093d3e7fb8f15b06d779252a8691f7c5a42beae493ca81965bed50e5f326e869

Resubmissions

20/02/2024, 02:49

240220-da4exahg3v 7

20/02/2024, 02:28

240220-cx45aaaa86 7

20/02/2024, 02:23

240220-ct65gaaa46 4

Analysis

max time kernel
1200s
max time network
1186s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
20/02/2024, 02:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

rp-6
Size

157KB
MD5

69c7f8a0813c792faa53653f3a57ae4d
SHA1

1b9fa85951b857e7f887a62f38688ecf7ed98c68
SHA256

093d3e7fb8f15b06d779252a8691f7c5a42beae493ca81965bed50e5f326e869
SHA512

784948a0a2f7f1e1db9cd1bafec11ec68a56c2d34a15d58b0d5bd240a96fcaa18092e31c303f268851e654fcbeb2b0388b7aab98fd6533282c98455a26ab76f4
SSDEEP

3072:DwfpYYmMByc1zge3ZBOjS+rkPSfgIsqJnZEjc0Xz99DuqJTm2f62NVSgE29xxspa:oDuqJpffNVSgE29xxspm0n1vuz3U9Iv5

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133528708453566814"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-768304381-2824894965-3840216961-1000\{C0CFEB46-CFA5-4A3E-9943-E9B582DF82D3}	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
3320	msedge.exe
3320	msedge.exe
452	msedge.exe
452	msedge.exe
972	identity_helper.exe
972	identity_helper.exe
2944	msedge.exe
2944	msedge.exe
2412	msedge.exe
2412	msedge.exe
2412	msedge.exe
2412	msedge.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 29 IoCs

pid	Process
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
452	msedge.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 452 wrote to memory of 1628	452	msedge.exe	99
PID 452 wrote to memory of 1628	452	msedge.exe	99
PID 452 wrote to memory of 4668	452	msedge.exe	100
PID 452 wrote to memory of 4668	452	msedge.exe	100
PID 452 wrote to memory of 4668	452	msedge.exe	100
PID 452 wrote to memory of 4668	452	msedge.exe	100
PID 452 wrote to memory of 4668	452	msedge.exe	100
PID 452 wrote to memory of 4668	452	msedge.exe	100
PID 452 wrote to memory of 4668	452	msedge.exe	100
PID 452 wrote to memory of 4668	452	msedge.exe	100
PID 452 wrote to memory of 4668	452	msedge.exe	100
PID 452 wrote to memory of 4668	452	msedge.exe	100
PID 452 wrote to memory of 4668	452	msedge.exe	100
PID 452 wrote to memory of 4668	452	msedge.exe	100
PID 452 wrote to memory of 4668	452	msedge.exe	100
PID 452 wrote to memory of 4668	452	msedge.exe	100
PID 452 wrote to memory of 4668	452	msedge.exe	100
PID 452 wrote to memory of 4668	452	msedge.exe	100
PID 452 wrote to memory of 4668	452	msedge.exe	100
PID 452 wrote to memory of 4668	452	msedge.exe	100
PID 452 wrote to memory of 4668	452	msedge.exe	100
PID 452 wrote to memory of 4668	452	msedge.exe	100
PID 452 wrote to memory of 4668	452	msedge.exe	100
PID 452 wrote to memory of 4668	452	msedge.exe	100
PID 452 wrote to memory of 4668	452	msedge.exe	100
PID 452 wrote to memory of 4668	452	msedge.exe	100
PID 452 wrote to memory of 4668	452	msedge.exe	100
PID 452 wrote to memory of 4668	452	msedge.exe	100
PID 452 wrote to memory of 4668	452	msedge.exe	100
PID 452 wrote to memory of 4668	452	msedge.exe	100
PID 452 wrote to memory of 4668	452	msedge.exe	100
PID 452 wrote to memory of 4668	452	msedge.exe	100
PID 452 wrote to memory of 4668	452	msedge.exe	100
PID 452 wrote to memory of 4668	452	msedge.exe	100
PID 452 wrote to memory of 4668	452	msedge.exe	100
PID 452 wrote to memory of 4668	452	msedge.exe	100
PID 452 wrote to memory of 4668	452	msedge.exe	100
PID 452 wrote to memory of 4668	452	msedge.exe	100
PID 452 wrote to memory of 4668	452	msedge.exe	100
PID 452 wrote to memory of 4668	452	msedge.exe	100
PID 452 wrote to memory of 4668	452	msedge.exe	100
PID 452 wrote to memory of 4668	452	msedge.exe	100
PID 452 wrote to memory of 3320	452	msedge.exe	101
PID 452 wrote to memory of 3320	452	msedge.exe	101
PID 452 wrote to memory of 4804	452	msedge.exe	102
PID 452 wrote to memory of 4804	452	msedge.exe	102
PID 452 wrote to memory of 4804	452	msedge.exe	102
PID 452 wrote to memory of 4804	452	msedge.exe	102
PID 452 wrote to memory of 4804	452	msedge.exe	102
PID 452 wrote to memory of 4804	452	msedge.exe	102
PID 452 wrote to memory of 4804	452	msedge.exe	102
PID 452 wrote to memory of 4804	452	msedge.exe	102
PID 452 wrote to memory of 4804	452	msedge.exe	102
PID 452 wrote to memory of 4804	452	msedge.exe	102
PID 452 wrote to memory of 4804	452	msedge.exe	102
PID 452 wrote to memory of 4804	452	msedge.exe	102
PID 452 wrote to memory of 4804	452	msedge.exe	102
PID 452 wrote to memory of 4804	452	msedge.exe	102
PID 452 wrote to memory of 4804	452	msedge.exe	102
PID 452 wrote to memory of 4804	452	msedge.exe	102
PID 452 wrote to memory of 4804	452	msedge.exe	102
PID 452 wrote to memory of 4804	452	msedge.exe	102
PID 452 wrote to memory of 4804	452	msedge.exe	102
PID 452 wrote to memory of 4804	452	msedge.exe	102

