xorddos | a6ee6130d83bbe55e9dacdff2005950d69fc2d3c54e28467b82c148e274d90da

max time kernel
148s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
06/04/2025, 10:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AutoClicker-3.1.exe
Size

860KB
MD5

c208a15591828ac1b1c825f33fd55c8a
SHA1

bea4a247ece1a749d0994fc085fbd2d7c90a21e7
SHA256

a6ee6130d83bbe55e9dacdff2005950d69fc2d3c54e28467b82c148e274d90da
SHA512

b78d8055fc64bac1cdd366cdb339df2e081228bd998fdb5450a6832b0720c1b321568aabd7535ce62c16067ad20c86e51712c3e78bc40945adc05c63565fd889
SSDEEP

12288:2aWzgMg7v3qnCipErQohh0F4xCJ8lnydQEzFGZ3dRP6yWD:RaHMv6C1rjpnydQEOPdWD

Score

10^/10

xorddos aspackv2 botnet discovery downloader persistence privilege_escalation upx

Malware Config

Signatures

XorDDoS
Botnet and downloader malware targeting Linux-based operating systems and IoT devices.
botnet downloader xorddos

XorDDoS payload 1 IoCs

resource	yara_rule
behavioral1/files/0x000700000002453d-2858.dat	family_xorddos

Xorddos family
xorddos

Downloads MZ/PE file 1 IoCs

flow	pid	Process
210	3692	chrome.exe

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
behavioral1/files/0x0007000000024594-3032.dat	aspack_v212_v242

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 4 IoCs

pid	Process
6452	7z2409-x64.exe
1296	7zFM.exe
6392	7zG.exe
4716	7zG.exe

Loads dropped DLL 3 IoCs

pid	Process
6392	7zG.exe
3540	Process not Found
4716	7zG.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Videos\Captures\desktop.ini	svchost.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
181	raw.githubusercontent.com
185	raw.githubusercontent.com
221	raw.githubusercontent.com

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x00070000000245c3-3126.dat	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4520_1133564661\_locales\fi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4520_1133564661\_locales\zh_TW\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4520_1133564661\_locales\th\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4520_1133564661\_locales\mn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4520_1133564661\_locales\ca\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4520_1133564661\_locales\ne\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4520_1133564661\_locales\en\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4520_1133564661\offscreendocument_main.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4520_1133564661\_locales\ro\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4520_1133564661\_locales\zu\messages.json	msedge.exe
File opened for modification	C:\Program Files\7-Zip\Lang\an.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hr.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ja.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kk.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ku-ckb.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\descript.ion	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mk.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ne.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pt.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sw.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\yo.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\7-zip.dll	7z2409-x64.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4520_1133564661\_locales\fr_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4520_1133564661\_locales\ml\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4520_1133564661\_locales\pt_BR\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4520_1133564661\_locales\nl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4520_1133564661\_locales\vi\messages.json	msedge.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fur.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\he.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hy.txt	7z2409-x64.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4520_1133564661\_locales\km\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4520_1133564661\_locales\fa\messages.json	msedge.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fr.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sr-spl.txt	7z2409-x64.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5296_1904991022\sets.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4520_1133564661\_locales\kn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4520_1133564661\_locales\hi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4520_1133564661\_locales\hy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4520_1133564661\_locales\sk\messages.json	msedge.exe
File opened for modification	C:\Program Files\7-Zip\License.txt	7z2409-x64.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4520_1133564661\_locales\sl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4520_1133564661\_locales\is\messages.json	msedge.exe
File opened for modification	C:\Program Files\7-Zip\Lang\de.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nl.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pt-br.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ro.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ru.txt	7z2409-x64.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5296_1904991022\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4520_1133564661\_locales\de\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4520_1133564661\_locales\lo\messages.json	msedge.exe
File opened for modification	C:\Program Files\7-Zip\Lang\bn.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\cs.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kaa.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\readme.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	7z2409-x64.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5296_275203587\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4520_1133564661\_locales\lt\messages.json	msedge.exe
File opened for modification	C:\Program Files\7-Zip\Lang\cy.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\da.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\zh-cn.txt	7z2409-x64.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5296_1904991022\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4520_1133564661\_locales\ja\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4520_1133564661\_locales\bg\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4520_1133564661\_locales\my\messages.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z2409-x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AutoClicker-3.1.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133884095279620575"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe

Modifies registry class 26 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll"	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2409-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3342763580-2723508992-2885672917-1000\{1B80E747-37BF-493F-8B06-E277D2C20DBE}	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3342763580-2723508992-2885672917-1000\{64197245-D40F-4CD0-A4E5-AD6BA4D698F2}	msedge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip32.dll"	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3342763580-2723508992-2885672917-1000\{85FDA358-3262-49DD-922C-5A4D11427938}	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip	7z2409-x64.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2304	chrome.exe
2304	chrome.exe
5296	msedge.exe
5296	msedge.exe
2304	chrome.exe
2304	chrome.exe
2816	msedge.exe
2816	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1296	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2304	chrome.exe
Token: SeCreatePagefilePrivilege	2304	chrome.exe
Token: SeShutdownPrivilege	2304	chrome.exe
Token: SeCreatePagefilePrivilege	2304	chrome.exe
Token: SeShutdownPrivilege	2304	chrome.exe
Token: SeCreatePagefilePrivilege	2304	chrome.exe
Token: SeShutdownPrivilege	2304	chrome.exe
Token: SeCreatePagefilePrivilege	2304	chrome.exe
Token: SeShutdownPrivilege	2304	chrome.exe
Token: SeCreatePagefilePrivilege	2304	chrome.exe
Token: SeShutdownPrivilege	2304	chrome.exe
Token: SeCreatePagefilePrivilege	2304	chrome.exe
Token: SeShutdownPrivilege	2304	chrome.exe
Token: SeCreatePagefilePrivilege	2304	chrome.exe
Token: SeShutdownPrivilege	2304	chrome.exe
Token: SeCreatePagefilePrivilege	2304	chrome.exe
Token: SeShutdownPrivilege	2304	chrome.exe
Token: SeCreatePagefilePrivilege	2304	chrome.exe
Token: SeShutdownPrivilege	2304	chrome.exe
Token: SeCreatePagefilePrivilege	2304	chrome.exe
Token: SeShutdownPrivilege	2304	chrome.exe
Token: SeCreatePagefilePrivilege	2304	chrome.exe
Token: SeShutdownPrivilege	2304	chrome.exe
Token: SeCreatePagefilePrivilege	2304	chrome.exe
Token: SeShutdownPrivilege	2304	chrome.exe
Token: SeCreatePagefilePrivilege	2304	chrome.exe
Token: SeShutdownPrivilege	2304	chrome.exe
Token: SeCreatePagefilePrivilege	2304	chrome.exe
Token: SeShutdownPrivilege	2304	chrome.exe
Token: SeCreatePagefilePrivilege	2304	chrome.exe
Token: SeShutdownPrivilege	2304	chrome.exe
Token: SeCreatePagefilePrivilege	2304	chrome.exe
Token: SeShutdownPrivilege	2304	chrome.exe
Token: SeCreatePagefilePrivilege	2304	chrome.exe
Token: SeShutdownPrivilege	2304	chrome.exe
Token: SeCreatePagefilePrivilege	2304	chrome.exe
Token: SeShutdownPrivilege	2304	chrome.exe
Token: SeCreatePagefilePrivilege	2304	chrome.exe
Token: SeShutdownPrivilege	2304	chrome.exe
Token: SeCreatePagefilePrivilege	2304	chrome.exe
Token: SeShutdownPrivilege	2304	chrome.exe
Token: SeCreatePagefilePrivilege	2304	chrome.exe
Token: SeShutdownPrivilege	2304	chrome.exe
Token: SeCreatePagefilePrivilege	2304	chrome.exe
Token: SeShutdownPrivilege	2304	chrome.exe
Token: SeCreatePagefilePrivilege	2304	chrome.exe
Token: SeShutdownPrivilege	2304	chrome.exe
Token: SeCreatePagefilePrivilege	2304	chrome.exe
Token: SeShutdownPrivilege	2304	chrome.exe
Token: SeCreatePagefilePrivilege	2304	chrome.exe
Token: SeShutdownPrivilege	2304	chrome.exe
Token: SeCreatePagefilePrivilege	2304	chrome.exe
Token: SeShutdownPrivilege	2304	chrome.exe
Token: SeCreatePagefilePrivilege	2304	chrome.exe
Token: SeShutdownPrivilege	2304	chrome.exe
Token: SeCreatePagefilePrivilege	2304	chrome.exe
Token: SeShutdownPrivilege	2304	chrome.exe
Token: SeCreatePagefilePrivilege	2304	chrome.exe
Token: SeShutdownPrivilege	2304	chrome.exe
Token: SeCreatePagefilePrivilege	2304	chrome.exe
Token: SeShutdownPrivilege	2304	chrome.exe
Token: SeCreatePagefilePrivilege	2304	chrome.exe
Token: SeShutdownPrivilege	2304	chrome.exe
Token: SeCreatePagefilePrivilege	2304	chrome.exe

Suspicious use of FindShellTrayWindow 46 IoCs

pid	Process
4520	msedge.exe
4520	msedge.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
6392	7zG.exe
2304	chrome.exe
4716	7zG.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe
2304	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5676 wrote to memory of 4520	5676	msedge.exe	101
PID 5676 wrote to memory of 4520	5676	msedge.exe	101
PID 4520 wrote to memory of 3424	4520	msedge.exe	102
PID 4520 wrote to memory of 3424	4520	msedge.exe	102
PID 4520 wrote to memory of 3528	4520	msedge.exe	103
PID 4520 wrote to memory of 3528	4520	msedge.exe	103
PID 4520 wrote to memory of 5936	4520	msedge.exe	105
PID 4520 wrote to memory of 5936	4520	msedge.exe	105
PID 4520 wrote to memory of 5936	4520	msedge.exe	105
PID 4520 wrote to memory of 5936	4520	msedge.exe	105
PID 4520 wrote to memory of 5936	4520	msedge.exe	105
PID 4520 wrote to memory of 5936	4520	msedge.exe	105
PID 4520 wrote to memory of 5936	4520	msedge.exe	105
PID 4520 wrote to memory of 5936	4520	msedge.exe	105
PID 4520 wrote to memory of 5936	4520	msedge.exe	105
PID 4520 wrote to memory of 5936	4520	msedge.exe	105
PID 4520 wrote to memory of 5936	4520	msedge.exe	105
PID 4520 wrote to memory of 5936	4520	msedge.exe	105
PID 4520 wrote to memory of 5936	4520	msedge.exe	105
PID 4520 wrote to memory of 5936	4520	msedge.exe	105
PID 4520 wrote to memory of 5936	4520	msedge.exe	105
PID 4520 wrote to memory of 5936	4520	msedge.exe	105
PID 4520 wrote to memory of 5936	4520	msedge.exe	105
PID 4520 wrote to memory of 5936	4520	msedge.exe	105
PID 4520 wrote to memory of 5936	4520	msedge.exe	105
PID 4520 wrote to memory of 5936	4520	msedge.exe	105
PID 4520 wrote to memory of 5936	4520	msedge.exe	105
PID 4520 wrote to memory of 5936	4520	msedge.exe	105
PID 4520 wrote to memory of 5936	4520	msedge.exe	105
PID 4520 wrote to memory of 5936	4520	msedge.exe	105
PID 4520 wrote to memory of 5936	4520	msedge.exe	105
PID 4520 wrote to memory of 5936	4520	msedge.exe	105
PID 4520 wrote to memory of 5936	4520	msedge.exe	105
PID 4520 wrote to memory of 5936	4520	msedge.exe	105
PID 4520 wrote to memory of 5936	4520	msedge.exe	105
PID 4520 wrote to memory of 5936	4520	msedge.exe	105
PID 4520 wrote to memory of 5936	4520	msedge.exe	105
PID 4520 wrote to memory of 5936	4520	msedge.exe	105
PID 4520 wrote to memory of 5936	4520	msedge.exe	105
PID 4520 wrote to memory of 5936	4520	msedge.exe	105
PID 4520 wrote to memory of 5936	4520	msedge.exe	105
PID 4520 wrote to memory of 5936	4520	msedge.exe	105
PID 4520 wrote to memory of 5936	4520	msedge.exe	105
PID 4520 wrote to memory of 5936	4520	msedge.exe	105
PID 4520 wrote to memory of 5936	4520	msedge.exe	105
PID 4520 wrote to memory of 5936	4520	msedge.exe	105
PID 4520 wrote to memory of 5936	4520	msedge.exe	105
PID 4520 wrote to memory of 5936	4520	msedge.exe	105
PID 4520 wrote to memory of 5936	4520	msedge.exe	105
PID 4520 wrote to memory of 5936	4520	msedge.exe	105
PID 4520 wrote to memory of 5936	4520	msedge.exe	105
PID 4520 wrote to memory of 5936	4520	msedge.exe	105
PID 4520 wrote to memory of 5936	4520	msedge.exe	105
PID 4520 wrote to memory of 5936	4520	msedge.exe	105
PID 4520 wrote to memory of 5936	4520	msedge.exe	105
PID 4520 wrote to memory of 5936	4520	msedge.exe	105
PID 4520 wrote to memory of 5936	4520	msedge.exe	105
PID 4520 wrote to memory of 5936	4520	msedge.exe	105
PID 4520 wrote to memory of 5936	4520	msedge.exe	105
PID 4520 wrote to memory of 5936	4520	msedge.exe	105
PID 4520 wrote to memory of 5936	4520	msedge.exe	105
PID 4520 wrote to memory of 5500	4520	msedge.exe	104
PID 4520 wrote to memory of 5500	4520	msedge.exe	104
PID 4520 wrote to memory of 5500	4520	msedge.exe	104

C:\Users\Admin\AppData\Local\Temp\AutoClicker-3.1.exe
"C:\Users\Admin\AppData\Local\Temp\AutoClicker-3.1.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4728

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\ExitRepair.mht
1⤵
- Suspicious use of WriteProcessMemory
PID:5676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument C:\Users\Admin\Desktop\ExitRepair.mht
  2⤵
  - Drops file in Program Files directory
  - Checks processor information in registry
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Modifies registry class
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:4520
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x238,0x23c,0x240,0x234,0x248,0x7ff8d4ecf208,0x7ff8d4ecf214,0x7ff8d4ecf220
    3⤵
    PID:3424
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1764,i,11683792954766482885,14363684484465945112,262144 --variations-seed-version --mojo-platform-channel-handle=2164 /prefetch:3
    3⤵
    PID:3528
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2136,i,11683792954766482885,14363684484465945112,262144 --variations-seed-version --mojo-platform-channel-handle=2132 /prefetch:2
    3⤵
    PID:5500
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2472,i,11683792954766482885,14363684484465945112,262144 --variations-seed-version --mojo-platform-channel-handle=2908 /prefetch:8
    3⤵
    PID:5936
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3464,i,11683792954766482885,14363684484465945112,262144 --variations-seed-version --mojo-platform-channel-handle=3528 /prefetch:1
    3⤵
    PID:4356
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3440,i,11683792954766482885,14363684484465945112,262144 --variations-seed-version --mojo-platform-channel-handle=3532 /prefetch:1
    3⤵
    PID:3404
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4892,i,11683792954766482885,14363684484465945112,262144 --variations-seed-version --mojo-platform-channel-handle=4936 /prefetch:1
    3⤵
    PID:6112
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3752,i,11683792954766482885,14363684484465945112,262144 --variations-seed-version --mojo-platform-channel-handle=4840 /prefetch:8
    3⤵
    PID:2564
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3756,i,11683792954766482885,14363684484465945112,262144 --variations-seed-version --mojo-platform-channel-handle=3748 /prefetch:8
    3⤵
    PID:740
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5416,i,11683792954766482885,14363684484465945112,262144 --variations-seed-version --mojo-platform-channel-handle=5424 /prefetch:8
    3⤵
    PID:1812
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5692,i,11683792954766482885,14363684484465945112,262144 --variations-seed-version --mojo-platform-channel-handle=5716 /prefetch:8
    3⤵
    PID:3632
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5692,i,11683792954766482885,14363684484465945112,262144 --variations-seed-version --mojo-platform-channel-handle=5716 /prefetch:8
    3⤵
    PID:4084
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5444,i,11683792954766482885,14363684484465945112,262144 --variations-seed-version --mojo-platform-channel-handle=5964 /prefetch:8
    3⤵
    PID:4052
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6120,i,11683792954766482885,14363684484465945112,262144 --variations-seed-version --mojo-platform-channel-handle=6132 /prefetch:8
    3⤵
    PID:1476
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
    3⤵
    - Drops file in Program Files directory
    - Checks processor information in registry
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    PID:5296
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x264,0x7ff8d4ecf208,0x7ff8d4ecf214,0x7ff8d4ecf220
      4⤵
      PID:2296
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1824,i,10796538614708040166,6881370337178730125,262144 --variations-seed-version --mojo-platform-channel-handle=2268 /prefetch:3
      4⤵
      PID:4624
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2156,i,10796538614708040166,6881370337178730125,262144 --variations-seed-version --mojo-platform-channel-handle=2148 /prefetch:2
      4⤵
      PID:5584
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2480,i,10796538614708040166,6881370337178730125,262144 --variations-seed-version --mojo-platform-channel-handle=2512 /prefetch:8
      4⤵
      PID:3868
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4224,i,10796538614708040166,6881370337178730125,262144 --variations-seed-version --mojo-platform-channel-handle=4236 /prefetch:8
      4⤵
      PID:3032
  - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4548,i,10796538614708040166,6881370337178730125,262144 --variations-seed-version --mojo-platform-channel-handle=4568 /prefetch:8
      4⤵
      PID:2816
  - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4548,i,10796538614708040166,6881370337178730125,262144 --variations-seed-version --mojo-platform-channel-handle=4568 /prefetch:8
      4⤵
      PID:1240
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=564,i,10796538614708040166,6881370337178730125,262144 --variations-seed-version --mojo-platform-channel-handle=4348 /prefetch:8
      4⤵
      PID:6296
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4652,i,10796538614708040166,6881370337178730125,262144 --variations-seed-version --mojo-platform-channel-handle=4656 /prefetch:8
      4⤵
      PID:6304
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4444,i,10796538614708040166,6881370337178730125,262144 --variations-seed-version --mojo-platform-channel-handle=4364 /prefetch:8
      4⤵
      PID:6312
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4860,i,10796538614708040166,6881370337178730125,262144 --variations-seed-version --mojo-platform-channel-handle=4784 /prefetch:8
      4⤵
      PID:5760
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=752,i,10796538614708040166,6881370337178730125,262144 --variations-seed-version --mojo-platform-channel-handle=4776 /prefetch:8
      4⤵
      PID:1380
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5064,i,10796538614708040166,6881370337178730125,262144 --variations-seed-version --mojo-platform-channel-handle=4528 /prefetch:8
      4⤵
      PID:4100
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=4824,i,10796538614708040166,6881370337178730125,262144 --variations-seed-version --mojo-platform-channel-handle=4980 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2816

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:3696

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:4168

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:3396

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff8c105dcf8,0x7ff8c105dd04,0x7ff8c105dd10
  2⤵
  PID:5960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1920,i,17332242070999490471,15843984448915262065,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  PID:2268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1600,i,17332242070999490471,15843984448915262065,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2304 /prefetch:3
  2⤵
  - Downloads MZ/PE file
  PID:3692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2424,i,17332242070999490471,15843984448915262065,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2580 /prefetch:8
  2⤵
  PID:5556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3208,i,17332242070999490471,15843984448915262065,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:4728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3412,i,17332242070999490471,15843984448915262065,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:5756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4400,i,17332242070999490471,15843984448915262065,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4420 /prefetch:2
  2⤵
  PID:1844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4768,i,17332242070999490471,15843984448915262065,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4800 /prefetch:1
  2⤵
  PID:5568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4976,i,17332242070999490471,15843984448915262065,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:5572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5460,i,17332242070999490471,15843984448915262065,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5380 /prefetch:8
  2⤵
  PID:344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3576,i,17332242070999490471,15843984448915262065,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5684 /prefetch:8
  2⤵
  PID:3200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4972,i,17332242070999490471,15843984448915262065,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5604 /prefetch:8
  2⤵
  PID:5524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5784,i,17332242070999490471,15843984448915262065,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4980 /prefetch:8
  2⤵
  PID:3296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5456,i,17332242070999490471,15843984448915262065,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3244 /prefetch:8
  2⤵
  PID:3712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5596,i,17332242070999490471,15843984448915262065,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=6060,i,17332242070999490471,15843984448915262065,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6028 /prefetch:1
  2⤵
  PID:4716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4676,i,17332242070999490471,15843984448915262065,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6240 /prefetch:8
  2⤵
  PID:3412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=3524,i,17332242070999490471,15843984448915262065,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3516 /prefetch:1
  2⤵
  PID:6684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5012,i,17332242070999490471,15843984448915262065,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5908 /prefetch:1
  2⤵
  PID:7100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5604,i,17332242070999490471,15843984448915262065,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3612 /prefetch:1
  2⤵
  PID:6824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5036,i,17332242070999490471,15843984448915262065,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3184 /prefetch:8
  2⤵
  PID:3496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5504,i,17332242070999490471,15843984448915262065,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3560 /prefetch:8
  2⤵
  PID:2936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4672,i,17332242070999490471,15843984448915262065,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5076 /prefetch:8
  2⤵
  PID:3680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3960,i,17332242070999490471,15843984448915262065,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5568 /prefetch:8
  2⤵
  PID:5808
- C:\Users\Admin\Downloads\7z2409-x64.exe
  "C:\Users\Admin\Downloads\7z2409-x64.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  PID:6452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=6504,i,17332242070999490471,15843984448915262065,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5024 /prefetch:2
  2⤵
  PID:4680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4832,i,17332242070999490471,15843984448915262065,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4796 /prefetch:8
  2⤵
  PID:6940

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:3228

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3568

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:7164

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Drops desktop.ini file(s)
- Checks processor information in registry
- Modifies registry class
PID:6372

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: GetForegroundWindowSpam
PID:1296
- C:\Program Files\7-Zip\7zG.exe
  "C:\Program Files\7-Zip\7zG.exe" a -i#7zMap378:76:7zEvent22106 -ad -saa -- "C:\Users\Admin\Downloads\infected_2"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of FindShellTrayWindow
  PID:6392

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap6726:72:7zEvent19070
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
PID:4716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping5296_1564798429\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5296_1564798429\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5296_1904991022\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5296_275203587\manifest.fingerprint

Filesize
66B

MD5
496b05677135db1c74d82f948538c21c

SHA1
e736e675ca5195b5fc16e59fb7de582437fb9f9a

SHA256
df55a9464ee22a0f860c0f3b4a75ec62471d37b4d8cb7a0e460eef98cb83ebe7

SHA512
8bd1b683e24a8c8c03b0bc041288296448f799a6f431bacbd62cb33e621672991141c7151d9424ad60ab65a7a6a30298243b8b71d281f9e99b8abb79fe16bd3c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5296_275203587\manifest.json

Filesize
134B

MD5
049c307f30407da557545d34db8ced16

SHA1
f10b86ebfe8d30d0dc36210939ca7fa7a819d494

SHA256
c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54

SHA512
14f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
959c04203ac7db440b8dc8a30bb4971e

SHA1
0f85fcb00cfd4b90290de9043989d9d2dd90b0f1

SHA256
281ca2666a4ca47d9d63288308650050edbe073675342adcf879cb428346b4e6

SHA512
d26d7dbc0e9e9d77d8ec0e4c80e71efebb266fb10b9d584ceaa72b3d3a38ae0fc93fa15790c07b25d0352ddb554c51c47db4c3f367c9aa35cd8ae1ebe3487176

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
23a8ec130f9a2bf3ac212ba528a63db7

SHA1
a16d53e814fa4bd3fedbbf16ab7bf68ab8fd1903

SHA256
5d3dd96406d3fa727ee59fb4430bf6583938107c182016fa5e8a2b666f9a7787

SHA512
fd036f6b3bfa8bfc224f5b6121e5aad0e540c2b27635e8f24f78e9475b0ca812db8bd65fef8adc646b8236e87f650ca053bfb728fc35541006f0caec9424152d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.90.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.90.1_0\_locales\en_US\messages.json

Filesize
1KB

MD5
578215fbb8c12cb7e6cd73fbd16ec994

SHA1
9471d71fa6d82ce1863b74e24237ad4fd9477187

SHA256
102b586b197ea7d6edfeb874b97f95b05d229ea6a92780ea8544c4ff1e6bc5b1

SHA512
e698b1a6a6ed6963182f7d25ac12c6de06c45d14499ddc91e81bdb35474e7ec9071cfebd869b7d129cb2cd127bc1442c75e408e21eb8e5e6906a607a3982b212

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
cdd98b31f5fb46b1900f899e9ea092af

SHA1
832eef7eace27cd6ba20c49d9753e560520d3e68

SHA256
770954e9a98b1a59c0526241fb267f4e2a9e8026fd3d2ba69fba52ae46c1230a

SHA512
d4f1fa9fae79df038c549c672bf094bb6e0bf31f45f79e9768fff256451fe78ad769b1ca443197bf0815ec1a0a66c108240c48ccd91e877d005c780ae6d9b524

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2c9b294cd038ef743d17fa3254cabe0d

SHA1
7453e3e95fee0d1f8aad4579d35d01810ae56966

SHA256
f6bfae1a0ade6a58586495a95386bbb6390e1fdf69cb6aad26f1d1741caa9bba

SHA512
0300dafd37d460fd73577fade1560cd79ccc34a1f96bfdf07f729633785c05f84190eb587ee791938fe6367dee2af08a6515f83318c9ec9fbb3386b02e2ed164

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
35dd30f7dde0ca8574519acaff5b8989

SHA1
d36c1cb8596ee6c3aee7c993889bfa91bd40f263

SHA256
72529fd4621617a2d3b26fb820185363e425e89e08d1890e853057d9b6117671

SHA512
3038bd32b12e714ecf3e63ac53e0bc8c223e51284f2f452ba21ba6a040c22267adf7dac5401f8f6e3c3a4ac7bbccea37175263843e73465f898b9df9a9cdfdcb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
db118e8017dfbe11646970dfa4fb624d

SHA1
239e49ba0295f582e84c68c842cebe472af30939

SHA256
45c4a55ee57420c80915420104c30bc3932e3d53ecf5ed4bd3eafb4b482e9db9

SHA512
0a77b7c0db0273f921337fb140db0e3cc7104c480683df74349751774358ad2d7b9edb8b4c73bfec38374393009ff3329f60b24202a6456254dc15ccf380fb03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
e5849a75f15a54eb2e41e9d25c5d27fc

SHA1
40e18e3d1ab476adf8e9d436b8ef3570ca17479c

SHA256
320f7f4292eaf2ad52f1a903c7bfadfe9d26cf4a87af3836a645423c570cec1a

SHA512
7b8cdd8c9214ee8a793987ea1852e7c14796f505ae81458dedd4eeb8f52268e69607920c09d907358980d060dbe6b740c3677cc3081825d48f27dbe3b052b058

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
b0dad4c5426fba136d815fe789eb5008

SHA1
511e722fe5273afc27762a0153cd1c694b92a25c

SHA256
a170b74d97d8f4a1bb4622f3d5c5b0964b6976f06bb2c33d7cb33ff71980b3ea

SHA512
5a0e5a961914888516c513337afc639d3e84ba2404e9bfb92d959f497afb7e020e63b117ab22bb3b5c5ebb0b502cd12e8b19c7131ae167449d6d20aff0890947

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
6af4f4753008fa30463a0d23311d38a2

SHA1
31051f2070b415773ba8f86928adba64d328013b

SHA256
ff81c327b12f773b345cbc263bbf5b8e5c8d8c906e8a51121575b7601163de80

SHA512
e6a9364c6daf9b0397abd88f9a82665f86fbf0fb5b16349028c180a7c2436023fdae92787f8d2eb64c39304bc06c4ae73939822c776fac482a598295cc0aa8eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
18KB

MD5
e4c8294f81b20a859fe2cd935f155a46

SHA1
4785929d2234601617c1ee928d3b55f6d6500938

SHA256
4108b73dd5c3f7f0fba898f939b1a54bff0b02061bbf7eb15b2670488db0d33b

SHA512
3028845682d37d52dd89e54b77937ff6b85b80c1db862ed8d8c61410bcf35780b2d17dc9adc78d8a78de9bcf34cb06b6bc42fcfd819fcf94224b6eb13c47bc76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
88d58b4a35b6d262ed0b3e5cb1d75c91

SHA1
71e69b35610ac0a69f67bb35501fda8c86cb2894

SHA256
5dd6eedb7943c20d3f6afc3047940df4d227eb755b982cc29a1051b31455495a

SHA512
02196f65ed5c433621e5716368ab9e1503722b132fcd760e0503b86cfa953e0291337b612ac82e1c1fbfb767d5420641d36a5a4f20ea25d68d5ce49e8c9015a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
d67492311d2298d0fe1358da9e4959ec

SHA1
c261320c076067f5847e9eda9bd3720e59a60dd7

SHA256
e058a78cba7d16813203daf0cfce0936bbf1b109aa128491fb2cc52667393bbc

SHA512
a7c83c8f634b93bdeb71760a0124008113ea0fa49e0e3462db21bd198a1814dca4b71e6c497322008bbc1504fb167ef87989fc571b7bb461a8c7692e1b571451

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
3acd26bcc219d2b684b5ece064938d44

SHA1
2544d8fa65d5e26e6b3684d18cc8796cef0f20a2

SHA256
5713108fa4a86b42890d5cad41764a8e003b2149b9106d6703c0a0f710c6914a

SHA512
d08b97c8bbfd04b5577331f585078565d1cf3963b219f48f615e8acb96c3abba78e7d50556c5489d35636442546afa2ed1db40564d2e6847ab5f852bcc32e9c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe587ac9.TMP

Filesize
48B

MD5
a840e38c4f0cfb9e5482438533443f69

SHA1
8f66d9d5e34c8f0b12831c024244fa3c595deb40

SHA256
91ed5501ab01a05927a5790c3ece598c462b29ab1aad205403e10e42f5dea6aa

SHA512
2dc49b8bb614530761b83bc5acc3c55340692b212fed8573d94efdf714d6c31258fb465cf4d52423afd9981a61e0b38f4c97bf8fd52b624e95534f6f74db5b33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\blob_storage\611859f5-ecb1-4c8d-a297-253e3a9821cb\0

Filesize
45.3MB

MD5
ea92332f0c95ddbaaafa2cd29913e589

SHA1
0c6eae028e128786140df36da249741550ce2315

SHA256
ea9ec8dbc3497f3f6fadbeebf7cdb9e03dd5c36b9d52a56d96b5a9fb464d2ff6

SHA512
9605e30cf766f0f16e09690bd6c3304f01450106d45e2c535717932a9d9532c81e2096c54e22cb94ad02af4f49a517a9291274e3c4f168d508c1f22265b90e86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
153KB

MD5
c525b0ea135ef1fef941679cf7d1d43d

SHA1
9ea5fbfd8a16f33190ede8217c9d727a04fd83d0

SHA256
0824362f98bc9421072f8df85463c62699c24f3371e642876e2b0916e926496e

SHA512
28a3ff462d7c7aca2bb47da33e1e8e359e1477b635fe799bfb6241df3fa9731bc6ed888c6924ce61b071f0ed7d01b51e675841cc70ad6318ced518042f121f7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
154KB

MD5
1bb1bc4173624e2626d7d2eb5d5a3100

SHA1
2169d1757f050dd8bc57784182143f4dbfe74337

SHA256
d5a4803343250dedf5996759cc9ffebf6b3b2281cf82af7f4c992f1e52e87e68

SHA512
41135d2fe80d1c1b5f0da9cc0f223c18b747a39248779dd5f104e705c5e1dfe2dd916700394829014655c9d883030afcd8bf70bb40f9492074ad416d46a2cf88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
153KB

MD5
b5959c0af3aa56aa5e29c144489da7f6

SHA1
67c32efe51fefc6a410977c8b109caa41615b7cf

SHA256
282f39e7e34f47b1eeac08a1b2fbbde61c3eae374a4c0e4f13a3ecfb12d256f6

SHA512
979d86695b55ceccc4f6a4ce1e89e9d4964bc793abba142010053786b49e2dd7323db9526cbf88c96720f7d1ec5a519b30ee0b5c4b6fb00bd14f421325a7291f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
d129fd678d19ac1333977b43db0d9132

SHA1
62742c6d83ddf7e863d143f2617b7390bebf0b66

SHA256
7a4ff8ade9f9b7b7d36b58cb1b969f4f21d260db3a9aa7834526f9849800f5fc

SHA512
5b33059b5f1f43517b957a19466667748148a553e12e0b6ea651b1805b6563156b17b5d0796f29a246ce1732db3ab9be5e7109194546f6dadcb45ff38cc76673

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json

Filesize
3KB

MD5
f9fd82b572ef4ce41a3d1075acc52d22

SHA1
fdded5eef95391be440cc15f84ded0480c0141e3

SHA256
5f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6

SHA512
17084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\CrashpadMetrics-active.pma

Filesize
16KB

MD5
3406d3b708dcef0116bffd8eaa181ad4

SHA1
3df64b48bff2b9d4160d900e91a7670046a24340

SHA256
fde3b41a5711362d7f3df7d71563d5eb6cc679bae7f80f74afcdf81dbc09eafd

SHA512
d22d05c221bd19bc3b07e9a5ed722fbf8fbf75d695302fe8ec441d6d1e653bd63b3751a9608b344cc859feb79c5869aaeedd08bf846dc01a522b3a0dbb1637d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
df2d1721cd4e4eff7049314710dc7c11

SHA1
f5aed0158b2c0a00302f743841188881d811637a

SHA256
ba336ffd1b01965d7ab0e5fac5415e43cb594139c76b19e4c0d9b5b3b67c1e93

SHA512
11fd520176193f284563c7d050e6a7ab4e9895bac49fdc05759bab2c8a69f224858ccc784b351fc1d3ee5d39345430f9234623c9390978d7daf6a08ff5576ef4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
e61eb5f2f28c08fc13017d2619cbd8ee

SHA1
a477f0027afcc208ac09800fadc723a5fd4b77a6

SHA256
a4f15be985049920256da76ec19f0b012c12bdd66433ed66a333f9e487323d04

SHA512
0129dd8da797a2185d7a1c3e3e0cca8431b09e65c169a6cd7a34401d06a0e6a8640d596a60391f1f8662935fcbbb3fd4c8fb07bb8b8770a824130413f7c00a40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
3056b9a6df3df92541b73b674ce217fd

SHA1
aac870c81320ff4efe4bb1a0449163e210ce7baa

SHA256
1058949b19a206b5695d9e6de9668a7a826db96e77555e641ec9b0a71ee996d4

SHA512
99462357c3ff9110108fcce24ed7f3889019cee34ac61690d84facb6998c763f8e45ba1b4b35589100f251e4bcc93b3e64010b6a29d88d1a9e1188ecb8a49246

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
dd8789070573199127df9e38e15eb261

SHA1
09423ce5a6172966958a07c6269f3899899de843

SHA256
89043e3b90443dae0df4130d178c1dc2b2fce9d50f99ccbcf41e3cb2aad4653c

SHA512
ec95415f014265b0e6ac2c3d756d64dc380d1056b89a693bf9f85ce14686715a5e0c5dda703be4d4a674923a546776d0bff30d83459d3a327713670b6718626d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
41d16effeb41fb3b012e4ce1c62321a8

SHA1
4b7b5c0e038922472eb862628dd69d2b812caf5f

SHA256
eabce5e86689d7325e820f7afc671910124d83b3592b9b3bcff1f25cf55b014d

SHA512
d96e14e64f54ee9d924c1b13989a925632b98b6744523a9b73715d12798fc5be6bc11cc2b9d5639f99083a0b89fa6df61db839ab3cc199f396a422e1bc24c810

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
bdf1a21117a2639f1a70467f4c02e588

SHA1
4a18329e5e9f3e19fa16e6291301d6e482cd0903

SHA256
fd4b0a146889bb6b39089ea082f278dd61f41a726166dcfabf1612fbd9178ddf

SHA512
19f9514ecb8922918f21e0c965c18ba34c445094196abeee6591ef369bd0060648551727ebb6b88b2dbb19529c124ba5ed12eca3733c5b3ba9af424a26e5f3f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_3

Filesize
8.0MB

MD5
bfae5beb887eaec2ca941e1d73526a4f

SHA1
a49d37cf3744a25dc6fe02ab6c36e9388dde0674

SHA256
8925ed0db6baa71a8563199963e121c838db1a876fa4b8cb4adc27b442b5275b

SHA512
9569151ffaa31f61563fedd3aae571705b15204ca6898236296b7a89b46ca94672906cbe4101f9c447b3b2e3dd5c553594ba737f0482c57731bd633a3be3c56a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000072

Filesize
19KB

MD5
5e5ae2374ea57ea153558afd1c2c1372

SHA1
c1bef73c5b67c8866a607e3b8912ffa532d85ccc

SHA256
1ef458d087e95119808d5e5fecbc9604d7805ea4da98170e2c995e967da308f3

SHA512
46059e4a334e0a5295ebcef8401eb94b8fa0971b200f0f9e788ed61edae5018c917efd30b01631cbd6bdadc5240c9fcad2966ea0aa9c94b538bcc369e10bbbaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000073

Filesize
191KB

MD5
eaebb390ddb3b1c0e07904f935d29bd9

SHA1
dca8da5b24b1b18b3c8dbc2523f5d145fd4dae13

SHA256
9478515162e79256323883a5092b39e0045dc8213d7dcf7be5dcc1ec5b70e9e4

SHA512
e2dae28c4661b3bb65b3811803a9396e1c9b16eb187b60f2d4d1a8cc65e2ad6ce0931a48e942b5d920bdc263ea939b9164b649edc3752e83daabef9366a186e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
1ea5aa404ef5777f7eafd297d098133e

SHA1
05d99c5970e45cca96c05e22c8639eb02fe45d04

SHA256
c2d9d41706735a699823301ed9260489b66d19b20ac727217652741a7093ddd2

SHA512
c823c111a341dde8fa2569ebf3e19c94adb084b99e45051cec882c378f8f40529e02dc4fc7537e08a0f7cb4074260a50565aa4948d94ad67fc42b60fb5fa32d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DawnGraphiteCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

Filesize
343B

MD5
994293149f1aed1f9134b565ef25834c

SHA1
2f0745f1b19565b2e58f540903d397a6a122fc29

SHA256
6bb2ab40c2260797d8e260bca7ecaf16ad6c34192932a3c4493f30f82f09a8d7

SHA512
fbbe0e3dd5fa4967c9fcc49848432845ab3ee4297c6c5ee3eb455e10691cb9377331030829fa644c79010f7800b33b10321fc55cf8f5ea2bd006dd49da4a17cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

Filesize
32KB

MD5
009378239c43256e159c4f38f838e222

SHA1
d9e4d70df77851b4d3517a438db2300a5c3342d2

SHA256
eb5be820522ba3342d4a6cdfb4a9807f1bfb999f910db7ec424534e472870b45

SHA512
c2f032a2c55293f2391033a883bd9db1cefa90793bda9290b4dedeacdbea0b3762a85cc34566c197cfacfc24d668c666db771663c7b7063f2fb47b5654ce309a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

Filesize
399B

MD5
a15ac2782bb6b4407d11979316f678fd

SHA1
b64eaf0810e180d99b83bba8e366b2e3416c5881

SHA256
55f8fa21c3f0d42c973aedf538f1ade32563ae4a1e7107c939ab82b4a4d7859a

SHA512
370b43c7e434c6cc9328d266c1c9db327621e2c95ad13d953c4d63457a141fbf2be0b35072de96becc29048224d3646535a149229fc2ba367c7903d3e3e79bdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
322B

MD5
7a282436725c3abce50f8023efa67b68

SHA1
e1b0f71a61f16f965ae3759c62351bf584d6471a

SHA256
cc11641dccb1fa2387b744766fbdb85b174afd6052c616ebf6b912fbbdef71c2

SHA512
3a0e6a3a3c8194a73e1a159cdcc98fc329a251924d5f9399bb8d352c57312e018fbab54f1b28166dd1bc6fc33ccb4c637e3d4ec98bc33037bb178e2c76deb034

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.90.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
192KB

MD5
6a5c14addee6186db6867e676c9a9885

SHA1
ffd29ef1c66cd92edb95fb504eec27da99e6ae8e

SHA256
316f4e824c114c172809ba24dcb5950d77f420b0f854a3a9566c408a05d37acd

SHA512
805fb19f0be4941d126de0a8cbcdcec3be27247a4831fac36123c5eac564c7278a8e504301c7638331addf94b6f0fd6df889b3b38218628095e137f081f666b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
2b66d93c82a06797cdfd9df96a09e74a

SHA1
5f7eb526ee8a0c519b5d86c845fea8afd15b0c28

SHA256
d4c064db769b3c109da2ed80a53fbab00987c17421a47921e41e213781d67954

SHA512
95e45c0aea0e704be5f512dffaae377d4abef78da99b3bca769264d69be20f2570daf2f47905645217e1b2696e42b101f26149219f148b4d6dd97a6c2868b6f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
334B

MD5
9e3e4d30fd5b22ea702bd16896adf009

SHA1
d0e7a910b74e72930fb389c9c9c982983fbc7e7b

SHA256
aadc67128b8fedddbad86601e64340b02e9d1cb577cba75569060184796db2a3

SHA512
4164c9e007db58b5b6dc4559092e6e1ac1290043b55490ab285129595985e6299d8f0bd43f66f6f20dfcd1dd42c3d17329f1de596c4895665300b59358fa0552

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
d951b69c8d5b93007bad88bfda186868

SHA1
b893cb6332dee64e3b36e81e394d407ef57976ac

SHA256
5c5282a367ff701f4d737a62d7f8538efaa6e2894d8a37ea629ff67f6fc44acb

SHA512
41d033ce9ab94ada4b5fd5b866f41463f23ff858390201f8230bfcb800255a7be02cb413d01d2bce941ec98155a62878a236ee5d5c89b4dacc394e0b996f2b27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
9e4dee04781f8644f5527b2ed32129c6

SHA1
67c2971ff0c2538f5ad890d2429078d543bc469e

SHA256
41c4f9af2ac31dcefa40d10df3e3e9e4e7604ab862334dee6e780ff3c19111bc

SHA512
704aa69079b9620b5037357cf33d4a2295a56ae896af0e6809094124506711e50c1a095a34e055a59bd385a7e2167a1d10495cca1c55520df1686f775c1c8487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
3f550c8159115f7b6902c371f84a893c

SHA1
55ae56dcb8fdbe018a2eeb6dae5419c5f15fa233

SHA256
10222f3543bc20bf399eda3b0b7c5ac6f309626b61f65b7d508377298cd42ade

SHA512
a8fe681f24c96cf84923c4725a55140ee4b5d4ed8a7f60a29c5d4ae3e0569e2ea3c548c399b7264ee5930399400b4dd438a4708be7e0b8caa9e47312d193360a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
29c081210acebc548bde0a43b1ffe8e9

SHA1
bb0967863029ed5091b3fbf35debbe802d2d93e5

SHA256
ee4f63af24cbdbceb3da2bec2d7d921b0286897a25aaf13feef10fd58c734f18

SHA512
03c48a750f76cd0854a37113c711379c7c1a080c4de917f67e788a7e3459a8ad65809b843ec2f8eadf1331ced1572c9f829525bb30c6aa84a75641ed67fb8367

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

Filesize
338B

MD5
e60db21205f287fc6fbc6aeedd37bf7a

SHA1
911e3569cb3db3aca049b2488fcd99b199f121ec

SHA256
ec1a9b037428c48518a9da8127bd92a4ed3e08af3b693b4bbe52726875928319

SHA512
8dac8a3d2210739b287b068f80cd81f4db6c250365d1918988e68eab18fc748a76c429a3000815d4bae95cd60a89c307d01f911c243eebb5cd4ecb85585327b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
58d0477694d74cc0cfd49eea09b82de7

SHA1
5e2bf3aaeb8dcd5ee7b069e3a732298b0e416c0d

SHA256
0330eb5f2ac9bef2dabc606ce27f0af2a90ed96426696cf94545d1955089c43d

SHA512
085d97e18ef125c3ec1460eb1bad7de04dfe7e2dab80b88d9201a3632117be0316e3522e99d3d3c6f3e46e3b54a7290925cb73b1bff77c292e12595a9bc8f839

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
e4e642d049ab5103355b3f3a519b43e9

SHA1
6731347e41caf2e2dd8b51ef0694db7bed31bfa2

SHA256
311233ad1ca1cb1ffb875f4ba718293f5e5f9adf19750c6177f29066765627df

SHA512
311b64ec6b2db98362deab0973f11fb98aa33420381260789c71c1c3e5207becc36754ec50bfa7af347145747009d9f98dc7d40b9cb39d2e4f9bbf72ff1aa2d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
24KB

MD5
e1ace4949c27f97de90b690148da1fc7

SHA1
5db29885a75da29c600c5aba9d6515d7d5b4c2b3

SHA256
1b924b82d8377a9e58d540d04691a76180bda19cd2347b3b4df8791f1b31ec67

SHA512
cd9e99320c5e99c5a0abcd419c81cca93b7b15b90f63b261c3a8008fa9db0a9219d56af714a6eff9a410b67d2162696c6d3fb2b25d9140a4497e4f8e7d789d85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
70bb072da4a333334ff4bdc8fdd87d76

SHA1
10c00377fedb6048bb4fba4b62a4737bd6a74e8d

SHA256
4b585eecb61a8d33c69573101d7ec90fe9d6b85e48fef87fff95b8aa31aa2376

SHA512
6b21916fe72702700ccf87f68ec2857cd8ad2697a411ad23475f5940074c025a5e15111ae628e9d7a9c681d6e95436dc551701f90f85de3f2ebe21f5e401cc9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
700955c80bd09f7672b6e25987a63fd0

SHA1
c6155d6e3036036c1c61dc05862c1bc8c58b5792

SHA256
ec7bccb9b483314a38f5e5677c60b5bf3e4ade2997e944b43719dc2aac96ff25

SHA512
ace945fe7f516146c91fd4fe7072860280e0c06dff09f1b6369f37f340594ecad9df5bb4481436dc681d5642d9a3e362a2c4578b7f5671c95f3fd0fc48cda542

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
228KB

MD5
faf528b85cb412920cef76d9de176950

SHA1
6f387d6b5cf8d28740cc5d736a6782e06a567ea9

SHA256
df3b6cf59d531832bf74274076d81c6675ddc32912f55f58e6bfb9ccbfb5799e

SHA512
231dfa4347c2cf988224881a9165ad20e5bea72e83e04747558986c74ab27f21c2ec2daeb57a8d62a047fbeed9e2e78dd84be9cf478c100bcfc3c5b73493bcc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c2c0de5d-b5fb-4a75-bc78-05af7df57da4.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\default_cloud_config.json

Filesize
12KB

MD5
18261eb12378081f939fb9415ca0c9e1

SHA1
20d4ff782e17fe45e71c3f9fc60a94655f72ec7c

SHA256
12bbeec9a0af9e3ed945b28b9b8ef89b2f897768d1ba3ffd6f3fbb42fa5bc556

SHA512
fef634b4ce77c2f36ce1bdd63e8ac28e76cd089f0bff33f4425c757ddf37fe9fab30dea7b5bb51c91eb27012cf78800e03643e13d51a25bf624ce58ab3488a80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\favorites_diagnostic.log

Filesize
2KB

MD5
e39df9ef795722184be78ca1b1d2e66f

SHA1
95cf52acfe6bd89878ca8258169cf9315edb0277

SHA256
79ac56767379d966fa2f15f9779825705f5cd4512953503062a5cc6fabd1946b

SHA512
aa23d7fbfa5163baf236f326ee9a711ed71d15f7e1944af27d5a085779a698eba5dfe011124474fbad63de705c878efb37302903b42f0c52017c87961a7bbb17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
10KB

MD5
935042977193fa5ea93d09e5b38a30e1

SHA1
88c1ebf19e6be5b66ecb6d51ac86fbebf7b328dd

SHA256
bc68207c1134676ab485c92001c63adb0bde20e8800a7e514bb2a7411144de74

SHA512
87bf785cd311ecb93736047eaf6bf848d2a016da6d1141d0bd863e6d62b89dd52505d075bfd6c554e16732e226dba9721eaaf24f5e6d651567c9e65eb5c43ae2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
c2509b028ccfaa7c15d7725051c0039d

SHA1
7a0cad30cd4aa59aed5d6e6932da154cc39450d4

SHA256
6efd0cf003223ef23764ea3bdeeacf70e98c595676ad9c38d21bf586683ac6aa

SHA512
84809cef4ad116c91c8d22910e3c0d09db2b2dd64bb3860057598248bf3d7e5c3ae8c9bbca47724e12db8ca03038650068cc8c1f1b59cf2bf6cbb5179829ae85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
1KB

MD5
fdcdda07d04ba045f5daf659c6cd2886

SHA1
8a149b0a572696f95e670018a58bf4e84ad763c5

SHA256
6c5c3ab17b475f060eada1690230897a08049f831b674e1131fe8f8b8092288b

SHA512
115adc25e2256d88a57bbd2b2f943e8fff0f135bfdbb1e105fa6c09f1ca671c4cf5d20cc13c6e72c04084f1b09db211ae5b7c062a58646dd437f32eda4f397fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
da8f9cedc23d5e5b70ad09dabb4281d1

SHA1
58f69b8d68d69767d4b825b82ca9e6188ff001aa

SHA256
e5b5808d8683a9da55563a759921f5acc0fa6becd3ecb5684abf026cc1af28ba

SHA512
6622fae9b126b721abf262964f10d3245fca96d8c4bc732a7f6f1ffabf497a8249a71f61b172864eb82a4cba66af3c2b5aae987339ced7027c824e802e77248d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
7f384ab8f8a77d7281e41e8778d285de

SHA1
261b5516e928de82ebbc0e3f15e357a17d0f82eb

SHA256
79115f067f30ec6f2331e72cf42f0b11d7a2831d8767fa0c6de9cefb1d0c001c

SHA512
3979471f8e8204047c2ade1f1a23d94af6cd03b6c42449b5bf09d30c0cd8bd2dbcdd9c22772a99e0581ec4fdb84a68689fd925eec3cb41003068c18a8ff1a38a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
900B

MD5
44fafaac78a8037da0401b960b938b38

SHA1
55c6d459724a8bfd9fe8b42b94202e43f8befb8c

SHA256
adc58cc4674f85aa42a58bf478f4605216fd1186ba65c4929a47e321d78161a3

SHA512
16881af5520c1f7825ea82cf33ebb1a5143fac083ddaa9a04a15098435fb0a00778b7c2a0461fb7aeaabacf10d589d7bc1b96fd74f846ba23b06c5fc69a0e320

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
467B

MD5
bd4a77383b0b168246f2307e836c5dee

SHA1
97056da3e989c038169e5d52b7814aaac2bc4764

SHA256
e696d1b1c61577fce295f91f6b003d8aa2fa92ceca95c7e812599017014f1294

SHA512
f981544938a01bf4a73bdb2139ed36569c84b24f48fb0117f7d4d765a92db3d5d8d08a73fddf20c4b6d56224cde46c1771c480ae5cde560024cb6113d8a79519

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_0

Filesize
44KB

MD5
4f1ffba946f7f940396587787d35bd3c

SHA1
b8ba74069744d248aed5272486644145cc4661ae

SHA256
ac4b179ac906d22e9d5b14de9597821e8fa8a0186f4d5b141230bc8928de9c01

SHA512
8fc52ed7a93b1e2474cd75f376a930be143483b34047fd31610da0daa2ddc43b185b1fa9349376ff293ef71ba53784bee76c224d110a66452ca98e71bf17e3e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
5e8ab72db87edd31f3a4eaeebab31e82

SHA1
3c8be7b06afe88541ac5b00fe6d9b1313d6ee421

SHA256
a4260dded5d7d6669de307fa8c84ca2ffc0edf6c53c55eed5644b4759e68f060

SHA512
01d476086d57f45a48428f933acb711b06878fbfe917c837a0f472eb64fb89890c8097f543cd7ed9d3f75721d1b5cc45dbde0d12104957fb277c23d6a59e5b91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_3

Filesize
4.0MB

MD5
83be4f8e699d1d6d2cc0cb799a09e964

SHA1
8ab55246301939035535c9dc290c943f6f797140

SHA256
c676feaff57fff362393bfb6a258dfe2006662c8fbeeb4aaa03042de0d419e53

SHA512
3d18658e5f5089f7ebd7186b654d3e8117f7399c2e6c63bc7d879d6ddbf763474dcb732c14d69aa6f9f1969d0b31a25e16091ecd579fd645eb8c9da7e2b9f041

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_1

Filesize
264KB

MD5
bf6d162e8895b96cbcaf709c1085e13a

SHA1
45c6399054254723c73a4cb046422c03f0468bdd

SHA256
d1fd6626ac30575b33d5b74b5ebf8cda75ca50c9a9440ea20691788c703ede63

SHA512
859635a35829fb4617703bab73d2408bf147ce8bf4f53416123cfc65543dec8898ff72737c9685fe01534e39750e0b2cc77127ddc8171780140b124d1340730c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
13B

MD5
3e45022839c8def44fd96e24f29a9f4b

SHA1
c798352b5a0860f8edfd5c1589cf6e5842c5c226

SHA256
01a3e5d854762d8fdd01b235ce536fde31bf9a6be0596c295e3cea9aaf40f3dd

SHA512
2888982860091421f89f3d7444cacccb1938ef70fc084d3028d8a29021e6e1d83eaef62108eace2f0d590ed41ece0e443d8b564e9c9a860fc48d766edb1dc3d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
9d933a35392132156d5bc2fecb2c164a

SHA1
865d639ca1d3ea7b3b921cadb020ee685511ae07

SHA256
bb356d809f86c75ad4f3c53070bd1e02fa6ebd9d11c08829521c5c3c0a0a5beb

SHA512
10710f059513a03d3666f4cb37108246cd41d7714c88434f1de2addadb239bd18886f06feef7e3d0805d70a047c0bcd1a909560048c75884c8674156d8564171

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
f469cc762bccaeeeae2ab960f2c96508

SHA1
d083df955ca496ac7bacf7d00f0e95e3bd4a946f

SHA256
1ef4384aea7f554298597843da290e91f405d1b14fe2569f0be60e8650349800

SHA512
2bc9e513849e39386081b1d3cb5d34a56bb1005378377540186f1a24ab21709530ad261db5d4887cbf947928b28888eb8011baf54994907cc9441effc7f0e201

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
3fa05b4cc9d627b5d38d5b85dbc04a00

SHA1
e271c5a88938735d4bd89a3f6b80fe91a275debb

SHA256
9d89114ceb8b73c16980133b44227f1f02a3f8450f4e5b246e4083d92024c26b

SHA512
03bf3d1294f4ee5e2ef1aff4142d9612b85af53e53cdf763d9acdb57bdda93a792ae8b0a634c2b1b8332b47fd4d8f972ab7760739b0092530d3d8ef429ab3f76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
824230158a4e99e900d32c760a2f10b4

SHA1
e4b2bb3695e0cc4614687e2b29d66085358de9d1

SHA256
b396f1bf9528a55936db43075177f7d7ebfa4227ad13382ba3c880a6eb4439b5

SHA512
48085b00448e244a2fd85f16c8dcfc4e406d4227f9490a67f742aa80998d3d20e83535ad698c75e82b1b989fcac6b76116c5194524667526d1d5b1b42d35da99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
4dbc0073ea111e12311300763ac53dc5

SHA1
76a31dccee9de15d274eb46eb7c4e93a8dc2df73

SHA256
53323cbf8c5c190bc6eae689946be54eb25fbca996f3fc00807a4cbb299e5bee

SHA512
0cddfb39257c36e83fc8c8ee2272c35036180e82079256c785a420244aa95c8bc038a2e9c9e986d0d8484fcebf99ecab482881c0a9beef5626fb9186189cdbb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
c98a41fc7f37f3af8933d310e482b3b5

SHA1
ce694fa47961640136933c177439db346d8a9948

SHA256
9055b3dd9f239848e305911eb1aa0fc28d8a345aba6ba961cae38673b03cf410

SHA512
340601068be8eb0732a856d14b5a3803df6cd38a5d61bfc4667b87fc580b2e78dfed860af1b6d14992da123e1a0d1eacfdff15415ca28ade274cff355c687cda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1

Filesize
264KB

MD5
b66adc8a8ffa1969c2db43ddbd7fccb5

SHA1
40b32b00c358935ae6012d1edaf5ed1c0237a3ea

SHA256
3ad7089b1355d95accb8b75e571eca0638d9068802db39de3bcc01f34b120dc0

SHA512
10ffa756d81c8a800ce327e1e03ac70fea1ac47f498ebfaf30d07d9834e393959ab9c025d3439bf1e589c0a99d88e680876237ca3a8b849182662d67e85b3d71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.1.17.1\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
d554d5e67dd831d6c446c8e8a8546787

SHA1
95ad660eed291fa93d161c1408918aad2feded24

SHA256
e91353ec8fe802e241fac51ac0a4f1ed749f043eee49f82ad51fb7ea0e887849

SHA512
426ca9de078411ae4027d75b1cf51906fa07de820a991c2eb20438db130c59aa0e4329d586191043ec4aef1945cb8917c40b090f2a539a7587ed6613f3f0a4f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\8b0d4544beb97a69dbb9583fca5575a9aba6e37d.tbres

Filesize
2KB

MD5
1e571aed41b1b9c683f90b5022583a30

SHA1
73cfe0ce0f7c3e3cf9225a73d3a09f0e65ee4dec

SHA256
06a448dc24874f79ad310b205673e7078f7fe8453f25de79c2313ec9c2b39e60

SHA512
1e3fdb76edcb397dceb0521a7a7381c27e46db782bbca80160c63d53d3240e64408a7f0505bba9c1ee15cf154c8589dd855cd1cb212801b556ce32094074f72d

Download Submit
C:\Users\Admin\AppData\Local\Temp\cv_debug.log

Filesize
2KB

MD5
de17283e8433bfecde90168ce5f9b482

SHA1
9fd25fdb7fb45817ad4063d7c47895a597072a50

SHA256
876a3be2b7bf875a75f45f7928b27ad53eb4ea736140a1d539f7aa2a94056f46

SHA512
bc343518b1ece0c4cae14866287b40b4e9fa5f6fbbe9ee535151268f7c6e5ffa5c005bae1e0eed145c2f11cac4d2c1b2c24b3de00d262571c2c9ed7daa71e014

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2304_783759057\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2304_783759057\CRX_INSTALL\_locales\en_US\messages.json

Filesize
1KB

MD5
64eaeb92cb15bf128429c2354ef22977

SHA1
45ec549acaa1fda7c664d3906835ced6295ee752

SHA256
4f70eca8e28541855a11ec7a4e6b3bc6dd16c672ff9b596ecfb7715bb3b5898c

SHA512
f63ee02159812146eee84c4eb2034edfc2858a287119cc34a8b38c309c1b98953e14ca1ca6304d6b32b715754b15ba1b3aa4b46976631b5944d50581b2f49def

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2304_783759057\CRX_INSTALL\manifest.json

Filesize
1KB

MD5
2a738ca67be8dd698c70974c9d4bb21b

SHA1
45a4086c876d276954ffce187af2ebe3dc667b5f

SHA256
b08d566a5705247ddc9abf5e970fc93034970b02cf4cb3d5ccc90e1a1f8c816e

SHA512
f72b9190f9f2b1acc52f7fbb920d48797a96e62dfc0659c418edbbc0299dccf1931f6c508b86c940b976016745b9877f88f2ee081d3e3d5dcdcc2cc7e7884492

Download Submit
C:\Users\Admin\Desktop\20ca1f8c5fcf963fbbb10b527d041847.vir

Filesize
252KB

MD5
20ca1f8c5fcf963fbbb10b527d041847

SHA1
e6444518f375bc8d874d221d7f5661e80f740662

SHA256
393ecb019a145a62b32efee66c6086943945e869f848b42d4c72f4a0d3fe3ba3

SHA512
a0a78c8ef3793fb631ca3da1cbd49f517c360301d07db352228ceb30458db520402bda28784ebf6371592743f16e3dcf5034997c01806ff71b7b6bbef58d93a6

Download Submit
C:\Users\Admin\Desktop\2a6db6ab86ab610982ba517dfcc73d91.vir

Filesize
420KB

MD5
2a6db6ab86ab610982ba517dfcc73d91

SHA1
06969d60c0c153f4a4cfcd32417d02498948c019

SHA256
88384f143df60d5ae4a2fcee570d867754c292efd96f2bb90581e8af7ac6bb58

SHA512
09fa8e1ab24953595a26f4c9575265b8b953a9492145d75f0a3a09e4e62210ff65dd30f02335f4111e27d523368a7a8f5f24ddfeec8e8b1bed77020dc3798651

Download Submit
C:\Users\Admin\Desktop\2ab252c9b35bb25faabb4312f5df87ec.vir

Filesize
156KB

MD5
2ab252c9b35bb25faabb4312f5df87ec

SHA1
b6e17906d46b5c72f20851d665bff0bd3e7a89b2

SHA256
ef488003dd1a25457db9362cdd4b0747e441f7e8da37053b0318a0e205f575f0

SHA512
7dfc7b04d63489718eda236faaf65fbdeac0b76777ba2316e7526d973c605117b543629a260172b7b801b995bd9a6ee7bd1bc1ed709f000181dd4a2445dd2d7c

Download Submit
C:\Users\Admin\Desktop\558b05e59b333aef5224e1da7d03f2e9.vir

Filesize
120KB

MD5
558b05e59b333aef5224e1da7d03f2e9

SHA1
d68e616cbf0b22680de34c4d3615cbfc866176bc

SHA256
55120454e6afa0416c07b905d38434768542cd93b36279bcdbc0a894854b7d11

SHA512
5ccffff98ac76452c802ff92cd566fff0ede3312ab2fcf5e379906c20412c56d4f6a5be71c2bf9f2cec90ec718fcef3bdfc321e6b969e556692c5f3b2d1d3fa9

Download Submit
C:\Users\Admin\Desktop\6567ee3c90682ce956df2af88ac6d0d0.vir

Filesize
61KB

MD5
6567ee3c90682ce956df2af88ac6d0d0

SHA1
b907e266b4af7cdd5fe96488cc365fc4e41e31f6

SHA256
63bc229bdc039252c49a63b31d8c3a73542535c51153e408de55c8490a3ce24d

SHA512
23fa8de59c14c2abeedf6ba16dbcb15bc0f1a065335bdb57fe8cd42005197c5cba748af3ebea39f61c74583c45479d88895b93e797145af8a3de5a8e93929acf

Download Submit
C:\Users\Admin\Desktop\6fdb9a5243232703b13cadc5cccfa253.vir

Filesize
288KB

MD5
6fdb9a5243232703b13cadc5cccfa253

SHA1
694d077a54a46daee4880633a38e0804fca88060

SHA256
16f97b141fcce54f677ab3c97901059705244b5e09f5c353b3ae99bfd9c8aa45

SHA512
929df3212c7e7222008e8e944e5a778582aa09c18e0afbaf4fa45bfda617dfa0d8a9a9381c4ab0ae7b7c75168b295483930326e0a7ffe2e3fb7957dab4a05e67

Download Submit
C:\Users\Admin\Desktop\8b71967467522258a92a8d5dd734d565.vir

Filesize
120KB

MD5
8b71967467522258a92a8d5dd734d565

SHA1
5b40b3789f5fd3ba26493fd7a6b4c46848941914

SHA256
ee9a580245ff7bf4465b122a2bc3ef9c731daeb06897ea34579c009bc9fe988b

SHA512
81d669c56464d2c3c302360bbeafa5a7443e20c3cd4dfb80cc3cd28b736434d2b66789bed02571c4ff62a91e82bc811edf38202a4f3fa135e5075550d2035450

Download Submit
C:\Users\Admin\Desktop\8d1d6e7c36bc9c97338a71c862dc52a0.vir

Filesize
153KB

MD5
8d1d6e7c36bc9c97338a71c862dc52a0

SHA1
ea0cd6c2983a4fda97302cf338b3fbac20a3cc1e

SHA256
636f404892310f7f7cbffd013d5ebd5895b309af2b0bb18814e52c5548e4d4a6

SHA512
fe89091867ddfb2e9b8a94edaf5c5d56d61fffa5dd9f604013ebfd19498625d5d0a8c7db0ae4c215bbe00c2c6682a90137abc91de24c89d16dbcd0f961194923

Download Submit
C:\Users\Admin\Desktop\8e300a75d4dc0bb5ad7ca16f3b982c4d.vir

Filesize
1.5MB

MD5
8e300a75d4dc0bb5ad7ca16f3b982c4d

SHA1
acb3a0014a41c7002507281fa203051c2bfd6df7

SHA256
0e6b7297e0d268689c958889a39733a7367e6836eadd82c475f577f26b64d7de

SHA512
f0f5b84911bf027b2af783d10b23e2711a43fa7492dc7058d0a64bc109f06ed5f4f32c82bea73861c3786956783c7bd73cff5d1c359729a1a672dbb5312c725b

Download Submit
C:\Users\Admin\Desktop\a99c10cb9713770b9e7dda376cddee3a.vir

Filesize
611KB

MD5
a99c10cb9713770b9e7dda376cddee3a

SHA1
1f1dd4d74eba8949fb1d2316c13f77b3ffa96f98

SHA256
92a260d856e00056469fb26f5305a37f6ab443d735d1476281b053b10b3c4f86

SHA512
1d410a7259469a16a1599fb28cb7cd82813270a112055e4fbe28327735a2968affbfdcba0a2001d504919e5ef3b271f40c45da6291be9c5f97c278418b241b79

Download Submit
C:\Users\Admin\Desktop\cdb1365059c0e4973843dc0d0955bfbc.vir

Filesize
3.0MB

MD5
cdb1365059c0e4973843dc0d0955bfbc

SHA1
eaa991e3a9c57302f31ac5faba09d7f00f65c8b6

SHA256
1a880b81f53f4c162e7c90d098c185da9cc936988f0ea4fdb278c661d68f9996

SHA512
17d136b87efde90b50daccb84bd85dd09706af14ee5a2a963655ec2df06aa3173915ccb479010098061dbf079c716197d6a311eff3b0c722daf46c00295af4eb

Download Submit
C:\Users\Admin\Desktop\d11cb523b9e2dcedff41c5346a48cc1f.vir

Filesize
180KB

MD5
d11cb523b9e2dcedff41c5346a48cc1f

SHA1
ed5458e2e82effe7c2eef1123956e108ed71c4e1

SHA256
7b86c29435cd174c8ac5bd80e5b77206d0fb7f95774e85ff407e644e0f46fae3

SHA512
28a4e41a729cef7f16a82595e9c69b70c0836a44c66b7381facb904a2845f403a53b39e1ed76ccaef6571eed029f158c343486f2f16b6b1103623efadcd852ed

Download Submit
C:\Users\Admin\Desktop\d1955d1092f0615321bc60e5abd0d8cd.vir

Filesize
2.6MB

MD5
d1955d1092f0615321bc60e5abd0d8cd

SHA1
7e6d20b24d216628f0e7f81015a4f518af075575

SHA256
e1c0d8c1dddbf7cab773d14a60e8e342456a7c80f4b8cc7630927824506819a0

SHA512
cbf7c61868f9a97bc2aa2dc3b72f0227024e7bbf1d0e0c6f899408e6e7fd9202912c817a32bb6d917f1caa27be7c1749eb4681f91edefcfe41a31ed87fc57b14

Download Submit
C:\Users\Admin\Desktop\d872770d3857a675142f706098e45fe8.vir

Filesize
1.0MB

MD5
d872770d3857a675142f706098e45fe8

SHA1
22ac9e35784e8804a1631556bbfca4801a92b322

SHA256
4f5ad84afbc4c814cac687912c528bbb0b6b926f94a0d7352fdd72c503bb6c61

SHA512
3c55158a2fcf92e20d2498c76c12ae887380b6b6293a83992e5c60e5df2c140b06b45c2f367de79fa961e5cfc8f46ed2c472d70c6fc0c5eb26263dfa7b11ab75

Download Submit
C:\Users\Admin\Desktop\d9985f2669dadd11b529f6492198bde0.vir

Filesize
2.8MB

MD5
d9985f2669dadd11b529f6492198bde0

SHA1
401cde3ac2615da2ac121a297a79877e133ceacd

SHA256
227471b4cc68a25874e21e585bdcdf4e42905a291f293f8c549499df0a6cda56

SHA512
a2b53bcb111f326e5475013a0b5babfb95e2edbecabd7bd8120618cbb74a14172e39e5d0db2af6fc6776ec25992fc36634485c177a4f40ae84ec5a2d622c5c84

Download Submit
C:\Users\Admin\Desktop\dad3b507b3519774672e6221a254f560.vir

Filesize
138KB

MD5
dad3b507b3519774672e6221a254f560

SHA1
6a7715c7615db96a73d41f32d0298a476c54d46c

SHA256
64fe980df1cb38cdd29a1d27b70719241b3052281795fd1654638ff47e37aa27

SHA512
85691b29b64b985d0e55872e52e6de7069a9f60b9f4ff1a7795c90290ae9bf06c9379dc857685041635ebbef50ac5e3160cd74ca2bde49037d5e92ee1a198264

Download Submit
C:\Users\Admin\Desktop\deace9a9a08bd89616a9cc3ca1bac700.vir

Filesize
745KB

MD5
deace9a9a08bd89616a9cc3ca1bac700

SHA1
3ed1cf370a297fb653a8331ad370ba6f9f8c919c

SHA256
29a0b87b8495891215d3f7f2d9a7299ff5ad1c78aeecd078a4ee22c67abca3a5

SHA512
695612512c2e6eefe24610cd1f7271e79a4173d8a0046da14a5f90b847717b468211f4ef0bbf361fea954ff1491afc42ebe71f64d54fb269a3bbd7210f2fb30c

Download Submit
C:\Users\Admin\Desktop\f77f8f2151012a32813ed0181c205882.vir

Filesize
560KB

MD5
f77f8f2151012a32813ed0181c205882

SHA1
6d652b36b38fc352060050f2608975749aae32b5

SHA256
dbd4052fc52d018d93db9ace8d02f3642320305677e070516fdcbf7effa34d82

SHA512
feec9974d0f5f3dc927d22b075d3dc7a3f7d33ef24d111be7d428a287dc3d604f14714a81144eb8ade7677d68a79c474083c2838e2c7735132dafdf4face5581

Download Submit
C:\Users\Admin\Desktop\f9d77633d4548da678bd382fb41d33c7.vir

Filesize
484KB

MD5
f9d77633d4548da678bd382fb41d33c7

SHA1
18da4ee8292d3c3ef91a27ea3812802ab91a001a

SHA256
736e213b45a7a12511b3a7ce3aba2510996802ab14ede208817e85eb38e14f1b

SHA512
f8f965383b7e706ccbc959ecdc6365abc6a415c560b0e8bd9dd913b4e53116565779d89ea9f079775aae434d0682399b104bc3beb99962bc9ea05470a215dfa3

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 801495.crdownload

Filesize
1.6MB

MD5
6c73cc4c494be8f4e680de1a20262c8a

SHA1
28b53835fe92c3fa6e0c422fc3b17c6bc1cb27e0

SHA256
bdd1a33de78618d16ee4ce148b849932c05d0015491c34887846d431d29f308e

SHA512
2e8b746c51132f933cc526db661c2cb8cee889f390e3ce19dabbad1a2e6e13bed7a60f08809282df8d43c1c528a8ce7ce28e9e39fea8c16fd3fcda5604ae0c85

Download Submit
C:\Users\Admin\Videos\Captures\desktop.ini

Filesize
190B

MD5
b0d27eaec71f1cd73b015f5ceeb15f9d

SHA1
62264f8b5c2f5034a1e4143df6e8c787165fbc2f

SHA256
86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

SHA512
7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

Download Submit