SHA512
8a3f88d60b17f1563c5ee9f229b21ffdd0575fffd6009cc501dfb5c911a04eead4459779776c5bdfec74e1e38e2f0fb4bef5a78efe7b218d67d1ffabd18f0697

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\a690a688-6383-4b00-8d0f-bad3c385ac47.tmp

Filesize
245KB

MD5
9136890248f77c6082b55bfea5c18877

SHA1
910fd70467ee58c565d271c24b2aae31a0fe5420

SHA256
993b5fb3c98aebbc9c515918b615d652fab3d10c618f885396aa26025d1c71d3

SHA512
2c656cebefd1b5c5fe9406eae15deb536c69893eef02ff06ed60f281c9a983019b4b0bb0577e8292562b952f749e7b364767e1ee6e7ef76abb435451968fc6aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fe6fb7ffeb0894d21284b11538e93bb4

SHA1
80c71bf18f3798129931b1781115bbef677f58f0

SHA256
e36c911b7dbea599da8ed437b46e86270ce5e0ac34af28ac343e22ecff991189

SHA512
3a8bd7b31352edd02202a7a8225973c10e3d10f924712bb3fffab3d8eea2d3d132f137518b5b5ad7ea1c03af20a7ab3ff96bd99ec460a16839330a5d2797753b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1bed6483de34dd709e03fd3af839a76b

SHA1
3724a38c9e51fcce7955a59955d16bf68c083b92

SHA256
37a42554c291f46995b2487d08d80d94cefe6c7fb3cb4ae9c7c5e515d6b5e596

SHA512
264f6687ea8a8726b0000de1511b7b764b3d5a6f64946bb83a58effda42839e593de43865dafeeb89f5b78cc00d16f3979b417357fa2799ca0533bdf72f07fda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
67cd27c8215a4a7536e677e3f10b0bba

SHA1
fb4a2e90b768eeea75829677dd2c605a189b1803

SHA256
79752459b93358c306f7af1a3bd3680f99905fa0fb5331ec129ad074809c5c13

SHA512
f4ebe4b98708a4e65aa5dc157f41118fce777ed4971253e1b0fb6ab2bf69c74fd77aa296f865e2f0d985f6a7fd19db58b3a2ede3a6fce9a717624ce27753f446

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
471B

MD5
800abd285601de95a983fbae5075fb7e

SHA1
5e262023c6a95042c5ecdd5da821e04afc8db777

SHA256
9b904e61a3beccaec82c0937237be9ba981d9a97b8ee4602da5bca4d852f81fa

SHA512
544c3560e08e2b52a563b7d7dad5add052cf9c9cc65e97e182349d86b1b05a82aac883a542cdba40a1ec1f425a7855eddeb74e5a62e084df2cd5dafe76848c8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
708B

MD5
43abd18bdc7fd62d231d307581fa849a

SHA1
c990eb3c76cf6932849b99808f1230cdc72eccfc

SHA256
13db01842303e52098572e1845ff08bf17eb6921c9664d283731acd43be4010f

SHA512
60efccdf2743c81d0ef20a8abb61a2082cc95a7e2c51850c392681231db5e379859b42bb2f3cee4505c5df93fb3c261859f76c7f49094f4ab38372b3cff4497c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b7efe64ac9e5c3bacf01b0ad0ae1ed4c

SHA1
e8390cff0b50a11eeea13c2d14631c1b352d7f9b

SHA256
15c735c6f6e301222b6c87228d6aa2e1136d345751fe0337feb326a4f9a6a27f

SHA512
a2698e3b65ac7ba0a6eea42261e423a1dfb3bf34e91e6489bd0dbae1a3593dcdaaa37ceac63d0b540ad7222b505489575ed3ad5f834b379632a83eede6906a23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cbe6b63f92361d8f1e88bb8c97a59c58

SHA1
d237b29ce69df6809e3c6100d05f446ea26ebc97

SHA256
d4b1ca0fc270ce8ffa8c0be6f139a4b06052b495d4d4017fdf6e613d0c8e98d5

SHA512
e015a0c31afe3f01671ab997a844e76debb3d3e889337c6b061cac34e1b233354dc421b292435a35de246a78aeb19d27c96468515dd3a98890a5a9a51ea511f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4b97ca7de46b34694deb9f047d966eaa

SHA1
71b6fb56d86e3efce8b02c9f5974dc910b020900

SHA256
0c6b5d0fae7691cff2dc3083cc33688dd14d7f1be54c1f8cb5bd749e016b3651

SHA512
952c5fb9f48242344a873d9f41c31a8c82fbdf7aeefda73ce138c46d4fe7b4a1df48632734c6b079166d90edf64c1372f0a5784f1a3c89f3f6fc2cf1685213f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
644946782d54bdea6ceccb1c455f7620