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\rp-6
1⤵
PID:3152

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffef86b46f8,0x7ffef86b4708,0x7ffef86b4718
  2⤵
  PID:1628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,17421106566665967915,17984429617267196519,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,17421106566665967915,17984429617267196519,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,17421106566665967915,17984429617267196519,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
  2⤵
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17421106566665967915,17984429617267196519,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17421106566665967915,17984429617267196519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:2096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17421106566665967915,17984429617267196519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4332 /prefetch:1
  2⤵
  PID:1188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17421106566665967915,17984429617267196519,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,17421106566665967915,17984429617267196519,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3536 /prefetch:8
  2⤵
  PID:1176
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,17421106566665967915,17984429617267196519,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3536 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17421106566665967915,17984429617267196519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
  2⤵
  PID:1124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17421106566665967915,17984429617267196519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:3796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2052,17421106566665967915,17984429617267196519,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5296 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2052,17421106566665967915,17984429617267196519,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5412 /prefetch:8
  2⤵
  PID:1360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17421106566665967915,17984429617267196519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17421106566665967915,17984429617267196519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17421106566665967915,17984429617267196519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17421106566665967915,17984429617267196519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
  2⤵
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17421106566665967915,17984429617267196519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
  2⤵
  PID:2852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17421106566665967915,17984429617267196519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:1
  2⤵
  PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17421106566665967915,17984429617267196519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6572 /prefetch:1
  2⤵
  PID:1044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17421106566665967915,17984429617267196519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6508 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17421106566665967915,17984429617267196519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7000 /prefetch:1
  2⤵
  PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17421106566665967915,17984429617267196519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:3640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17421106566665967915,17984429617267196519,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6888 /prefetch:1
  2⤵
  PID:4248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17421106566665967915,17984429617267196519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6588 /prefetch:1
  2⤵
  PID:1076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17421106566665967915,17984429617267196519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6784 /prefetch:1
  2⤵
  PID:2852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17421106566665967915,17984429617267196519,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1
  2⤵
  PID:2544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17421106566665967915,17984429617267196519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1960 /prefetch:1
  2⤵
  PID:3016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17421106566665967915,17984429617267196519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
  2⤵
  PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17421106566665967915,17984429617267196519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7492 /prefetch:1
  2⤵
  PID:2884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,17421106566665967915,17984429617267196519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7604 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,17421106566665967915,17984429617267196519,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7952 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2412

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4956

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4248

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffef84c9758,0x7ffef84c9768,0x7ffef84c9778
  2⤵
  PID:1556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 --field-trial-handle=1888,i,4527705141008055423,7474588990342213457,131072 /prefetch:2
  2⤵
  PID:3492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2252 --field-trial-handle=1888,i,4527705141008055423,7474588990342213457,131072 /prefetch:8
  2⤵
  PID:3396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1888,i,4527705141008055423,7474588990342213457,131072 /prefetch:8
  2⤵
  PID:1636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3032 --field-trial-handle=1888,i,4527705141008055423,7474588990342213457,131072 /prefetch:1
  2⤵
  PID:1848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3024 --field-trial-handle=1888,i,4527705141008055423,7474588990342213457,131072 /prefetch:1
  2⤵
  PID:1460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4652 --field-trial-handle=1888,i,4527705141008055423,7474588990342213457,131072 /prefetch:1
  2⤵
  PID:2524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 --field-trial-handle=1888,i,4527705141008055423,7474588990342213457,131072 /prefetch:8
  2⤵
  PID:2848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 --field-trial-handle=1888,i,4527705141008055423,7474588990342213457,131072 /prefetch:8
  2⤵
  PID:1912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5140 --field-trial-handle=1888,i,4527705141008055423,7474588990342213457,131072 /prefetch:8
  2⤵
  PID:3100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5380 --field-trial-handle=1888,i,4527705141008055423,7474588990342213457,131072 /prefetch:1
  2⤵
  PID:3304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3316 --field-trial-handle=1888,i,4527705141008055423,7474588990342213457,131072 /prefetch:8
  2⤵
  PID:4948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 --field-trial-handle=1888,i,4527705141008055423,7474588990342213457,131072 /prefetch:8
  2⤵
  PID:4640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=1060 --field-trial-handle=1888,i,4527705141008055423,7474588990342213457,131072 /prefetch:1
  2⤵
  PID:4900

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4672

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
194KB

MD5
ac84f1282f8542dee07f8a1af421f2a7

SHA1
261885284826281a99ff982428a765be30de9029

SHA256
193b8f571f3fd65b98dc39601431ff6e91ade5f90ee7790bfc1fba8f7580a4b0

SHA512
9f4f58ab43ddadad903cea3454d79b99a750f05e4d850de5f25371d5bec16fc312015a875b8f418154f1124c400ae1c82e2efd862870cd35c3f0961426c8cd82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
3d03cca4a103617fed7b80e5d70631ae

SHA1
89a022d0fb5811cd343cbfd159d5d40062227c1d

SHA256
29b13a593aa828fa22506702f1d32c5eab481dfa81740725be190b37355bd1c2

SHA512
e6a794157be6b88d91f427a504238214b8165e33110ad5c78df52df2e6bf66394732719d175c363b0d6cb65b190c49759e6cd4e6f762274a5c8be63dc2d7ecc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
c37d16dfac3d59ee304b7b275b048a7f

SHA1
a06e22bdb9e87c92dd2fa1ffa31744a148ca8e11

SHA256
a1359dbfa5399f8bc9387d9bee66786c58656905884ab86b57d636fde6ea712e

SHA512
a78024ad212adeb917a7a5559307c8c6d80aed6f88089ba3e66a567e242e6b4bfe2bcd434e23fa84f4d966c4d8c56c42eff2fe32b580885abd9764119c3139fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
455088abc93ce6390b5cd3633a98703d

SHA1
0f558af272431d13db018aed54ec3c138ece8909

SHA256
bd2163a3afb6677c5bc46f54a3807b719c407d418ce80e66dc381835235f7638

SHA512
b6f908a72eea28fdf47c6f9a6e150c56d165e8f82047497763c940083822fb7023a59f41dad0c7ef0cca36e678f724a26119d27dfa1c6712d34fd2c7497c4b8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
4ed6439c79b958dd8e65eadde6072ac0

SHA1
a5058eb91c32b60224e10abe068729dcf9e19436

SHA256
3d28bbbc1dfc2b1626be3b966f42e56fecc903ec5d718c36569c40aef4c23631

SHA512
4f13d76ef032c7ce611580c1c4920f0eb8e6897ba51719fd060ba72858e02032d0b675c05edbe31820b88c1f29ef8f3d0275d1c138457a87fc618f20a0436c3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
ed28cb57f1801de8d91f1e7c2c48a138

SHA1
ee70a78912f46847bc37772a6650b3447e09bfe1

SHA256
5173e62f39549c3488b6fda544f1a83bd5f532344c41f209d5206ce2595fd187

SHA512
1ce466c84f1dd72bc0adab298a241af6a808509fedf8101423ac39f0068328d1b7361b7c73274c2f5ceabbfa36115278b49255d7d588a1c8eb76c150db2cb9fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
c19c772835902b86c0207a49892c460c

SHA1
5fb09602bd04bf5af7d370a39893eeb8c5514779

SHA256
159e69b9339eaa47df516d6a4850a1aec34a28e4567a626c76fa195b34b7595d

SHA512
c058390cb26481de721f6df918b74bcc955f509bfa46c0ea08dabcf06abac5f4e53ad43723d0c7a41ecac51c73b80f42d961b359a373e1c1816e34ab038ba850

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a4c320a5851e4639c367e68b7c38031f

SHA1
8f04ae2e9789aee288e95a8433135e74d0a613f5

SHA256
64d7afa78d9415bd9a72a2777219022b4c0b26e53db867a88625ca39ae1eed25

SHA512
d68e84a4e8f0f01c47d0d41fbe7ba06b7be1713427a1493362dabe0febdee0479c126238b58f75e33f6d0c5825cdad9cbf3299bd2dd690aadf4b1b9e3a45989e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1042ecaaf07a52b5222134ad745becbf

SHA1
c9da533bd5bf1b937609a26244b2961ee83dd06f

SHA256
171e072822062065c7cbea8730c878e3350b90d87b3c2189bd6da700abe249ff

SHA512
8f44534f3390acab68c8b8fd6ffd1ba0c8abdd7ae3b564fc7af1bd811fc87cc40940d59db67bb4f14c34af151962163c02d8eb30d938b196344aa9fd43a56441

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a124135649a2c1117710d16fe2331654

SHA1
587e9827e11e0e2033ffaf485906f688eb502003

SHA256
ae7c4a7eefa9f90c40d32151bf7143828b94d46a8e5798c8184639cfc7c3d7d9

SHA512
c38f4647a98428ca4a1eb9d2d78aab2fd56d4a4db2f6c4f5ae34348e45b42ac708c9ee2fd95fd3d2df618978485a72cf0ab2d79c0dc41290647b4d1189b6d9a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
f0e0d36fd9670a1b8a241a441c034c52

SHA1
9e941f044dd9dba846576ed1708cd2e3216c10c8

SHA256
f29c297ca4d9766426205aa5dde3e327efc1a131bba86aef10979342c7c77d2c

SHA512
7aa121862b67803365db545184160de97a9281bd2c496bb5472f65902675a750485401988386b7b080a57c0fc99299ca98e0bf901cbb8bcece449be95252b55f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
042e87cb2a2731f09d6e2bbafb62094c

SHA1
4a17b2ffeec9de88cc919d5cc9787f136464d578

SHA256
98fec424e15aec4f51c6da1d2e34193fb9869ab1a629b615c80b22dc8ef0fe95

SHA512
29309e4ff79bd9710392237f5735e181a72a1a5afcd7377338bd57580c5d5ef9776f76419034149392becbc79dccd83897f5450e3780affdc8ca25d952cf65fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
62de350b4073f128bc03cfcd8fe0427a

SHA1
e400e1037e51094baf4510775faa28c2fe678d2a

SHA256
91d2adfce0fcb4c72be035d492dc13240571a2902d4c3c1a0a1136b3685f7d7c

SHA512
22eaf5a22131cc6a9cd70dc22a6e1d46a40e5d59cab8623a9d1386b60b114632d557554f58f8425d7618f30f28de1482110fd492d393686e832903586b2f217c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
242KB

MD5
07683430675b5b4ab9185d4002a4d318

SHA1
1e14e0ff36aa00ad9b859ea5f85c2e35082a7e1f

SHA256
c58463624d593f180f85606b58686e9ea32f88d1dce289452affb57629339508

SHA512
7674f820fdab52d29d52a5418f95130b5beccd90ccc8164f29c0fd6e4fdcb91251f3b39b137052c416b693cc94eefc44f26215edff2af0a26c79f770b26d09ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
115KB

MD5
47354fadde3299c905f0f8b895aca33a

SHA1
f91e64bbdb80385cbcc1022078d4ec6161c7e6bc

SHA256
f2d1fdf3a8606e2a574e8e54f79ad736c9fec9fddb558bebaf977410eeefa713

SHA512
0456c6b7d5c955052a7a0821fc32cf3a9d66056304d1c8c287b62026ebe61b85158d109f02b0e428b6dc5696fa84074b854e290ed9432170f39490b424cf191c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
242KB

MD5
b68515b1174022ca9f45b31273488a3d

SHA1
f40834b9707b2665e121119bac5a5d62ce8c5e66

SHA256
eadf776dfc1ca9e27e63c025c05366833b35beb430189abc5dcbdf400c83c3de

SHA512
cac65dfa75b79f753264b1b1455d0dbfa91c01ab037fa274bf494403d2b12397fb2b711e5a85a2226c26a39d776d79d84fb328b31c3404f7b602bdf7204207bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
261KB

MD5
4654112e45cd08769f6dbeefad58e8ce

SHA1
ece760e467acee523528ddda44dd7080eb638422

SHA256
230870995bded447ca84cf0fa1c0de89b2e409396587ce05205551cc8a256e6e

SHA512
07bf33331d4c85194a093c7ee12a3d8e06c572a84a1efaa5bf6c6427d238265c4b797b6b2bb54bfb24c85e511b90aefcab7a8aa17feba669eddea653120f959d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5e77545b7e1c504b2f5ce7c5cc2ce1fe

SHA1
d81a6af13cf31fa410b85471e4509124ebeaff7e

SHA256
cbb617cd6cde793f367df016b200d35ce3c521ab901bbcb52928576bb180bc11

SHA512
cbc65c61334a8b18ece79acdb30a4af80aa9448c3edc3902b00eb48fd5038bf6013d1f3f6436c1bcb637e78c485ae8e352839ca3c9ddf7e45b3b82d23b0e6e37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3b76fb1f-42a4-4d49-a5c5-f529d4aa08ff.tmp

Filesize
4KB

MD5
41437ac836b5569a71607acce35fc0d0

SHA1
14d2296be1da674f7241bd5d36535256c03c2310

SHA256
15e384e9d0f2db071d7f54a26ea78c58a24b1ec7e9183a421c49a01d0e50aa53

SHA512
416007cfbe8810dceb0c81611d95e5235ab895a82d9305f7679f41dd33513f626ef98ad3b9a686f4cfa03738aa8510815a79d715ba44dce2aff843525c0ff6fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
29KB

MD5
df217f862f4073ce4585999df73a53fd

SHA1
8f39eb965e90eee20c2e94f547acf0db9aec24ae

SHA256
dfc2a82c870fd4c1a5b67929c316aebf1bfe0e8fdb90d64158a111feeae9c0e3

SHA512
f52da493abb8eeae24642e958cfa6ecf50101cdb0038ca7b952a19f0df0531e44828e4d2b9e365fd08a73a3f78009fd76af37a1ae58b8ec526720356c2767738

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
69KB

MD5
a127a49f49671771565e01d883a5e4fa

SHA1
09ec098e238b34c09406628c6bee1b81472fc003

SHA256
3f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6

SHA512
61b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
1.1MB

MD5
eeb2da3dfe4dbfa17c25b4eb9319f982

SHA1
30a738a3f477b3655645873a98838424fabc8e21

SHA256
fbfee0384218b2d1ec02a67a3406c0f02194d5ce42471945fbaed8d03eaf13f3

SHA512
d014c72b432231b5253947d78b280c50eac93ab89a616db2e25ead807cab79d4cb88ffe49a2337efb9624f98e0d63b4834ab96f0d940654fc000868a845084fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
23KB

MD5
bc4836b104a72b46dcfc30b7164850f8

SHA1
390981a02ebaac911f5119d0fbca40838387b005

SHA256
0e0b0894faf2fc17d516cb2de5955e1f3ae4d5a8f149a5ab43c4e4c367a85929

SHA512
e96421dd2903edea7745971364f8913c2d6754138f516e97c758556a2c6a276ba198cdfa86eb26fe24a39259faff073d47ef995a82667fa7dee7b84f1c76c2b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
100KB

MD5
12650fe472a6d50808e1cb7af2038ef2

SHA1
9c4e646ebd9a5efd0ddeab54e5d9a7ff99d2589b

SHA256
6149ed6592052a3dd8a22bbd477409a2bd9f5075a6e20bd499ad9034ca4220bd

SHA512
5be044ca7c5b3cdd20f09830da999220dcc543175ea78255c5127ed033dcffa516a9c690164cf2a2d5702ad975f75163411d544854b5ad77fc018400b20ff2a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
706KB

MD5
6561f4dcb5d0fddc3733ef1628e2bcc5

SHA1
596612179fe1509cd803d4ab9cce142910718e02

SHA256
08157d495ca6ca90a556df77ac272c7c4f4d7bf9871c3516ed5fb4c89d46cac9

SHA512
5b13203f693dcab9c86aedcae55d3cbf802f1574492c61bca553a7f4da85e2323e6127e4c66584497a18513b14907839bb516c49b43ad6c6a548f50017374036

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
2b164d52512fa6c197986134a34333d1

SHA1
b4eac10a0e013ac4484ff6dd37c4c25fff20bcca

SHA256
4dd0d36e6e5dc0da355fc853aabc3447852849246e393530c5a209ea358808f5

SHA512
7a807258993abc697b9ccee15a984b0e10280b571c18b1f51eaa3fbbc252b12b7100f0766bbf6f5b94a4d647eebce32b7888e9121d67f941008e610b1bd4c935

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
e13938e774bfae2e2a22850a2f4d74d6

SHA1
5cc4855ed34d879a74a86a1ad0fddbc2bec8a08e

SHA256
373862ad56f6e30e429cbb0ebec4ac10697dbcb046c880a6e7bf954aed87b7d2

SHA512
65c8fcfc41b282b414bcd007ccf8efc72ff205213fb359ad590636f77637d236aa8e0b3ea7bce83ebf96548a2b9e3ca31439fc80b7f66073a421ca9b5ae57d3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
c04c58320d1f2912d9aaed1475af5c25

SHA1
db36d414376a59663d0571c84301c644fb780036

SHA256
64a7e0da1a869ae5523dd9d2ab4ce715944925879af0a92154472b1a12f47698

SHA512
05f6e5a9deff4d4366dac5ae9ee12bd5791ff9647869856837146e125190417b0f0bd0608e4d7e243f0220eb7da834fb9bbac8262a9dd6b5de660730996c00a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
d95f15dfb0ab5f1592aa33cc243b21ae

SHA1
eda36307f66ba27dda566ca584c3e586510f8572

SHA256
349caa7720861ea5d76538a356391bd47a8643ab15fd08f06c4a9c46d38abf88

SHA512
a8aa01179ab924c79a47bb4fc3493ccfc66d266191ee34a5ec9a8a0c5f23242376c73f1aed576d172081522e9c0de6410ae716e5648174d2c1b4b46fcd7f46a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e2a1e97ce7a638530a9e1a2d9ddaa7fc

SHA1
47cef6fe53bee9a201f834ee52e91bcc2b7e3980

SHA256
afeb9e13c3669c4bf464e3aeb9fb8e1639c4e0ab817fbdf12fd06a78480b3336

SHA512
4067d3f9de7c710d3cbd16f727587641d0343fdde59a93ba54a9c87c95f0a79500b2a387af5b3bac09a681140798e688f424a8ea3ef5fe7bb7ff5cf31d88fd19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7c6d2810abc20432a6f0c87b6f710f79

SHA1
7da200df206131e9eb1e53f308ba3f18b6345df4

SHA256
7175bc795c18a287f0b392ee3e02bc88d11b8bc7c2ff52d91a03821a5ba702c5

SHA512
c529b5492b22846053a7e4c27e2472000e1aa2e3a2d205d47727fc24a688a477517072c6b8d7beb5f292c5b7b8d8e3eead3fd26b5fa25cb811e159207bdaabee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
ba75e8810eda9b188146ce54151f59b9

SHA1
046ca1b103ab076f3e7e28b78de89af39643203f

SHA256
5a391ff24fb6d1a0be6763574643e45bf25dafd0b38f5dc718417087a868def3

SHA512
b6b0adbdb844e744e6f69e7597bfedad362eb2747feb1688d94ec7f9e411746892e99d614743601782a7ad67a5c8d92ae713e72cf04d5f8a7df19d4205146b31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
63fb1869e0ac9a545ab03c7f61e47d24

SHA1
37ef2d6b91f0f46254d677ac90a70570e7bff399

SHA256
2148fe591d13175bfc631d8e73e425a7fecd6bc91fb1c93724483a125b82ee22

SHA512
3c2cc894617348376be72e4b3ed3d1bad4d77f1f7737a2ecf325bd03bfcf05b5a7e2e9fe9ec84eec301f821d8126421693afe9f91a04998015993a252068b20f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a74e632f5f59d2e16ab4f4d78fcbfc48

SHA1
de7a420c59120c41fc0679aba5ef395ee1ae02b1

SHA256
d0fbc873f82dd33e801903da180c759bbe198456dd00e173fe3fcc1e2356621b

SHA512
68883a21ef9630cf3cc781ac8b3e87e458436d1f5aa3e7301b720a335b4a757265351e6a9dcb61da9fd37224176eebb0fcfe458204406ba6dbf938959ad198fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a31a32919aaf2834025e2acdc6f7ed25

SHA1
dfc287049ba4135fccf2967d3510780431642bed

SHA256
20c60b2d0be25c2793bbd213e14f587d427c9cebcc09377f5a8be5661e9a1d33

SHA512
293ace011a9f9d0126232ae6d73695606f0adab2f84e00bbd7b39268a5a01121b1826c829610d1f9b6cfa92b3da664167b59ead3cd2ef70cfe0932a3014fcac0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4685bb09d0f1af3ded77709b05b84ffa

SHA1
e1a60918f046e0544b9e1f7397ff55883578c1c2

SHA256
09305ba85ca13838cfe5c1c6539b94e3fc7d319190620b51242e0454656561f3

SHA512
074339509496e6c5c8ccacb4eba29122cab5f6a963e9c2e60221108aeb1a9b482ea87c3e2478a4ca79b9da40fda8071f9cd9a9bf1647f9e860e58f256a7046e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
37098d4a2ce06a7240ba731331c9c3e4

SHA1
ddefcd541cdb68a16e40f34128edcebc093c4fd0

SHA256
54761a83e5cf352ca5a60e6bae526fab7bd6af8dbfebc03651cfd6b8765bc58b

SHA512
af8c24cd4df45030a1dbd0a907bd77acd5699c5038c2f1217157cbf269feb8190136cbf8e45748e34c43700673e01e266ff8b63bcc13749e9ac53c3bf4c7a631

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
d0f040ee3a990fe4096c25329f5f3384

SHA1
562169beecfa7ea1e550860c5370311cc9414eab

SHA256
92c4b411ed9968a80aea0c0f559601dd01ca8cb6f699b0f951ef70715b836f40

SHA512
34555de4491cc0af7b123372a89d6661b6e86922c25b9e7b122b1bb58d8be884fa29d71b2d2ed4d2481f6a0edb10bd33d729235f70f915606a325e39d9189bc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
0873ef3080f46d57b60b908896c130d8

SHA1
f9d0841f501a25a8f7e7b64108ee87f5074a292e

SHA256
7fa9d27067b381862a653e1522ef26767223f9e93cfd3013a32e27699060c340

SHA512
596ae55a7dfb453defd6066c973a4079011240a15f98c0ff93a80c4e458d206b14fdd7bdee8de0afbf8b9be29e91b0977de1b3807fd2e3536731e9be346044af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
6db2d2ceb22a030bd1caa72b32cfbf98

SHA1
fe50f35e60f88624a28b93b8a76be1377957618b

SHA256
7b22b0b16088ab7f7d6f938d7cfe9ae807856662ce3a63e7de6c8107186853e4

SHA512
d5a67a394003f559c98e1a1e9e31c2d473d04cc075b08bb0aab115ce42744da536895df2cec73fa54fc36f38d38e4906680cfacfbf4698ee925f1609fbb07912

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
055a9dbcf8d90aa25e980c9a164123eb

SHA1
884259e32c73e01a921aa5841de33aac89d17819

SHA256
20092b8d0e1be8e43f851ac89b3e9df4e2a9f14e02b12045b9072d434024ba36

SHA512
0f5e07500ef5d9f51ef20d90350b32f9f4936e876a730770d57e31dec36b123ab86a19739b5c49052e01a27fa5d51dccc05c4f90da1752162fe40a19971d6e8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
10dd0bac322fefcd735f1197529d70cf

SHA1
495983f3c2bb2a6a0ac4c94782137bd0bb4d8a72

SHA256
9ea142f20a55bb5e62d6b3c63e1b84fa40f841d635348d47e9203a0dc75a7416

SHA512
f7f669bc0914123251412f9dd7af34f39e9d2e04cabea954608d1565a7c3d31cd82aabf8548e9366fd4760a0e1f157c41094f1c139185758f580f518a3adb47c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0c9075c670afbc3e5681d205bed71814

SHA1
13240c9281d1f4133b38247d8f054d4d63908966

SHA256
cefb9e33260909591b40d40abfa03ff99800172041e8ebcf2bb4d26761b3ed05

SHA512
d22d84db901eea13e5f77527c8811b7ced6878a032ed8a32404df5ceef0c0a226fb4e6b6636a570253895a9b35814ae8fe401a8d1fb35b840590914b194e36be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9c4e902ea1f8e02c19838bdad52148dc

SHA1
377238732f75f5f953242bc6106b7e7ad83a48db

SHA256
1de5070e34844b87cc8e93ac4ba58ea52b7c18146cec022484b8db4b6f397bf0

SHA512
16cf7a8a344870923605a627a9cbaeaa587d25335988190a790cda2c51dc1a2186420db6b7f48a4d5186ddef4c993edbb11ceb036828e2c5f634248a2e062e2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe675b51.TMP

Filesize
871B

MD5
f76575ac3d95a16c07ad4924e6e4efad

SHA1
b3d087365d0ba4ddcf13a7e5d86b60e17f85c607

SHA256
6526074c032743a4fa6e85e1ea55b94679f0217640ab002ff807c570e341ee69

SHA512
77b32cb1fb15d1380c7a960725f86cdf07541e2f0c66bc01efc71a3598f51849a29433662101dde3e8047f1be7d10c4258c2c2a825089974531fd6151ab1721d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2e1af11414f33491d3001088706ed5d3

SHA1
f1fd564a3c84cf7195b307c787d89fd7bf199cc5

SHA256
d3f110eb62120f8a0c4e8e3cdc56363e4ca6c6ca0979fca61e52fa1c5da8b2ee

SHA512
9c684c8d2f1150ab02f484f82f4aa0231d2aadb9a595a5bf08d56da9e1162136571c48ba0a4ba7485d7467d641c53694d39e2538ceb9c6f7cb9ce068ccef8ea8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
5c039f6731b41c8baf1e1ba4d9dd8649

SHA1
6b408d3d4fbd080ed20e5474b1e8ee3e14248428

SHA256
01484ec7e350135e186242b50eacd86ccf71d1e3bc3e39783c6fa5efe8bce863

SHA512
fcccc4ad1db0c21bdad6b9c1438357c14c929e3e750574d4e655445b12dc8c29aacd8a09977d8886b9c59a99926f3613447654088a6c5f247be5629880e4a1eb

Download Submit