SHA1
97216e66406c96768bbeef40ffe21e781fb3c699

SHA256
523ce1d08d6d2c5019cadd77adfdebffc4de1b03a6c339331870e57fc2a5d5ec

SHA512
f6ca85fe85b6ce74808554eae857d38cb4dcc3f84a1a8d03efefb392e0ab62ff3ea6ef0b8b67dd0215421dca7f22b8e48b7fe79346b9394f2ed40e3daa8ae5e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
53bd881a7f725ea54b64243118fe82df

SHA1
1b4c03fa34027d0d4c0bcf2f7b8bc51bc1d5b0a8

SHA256
2855cd4a8fe976a552fb93adc64e10d96838e515545a4c88fff524eaa5ab9d5e

SHA512
729ee93f2e9f98b74d96405b3c2bec3b075f3fe902108347c57c113ca8e0967bde5fa0531e21ecea2ebcee31816f021e2cf0830f53aeb10b9d562d09e0029a9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c7b4cd0659fedafb7769ae97db1d7734

SHA1
14d7cf75ed07ad6297bc2bee4391090198ed2b65

SHA256
a2010166fbe6cbc6af60c2c31599c7995b7d41dbbc0b30237352d19d37645c93

SHA512
d5cdae5a970715909fb7f0492ca91a35636993829f0af5413ce3b6a7b7442bc6226c29f3717e373fe0d8251b439b0599d4634a3c13f7fff21ffac26a5420d453

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
b07a765ba00f505692aaab33d8781c5f

SHA1
f5fb7ad34b433431a105093b9fe73483b0b8591e

SHA256
8ed5e6bc86e276758cd3a334835f4ee6b13a078bba900e546bc1ed22567e57aa

SHA512
b0ca7aed4b699b4aac60d27ca05069c8aa93d0fecd3ef882616a533c080117fdc9fa1c28d26a33f2b1dce8210bdf6487b50d40e3eac2151a641728a207b7f5d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
1c8b31a181ab99b9af7e6d1798877bbc

SHA1
191d15e46eae03a62459c6653d9c4a24b36ddf9a

SHA256
4cb7aae02ea603f30b47222defa0c8e6dc68434e4cd5afb06ca51a7951d23217

SHA512
c0f1eec1a79ddbd376030cee4b302e9eb7ce38024608be9a60fa5b4065a9cdfafdbce31931a91ed3a5cb936ec468ed17931d543640d3d1827c8cbb1cfcbd16e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e04e.TMP

Filesize
203B

MD5
d7826c86a98743fca1ce1b8f6e11fdaf

SHA1
ef13c0afe7b0aa5570a72f2b24b9936fca8377e5

SHA256
527d60287439151a7a9923c2952cc88ce13af4b1d7e0de2037ba62cccd8ce1a2

SHA512
41e5b83519e1d7f89edf86d8868ecbc54c402c83b8a690cc368f76b998de2b51a3687c24027d25250b8e5cf5f875c9405a8bb572b93183b8806b15e38d84deef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
57ac14b04a4e2394cc844cf9595b44fd

SHA1
e60d6e22f1296521694bf56dcc24a8edfac8f53a

SHA256
8f1030a36dd5fdece75d06111397cb64ae9e2d4fef017cba2aa0ebd61e04a70d

SHA512
379b17592f14fd85cf67016179756f4ed6e83f844b23b8ca9192303d1ccb94960c4c1d16947be4290995567020fe56ee572e31223c4e96ab8c379f27ace52a77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
ce7a14c9cc95ec95e9339949140203cf

SHA1
cf89016b3d48600948045a1cd36dcde639c841fa

SHA256
47812392815327fa563b9231d54fdff796d1042eeeb24ebd9a06fe26ab7fd1ae

SHA512
24fa157497401ac69e407d596e63d336fdd5e1125f70d018340288defa5f970eeff72201968c8319dba750e84a70b34c367e13b563a655953c7f8418f21bdf45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ecc4d36d643f9f871542f2e7553bdb68

SHA1
ce5420735c7de9a349d85f023f8411b4dea987f8

SHA256
4cb558f62a3cefe6101d533222869a8513d984173116142995c2b6d74a5ce33c

SHA512
d9d0ff2aaed67d922e2e23b84582daf717673a12752a749cb87e4b310c08531fdc66b26a3e0f8b96c56e1f348b71bcfdf13080b9109d1b7b1a9400fa3674ce00

Download Submit
C:\Users\Admin\AppData\Local\Temp\d7bdb073-94aa-4d23-9880-b1f8810fc47d.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5920_1040788057\839934a3-811b-4d39-b05c-a2c37b6c07c0.tmp

Filesize
150KB

MD5
eae462c55eba847a1a8b58e58976b253

SHA1
4d7c9d59d6ae64eb852bd60b48c161125c820673

SHA256
ebcda644bcfbd0c9300227bafde696e8923ddb004b4ee619d7873e8a12eae2ad

SHA512
494481a98ab6c83b16b4e8d287d85ba66499501545da45458acc395da89955971cf2a14e83c2da041c79c580714b92b9409aa14017a16d0b80a7ff3d91bad2a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5920_1040788057\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit