hxxps://web[.]snapchat[.]com/

Resubmissions

22-05-2024 05:03

240522-fprqrsch5w 1

22-05-2024 03:39

240522-d7xcvsba5w 1

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 05:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://web.snapchat.com/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exechrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133608278244817599"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 8 IoCs

Processes:

chrome.exechrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.xr3e4d1a088c1f6d498c84f3c86de73ce49f82a104	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.xr3e4d1a088c1f6d498c84f3c86de73ce49f82a104\Children	chrome.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-540404634-651139247-2967210625-1000\{C81CB02D-6F3A-49C6-842D-2A543F1D898A}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-1564618566-2075036687-2183292701-3772712905-356161540-1460609487-3404086268	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-1564618566-2075036687-2183292701-3772712905-356161540-1460609487-3404086268\DisplayName = "Chrome Sandbox"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-1564618566-2075036687-2183292701-3772712905-356161540-1460609487-3404086268\Moniker = "cr.sb.xr3e4d1a088c1f6d498c84f3c86de73ce49f82a104"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-1564618566-2075036687-2183292701-3772712905-356161540-1460609487-3404086268\Children	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-540404634-651139247-2967210625-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	chrome.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exechrome.exemsedge.exechrome.exe

pid	process
1404	msedge.exe
1404	msedge.exe
396	msedge.exe
396	msedge.exe
3584	identity_helper.exe
3584	identity_helper.exe
4636	chrome.exe
4636	chrome.exe
5848	msedge.exe
5848	msedge.exe
5848	msedge.exe
5848	msedge.exe
1700	chrome.exe
1700	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

Processes:

msedge.exechrome.exe

pid	process
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe
Token: SeShutdownPrivilege	4636	chrome.exe
Token: SeCreatePagefilePrivilege	4636	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exechrome.exe

pid	process
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

msedge.exechrome.exe

pid	process
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe
4636	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 396 wrote to memory of 3788	396	msedge.exe	msedge.exe
PID 396 wrote to memory of 3788	396	msedge.exe	msedge.exe
PID 396 wrote to memory of 1556	396	msedge.exe	msedge.exe
PID 396 wrote to memory of 1556	396	msedge.exe	msedge.exe
PID 396 wrote to memory of 1556	396	msedge.exe	msedge.exe
PID 396 wrote to memory of 1556	396	msedge.exe	msedge.exe
PID 396 wrote to memory of 1556	396	msedge.exe	msedge.exe
PID 396 wrote to memory of 1556	396	msedge.exe	msedge.exe
PID 396 wrote to memory of 1556	396	msedge.exe	msedge.exe
PID 396 wrote to memory of 1556	396	msedge.exe	msedge.exe
PID 396 wrote to memory of 1556	396	msedge.exe	msedge.exe
PID 396 wrote to memory of 1556	396	msedge.exe	msedge.exe
PID 396 wrote to memory of 1556	396	msedge.exe	msedge.exe
PID 396 wrote to memory of 1556	396	msedge.exe	msedge.exe
PID 396 wrote to memory of 1556	396	msedge.exe	msedge.exe
PID 396 wrote to memory of 1556	396	msedge.exe	msedge.exe
PID 396 wrote to memory of 1556	396	msedge.exe	msedge.exe
PID 396 wrote to memory of 1556	396	msedge.exe	msedge.exe
PID 396 wrote to memory of 1556	396	msedge.exe	msedge.exe
PID 396 wrote to memory of 1556	396	msedge.exe	msedge.exe
PID 396 wrote to memory of 1556	396	msedge.exe	msedge.exe
PID 396 wrote to memory of 1556	396	msedge.exe	msedge.exe
PID 396 wrote to memory of 1556	396	msedge.exe	msedge.exe
PID 396 wrote to memory of 1556	396	msedge.exe	msedge.exe
PID 396 wrote to memory of 1556	396	msedge.exe	msedge.exe
PID 396 wrote to memory of 1556	396	msedge.exe	msedge.exe
PID 396 wrote to memory of 1556	396	msedge.exe	msedge.exe
PID 396 wrote to memory of 1556	396	msedge.exe	msedge.exe
PID 396 wrote to memory of 1556	396	msedge.exe	msedge.exe
PID 396 wrote to memory of 1556	396	msedge.exe	msedge.exe
PID 396 wrote to memory of 1556	396	msedge.exe	msedge.exe
PID 396 wrote to memory of 1556	396	msedge.exe	msedge.exe
PID 396 wrote to memory of 1556	396	msedge.exe	msedge.exe
PID 396 wrote to memory of 1556	396	msedge.exe	msedge.exe
PID 396 wrote to memory of 1556	396	msedge.exe	msedge.exe
PID 396 wrote to memory of 1556	396	msedge.exe	msedge.exe
PID 396 wrote to memory of 1556	396	msedge.exe	msedge.exe
PID 396 wrote to memory of 1556	396	msedge.exe	msedge.exe
PID 396 wrote to memory of 1556	396	msedge.exe	msedge.exe
PID 396 wrote to memory of 1556	396	msedge.exe	msedge.exe
PID 396 wrote to memory of 1556	396	msedge.exe	msedge.exe
PID 396 wrote to memory of 1556	396	msedge.exe	msedge.exe
PID 396 wrote to memory of 1404	396	msedge.exe	msedge.exe
PID 396 wrote to memory of 1404	396	msedge.exe	msedge.exe
PID 396 wrote to memory of 4020	396	msedge.exe	msedge.exe
PID 396 wrote to memory of 4020	396	msedge.exe	msedge.exe
PID 396 wrote to memory of 4020	396	msedge.exe	msedge.exe
PID 396 wrote to memory of 4020	396	msedge.exe	msedge.exe
PID 396 wrote to memory of 4020	396	msedge.exe	msedge.exe
PID 396 wrote to memory of 4020	396	msedge.exe	msedge.exe
PID 396 wrote to memory of 4020	396	msedge.exe	msedge.exe
PID 396 wrote to memory of 4020	396	msedge.exe	msedge.exe
PID 396 wrote to memory of 4020	396	msedge.exe	msedge.exe
PID 396 wrote to memory of 4020	396	msedge.exe	msedge.exe
PID 396 wrote to memory of 4020	396	msedge.exe	msedge.exe
PID 396 wrote to memory of 4020	396	msedge.exe	msedge.exe
PID 396 wrote to memory of 4020	396	msedge.exe	msedge.exe
PID 396 wrote to memory of 4020	396	msedge.exe	msedge.exe
PID 396 wrote to memory of 4020	396	msedge.exe	msedge.exe
PID 396 wrote to memory of 4020	396	msedge.exe	msedge.exe
PID 396 wrote to memory of 4020	396	msedge.exe	msedge.exe
PID 396 wrote to memory of 4020	396	msedge.exe	msedge.exe
PID 396 wrote to memory of 4020	396	msedge.exe	msedge.exe
PID 396 wrote to memory of 4020	396	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://web.snapchat.com/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:396

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc840f46f8,0x7ffc840f4708,0x7ffc840f4718
2⤵
PID:3788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,14224045395855948007,9084855775811342280,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
2⤵
PID:1556

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,14224045395855948007,9084855775811342280,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1404

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2016,14224045395855948007,9084855775811342280,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
2⤵
PID:4020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,14224045395855948007,9084855775811342280,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
2⤵
PID:5000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,14224045395855948007,9084855775811342280,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
2⤵
PID:1716

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,14224045395855948007,9084855775811342280,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 /prefetch:8
2⤵
PID:4636

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,14224045395855948007,9084855775811342280,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3584

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,14224045395855948007,9084855775811342280,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
2⤵
PID:752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,14224045395855948007,9084855775811342280,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
2⤵
PID:1980

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,14224045395855948007,9084855775811342280,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
2⤵
PID:1268

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,14224045395855948007,9084855775811342280,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
2⤵
PID:5008

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,14224045395855948007,9084855775811342280,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3952 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5848

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3868

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3344

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4636

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc7149ab58,0x7ffc7149ab68,0x7ffc7149ab78
2⤵
PID:1976

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1692 --field-trial-handle=2004,i,3640409783498518819,7889811881965945087,131072 /prefetch:2
2⤵
PID:5224

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1932 --field-trial-handle=2004,i,3640409783498518819,7889811881965945087,131072 /prefetch:8
2⤵
PID:5232

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2244 --field-trial-handle=2004,i,3640409783498518819,7889811881965945087,131072 /prefetch:8
2⤵
PID:5240

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2988 --field-trial-handle=2004,i,3640409783498518819,7889811881965945087,131072 /prefetch:1
2⤵
PID:5356

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3004 --field-trial-handle=2004,i,3640409783498518819,7889811881965945087,131072 /prefetch:1
2⤵
PID:5372

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3520 --field-trial-handle=2004,i,3640409783498518819,7889811881965945087,131072 /prefetch:1
2⤵
PID:5624

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3844 --field-trial-handle=2004,i,3640409783498518819,7889811881965945087,131072 /prefetch:8
2⤵
PID:5704

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4564 --field-trial-handle=2004,i,3640409783498518819,7889811881965945087,131072 /prefetch:8
2⤵
PID:5720

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4464 --field-trial-handle=2004,i,3640409783498518819,7889811881965945087,131072 /prefetch:8
2⤵
PID:5804

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4724 --field-trial-handle=2004,i,3640409783498518819,7889811881965945087,131072 /prefetch:8
2⤵
PID:5888

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4916 --field-trial-handle=2004,i,3640409783498518819,7889811881965945087,131072 /prefetch:8
2⤵
PID:5740

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
2⤵
PID:5868

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x238,0x23c,0x240,0x214,0x244,0x7ff7a5beae48,0x7ff7a5beae58,0x7ff7a5beae68
3⤵
PID:5776

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
2⤵
PID:5872

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x238,0x23c,0x240,0x214,0x244,0x7ff7a5beae48,0x7ff7a5beae58,0x7ff7a5beae68
3⤵
PID:5788

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1992 --field-trial-handle=2004,i,3640409783498518819,7889811881965945087,131072 /prefetch:1
2⤵
PID:4972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3076 --field-trial-handle=2004,i,3640409783498518819,7889811881965945087,131072 /prefetch:8
2⤵
PID:5460

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3276 --field-trial-handle=2004,i,3640409783498518819,7889811881965945087,131072 /prefetch:1
2⤵
PID:5688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=device.mojom.XRDeviceService --lang=en-US --service-sandbox-type=xr_compositing --mojo-platform-channel-handle=3272 --field-trial-handle=2004,i,3640409783498518819,7889811881965945087,131072 /prefetch:8
2⤵
PID:2216

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4840 --field-trial-handle=2004,i,3640409783498518819,7889811881965945087,131072 /prefetch:8
2⤵
PID:220

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3048 --field-trial-handle=2004,i,3640409783498518819,7889811881965945087,131072 /prefetch:1
2⤵
PID:5048

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5052 --field-trial-handle=2004,i,3640409783498518819,7889811881965945087,131072 /prefetch:8
2⤵
PID:3692

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5072 --field-trial-handle=2004,i,3640409783498518819,7889811881965945087,131072 /prefetch:8
2⤵
- Modifies registry class
PID:3520

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5276 --field-trial-handle=2004,i,3640409783498518819,7889811881965945087,131072 /prefetch:8
2⤵
PID:5364

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4840 --field-trial-handle=2004,i,3640409783498518819,7889811881965945087,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1700

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:5520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
31KB

MD5
87b7024abddab5a79ebe904e434ad1c1

SHA1
7b87db534dffd703f3cc9e78e2d5cf92e4bbf031

SHA256
4ba39683600215ac890e4c73b37144d1068a66f8a09fb9dff65a11d0744fe270

SHA512
e42e54bf705b8646c2d8692de73ddf5f79bfe85c02c4d37c18c9f9ef5cc440a3a7701db12977e5bd4b7c0f268d0d3e6cfee05e1aa4b99fdf1a4c153162f07976

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
82KB

MD5
c7c38de11597c0ccf266af5ac0f481e5

SHA1
b4fe33b06eec84d92cb882e43d3a04fbb8c7ae55

SHA256
7e7b581d0faf227c36cb7cb8b3dc0e64f2d216a321ea819ab28a85867db8082c

SHA512
25626e692bfae369eb8b885e2525c0c41e387642cf06daf2c3077ffd840051e485e9f34dcd063ae1a18816f51af80e40e51939a6015ed7f7797f25f3b48937be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
1.5MB

MD5
a9f768485c3f05d06f104b34935ea0ac

SHA1
87270c8b9e84ca314c5ad3f12cc07062697987ff

SHA256
400fee678aadf73760127412132dc990bccda93656dcb916a4bfd0d7f28e84aa

SHA512
7d131e632eb98617910223aad6a0e62c51c62bfb7e51171a60fec1fa9aa2ab9c32ddb95d2f7b89ca1ac7706cbfa35824e962f8351f25e40e39eb2fbec7f5b529

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
36KB

MD5
6319fb569c6f04206372b18d678bc3b6

SHA1
4f750dacfec0c76c06cf90db32628b7a2eaa6933

SHA256
ad19fcc0422a1862d5a2466f2bb24e9885fff412b8f3eb7c03b9ac2efd099020

SHA512
dcbb70f2ab30ad3d40e0636b9b14a041c5f40b5e0440efab0fcf18524fccde9072f708004f9426c932584de37d16a03112c7db1532c7a2d5b70275fff9c6a9b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000044

Filesize
34KB

MD5
489906028c173f775c8393504c7253a3

SHA1
1284ab22365fb707537a419cf379f4b3fa20ec0a

SHA256
d73427c3e5427baa23a3a9b7d222a7f0d1cb8639274e6d408c42f7b9a4dc3d3a

SHA512
877761e01949a1614da5d9a811e0cb02f2aede8d456c81c95d4627441b7c3df5e54ccf2edf4846c2018035ff0ab411091241fb919931a137ac7a7412c1a88e29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000048

Filesize
35KB

MD5
51680ed6e1353ab8d32e092eee443c95

SHA1
76920f2174fcf24b39d8eecf791784337c8fff58

SHA256
091c76fbe2b9812439ac608e1b9d0ef2906f73416aaf9e47d6a717091650b7ea

SHA512
900352cb92d88707d4dc9b8c8fc11fa8b39ba1ffce2e1a37b7db7492a7a95fc1bab675e6b1200897eeae009d5367c6ca43cbe7bdceb7f2a82459ac5e62c0f3e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
b8c97f23e952f3763b14fba4b563c586

SHA1
a51fbbe1f35cf2bbd9ba7bb1048d09081cd947ce

SHA256
454205b3964737a357284bb4356759dbce2089a05d139ebc83b3008e06c134e1

SHA512
b0147174bd74f5e855e99058665d34b830da7977066983653e02f0a9a0d5d34a1e61f10ef0803d57c26644fe0e613eb965f34b77c9619bbbeecaa91e65106d7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
16b47d23e9375adaea219a186d6f2d9a

SHA1
fb34e8ec5cf6249f0efc2162afc37d5626ab10d3

SHA256
fe179dcb6383f8ba5bbb6a8ef5555629557cad6ef765528c4380e0d55ba61479

SHA512
cbd291f0444f765dd9d0efc366ffd97ea113fe3d6778ed542f834312244a9da8db5e4889081396ef440c8bd6cb6d5b09efeaaa4572ae85c05b6e371e2f012ad1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_web.snapchat.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
8d8ca7609f90d5de2ffad7f8386ef6ee

SHA1
b005000a4253b2d199da37b76c8c9857de8b30f8

SHA256
3d5d8a93c83430c4ee6c5d1a5aba38c97f7ec201ac9e9c6e1fcface5318526ce

SHA512
cf828f334bf94a09b19b853038439c08ba7113a806396266f4970fbeb466b2f963d075d975c0cddb3fb4da9069357c56312a9b1f81191e308622ed19019d4455

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
9bbfe30e25636ae3ee016d8e6e48c695

SHA1
094f5cf0ff3839fa8c21b4396ca45556f4b8792a

SHA256
2e7387bf0c5a8aedb22abe84f3c41a064e86af0efac9383881e79368f53a4b89

SHA512
86cbd0ef590d53cf3f1f476613ea9374dc18e504b83b680ad37d795f9f3e9e50c6e95fdf054cb6748d12c710346dab01c1003dd1d4cdfbd726b7c3ec0a1ad1db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
250f35cbaa401ebee00d12274849dd4f

SHA1
4d5920b1fb19e10ce5d8e731787c35d133f08d2a

SHA256
64304482f30335079ec25c8dd65372c045a83ebc6693ef6601cbd4a71fb24386

SHA512
1b486a0e9881e33561499b06c7511c34dfe49a6c3bde2dbc22438c5562169d70904f9d1d52ba47846503cbeb94509eb4af2dbf4a33cf10cc31c34b1251298b2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
352B

MD5
768bd19acde3112d866adb4fa501fc47

SHA1
bf1c0d26564af3009d4de46a6ad999a8a89760f5

SHA256
d247f27926ae4cdb27bf8019b256161013ac4eadc36a9b3a381c72c306859e56

SHA512
89c5359daadbc9c57249bf177a9acbdb7b58dbdd152bca0f7258633635508938e13b7cdd9f9f98e9d0b22b319a9db222aaca5193559b80e54e4d06a5ad82586b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ce1848d83e5eecbd8498943a621e9e4d

SHA1
944b92330e1412557ea22878c2fde0f8f7855afe

SHA256
e268d1489d2fc3f1026aa5d944370307fccaa710db94cc11e959186607b9bf25

SHA512
50932b09fd2a157da9bb9d000d635962924177756e051dfe608078c7b2aea403695709fd6324cc924f0682e75c573c3edcf1620e0db198212bd94ad9abc0d375

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
352B

MD5
deafadb482fafa88fa5fd2360377fa15

SHA1
d6c8e8b2d9a42a27d3bb9646302d229cb08db44a

SHA256
e5d55335a125b2711f808a8db7ff8eba5a8ac24e18b2636f64ee9a30ec1bbf09

SHA512
0e424c0e94b9b718f355df8c1dbd7c77701b10bf5404c8dba25a8ea71ee768d4577ddb6d78fac2c464f9e5b45e24824975c5e657eb1aed7c13c828296dbed72e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
31fda0c6e50d9dec1bebe6c8ac4a53b0

SHA1
fd5b630f6dcea5bedb9dfa77a034302bc8d8e16c

SHA256
210fa486ff860631f5343dd775102b68d500e0b5135d0e8c2bf944689891270b

SHA512
2d648623a7eb40dbb2a5d6d52ef43f8d0b3a2dcd3b33082828f1f7f879a457b40c43cc3353735f0b639ece22f8aec23fd42f52c12541949b6f24fd53ca3d4882

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
12ff81815e55f3eed5068f79507f3c8d

SHA1
8148e2e08880e6cfd8eab5e4c58e31945e957078

SHA256
6eed76d64d4de5c680acfa7fde443b016b39e92869e217c077fdad96cb879646

SHA512
e3f6a678ca6b70f438161cbb392b2b1893d1963acc39c26560ef9b077d84b40f3b3f5bcb3ccd0177a6a7c8523982e82672959ad755defbfc6747c19755e0ae87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
72f2daa2db43b4eb42267179307f672e

SHA1
7bbd6bae9535937c59ed54daae0daca7afb944f1

SHA256
00d0ea9ec37998e1393d3438913278a8d533dd444d5d15bdf2988db73dc5c066

SHA512
8c0403032ac059fb05fa2275ffb211324fa19015edfe4abc05b55371983d5bd5eec860e423b7490dbe1fd13331803a7a09c1760765c80d185c3fc544cbd44c1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
443d692ddb7e07a00de433d1c978a40d

SHA1
1e10345fee71b896f99685bcd3efada676b48bd6

SHA256
46d752e51f4ac6d65913c2fd207af1816a872c64cfd9ba8620d5009663870f9c

SHA512
d945e40cdf8ced7370ba7b6da26d16e92a17c6a52ca5d98902034e625cd97efa3af197d6f238cd5747f1a7cb953e7ef781ea1680954788f37cbf4062a57c45d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\99b39c2a4e67e3b166fb70fb244a5ba14e44d5fb\2b6f0546-578a-4a22-ae3e-755543116c58\169b4d3c87c5e51d_0

Filesize
6KB

MD5
0a52b93d3849dc21d004d867afe0e657

SHA1
d3db45287ad91dbf081478ae210644f0bff52aec

SHA256
84496a8d1003849267eea065d7be04ed9b9070d4c131c9acab2ddf59dde4b88f

SHA512
bd6c09ab2a9120761097511e33a8635c0669292c9aaeef7bd453e6b0fcdd6c5e45c7597c3373749701524b159a07156287d74f6d6fc25e526be97c65bf9ee1fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\99b39c2a4e67e3b166fb70fb244a5ba14e44d5fb\2b6f0546-578a-4a22-ae3e-755543116c58\3352678afaa485ef_0

Filesize
1KB

MD5
d32bec40910a8c5efeac8e1443b5b00b

SHA1
440fd31257fc966341b7658895cf4459ebddfd20

SHA256
ff37edc3554112853f3ee42e4b680a230110ae0a820dda9382a5bb19d2d29d84

SHA512
5bc64b77b409a889664e6e0e4cf73cb984dde9a160da45d9a39c1610049208d5e3b457111a58c4aa38f3346ef349212b328941551f185bf1592c8c66a99f91f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\99b39c2a4e67e3b166fb70fb244a5ba14e44d5fb\2b6f0546-578a-4a22-ae3e-755543116c58\73da6c85ecba2cfd_0

Filesize
1KB

MD5
e28a850fde3bb346a8525d98ff57c9e9

SHA1
04033971986323b2d0fcb391d84e7e4307e2c225

SHA256
135a6a71ccd868c6756f344a3344678bb110c49465f76787031ad398ef9f2fc3

SHA512
5976d79d32bd5e72e9d8e986a5b5f389a3ce1b2d3c2c75055b74a11a14bf406aff38e97624a97d59be5048687a3f25cd217e6cb8abfd3f42c45e3e1938650f57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\99b39c2a4e67e3b166fb70fb244a5ba14e44d5fb\2b6f0546-578a-4a22-ae3e-755543116c58\f4d59a8a7754c458_0

Filesize
17KB

MD5
14b32cc54ef10d76d6c868f22c03319e

SHA1
9713f860d914d54f23b377b690242f4dfe95fa73

SHA256
777d0523ca9b52d8ad68d6bdd13e0c8d363ad5d22c98d1ac079736ae83146d98

SHA512
7661b92c11d0fc4ab68d766c82595ac8d6c063ed9cc5d9a8cd13d97e04a7cd8889721f16093c31b8acf067bf1e56e1a2204d01991df35b6a322e06d6ef51d1bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\99b39c2a4e67e3b166fb70fb244a5ba14e44d5fb\2b6f0546-578a-4a22-ae3e-755543116c58\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\99b39c2a4e67e3b166fb70fb244a5ba14e44d5fb\index.txt.tmp

Filesize
218B

MD5
788af315812b60f201ac70bdf444c7fe

SHA1
deba7c51787b473ee0cc76c2e463e0564db852b7

SHA256
4eb0fc432cea07473fda49010f770d79d114c839c0309404443f4cdb0debdaf2

SHA512
80d3d3d47f0b5c895441fa20d6d0d9efb982f332709441b33cc1046ad65b726494470cbdfcdeb40b06da9f70ee1f19ffa56daee4fdeeb081750020df6e7b6cb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\99b39c2a4e67e3b166fb70fb244a5ba14e44d5fb\index.txt~RFe5903a0.TMP

Filesize
125B

MD5
9324c7d6e720afb96e306837a340b934

SHA1
5e5c1ce3fff9ed02d550098be103197ac9fa2aa8

SHA256
c878bb66d71ec2c8386e9353628831541d07afa6567b4651ee94f1a77c2d3ac1

SHA512
01281c3fda7235f86198b9c038e0fec9c3a03c5e99f4e0829257832230b7ae201c72f39143af5ced71d36a66056b9980c7f1c996f60d6ade3a93bb390e855b6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
663eb6495f0ab04eeceacfd2aa4fe9a3

SHA1
02558c006b4e45e8705cdfa1e6e15de0fcf67aa0

SHA256
c4bee5d6816901ff774c43795ab16d3c8a1b2c7c838ec4d2dfa01f4984664b6e

SHA512
5ea7671675ada13b6a0d2c8d1c283c61798be6b4626dc4d4487986f0fe0766763d7101aa11726818d7234f3fb1f1b3c5bb43108a6f3debc37e1bc1f3cf710b52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\blob_storage\9f9057ea-c8f1-4877-9188-8d8c1a0d804c\1

Filesize
3.2MB

MD5
4a07e0ae80afe73136d20e6091c06cdc

SHA1
fcf97574de899c9548c67f984060bef80f6d4d6c

SHA256
01f459e1f511090ad57287c133b5054b39764176a97480278fb43aefad092700

SHA512
f43569914798e27225db3105ca58457a9c4e6cfa2d5b98e3bfe6c615241725f5593e0f6c8523c844c6a2faa73741835bc5c25ef1d0a99261ed109ea5fec110a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\blob_storage\9f9057ea-c8f1-4877-9188-8d8c1a0d804c\2

Filesize
7.8MB

MD5
fbed2738fb44e66a6c1cdc8754d393bb

SHA1
16293907d8612049845bb2a19458b774bbc1a8c8

SHA256
ae085398aa056557d1d80fea566a53ffe702fc1e65e1e014b85c340cd7b1f8c2

SHA512
a64101ac64c8d796ec69b88b65e6e2e9eea0fcb36bc20ed2d8142afc4e030a45386a985c6d85c4bc9cbe2b53b67815177abedbc9737f8db8dd07c3c8f7b1265c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
259KB

MD5
18ef9fc76196922401582942d84fd5bf

SHA1
2581868523cdd86f7687267f1660549bf287b5ee

SHA256
0e6a9067efab7b2bc5b4b0202404da4e0c1d910efb5a89ac7d1f87a247fb0633

SHA512
8a905f944278b234d19579c28c81479c6368b7521426cc29332ca317b0a8a6dfe7a02c3d3c929cd26e15e4befe7422dc0d37d3107437c18e51000ef6d0750d08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
95KB

MD5
2ceb5584f3db209696ecc3b3ff93a69d

SHA1
8b222de606cce299c872ec7d0dadb95fa6afb410

SHA256
e3449dde2f911ba4f5f7c0e024b231847a1b761b1001835950d49b61f11ecc56

SHA512
80fcddc047976a0050321c5a9697e226555c9e79bbb5e1b7d7e7d29492de77bd23b72a7ea7e30707fd4273a5ec42146d6c53ad55f3e1909689aa947f1b6944e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
90KB

MD5
51d1236e62c670ab232873d036a26a58

SHA1
1f72d3b6202370b2c5aca8f0a6ab74d2c4b20dbe

SHA256
e7effdb8ab210bf88ecb5f8e298a72899cfe9b6348f474b3585becd1fcb02a8e

SHA512
5b6774606ff4928082f2df6d4b6dac71bd304217cf595fc130dba19ef7f5f8c270e874e17cd9e918acee8751fba143898f0c10fe78913342e33136ab12b663cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe586e26.TMP

Filesize
89KB

MD5
3c95f4ffc4fcb710d3d6ac75c86438ea

SHA1
cae4d540db8ac21c7d64ee2f7bd75d850b8e023e

SHA256
4733fe3f504160909ce29fa31df591077f6515a955b35fd83cfac0de9e7ce994

SHA512
9aaf4c69a34f5844f4e187f1b70205426b3361635af7f9205d0a483f072d4ab164a55adabad3db4e5e4bc0d3bab074502a9d4da56cf22dd8ad0ae71c4662f257

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2daa93382bba07cbc40af372d30ec576

SHA1
c5e709dc3e2e4df2ff841fbde3e30170e7428a94

SHA256
1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30

SHA512
65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecdc2754d7d2ae862272153aa9b9ca6e

SHA1
c19bed1c6e1c998b9fa93298639ad7961339147d

SHA256
a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7

SHA512
cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
34KB

MD5
5764d7948f6c1253d76293a35691a746

SHA1
4b412294c701e5ef031061aace7f556911bdc2a8

SHA256
4fa2cd6bf832e4dd7222530b2f21844e1105f4f333d72557d57cac9f24a69730

SHA512
f9b5c789d6a06131001bff1fe5bee677105500ff74a5d038a84c40a2859f72d436b318fd6af75297a0a80d9edcbac158d9d4aa14ce251048708cd0ab3a96d109

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
34KB

MD5
1b15151f04072b735636f0f75b3396d0

SHA1
e15192dcb3fcdcd3fddc9d4ef9d2abe1d1ae1543

SHA256
a194407e7f1287b168f81d14402daddc04c97529d9af1eac407c1bf66c027ace

SHA512
b2fa69c791e0689556443df38a178771e6484d847490266af415ba3bd3456a149cf02d6f6bbc00e3729a7889f22cac78a2c28bd429e9def80192d087d18e731a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
8800901daa7fb9ba4d9340dc609c2196

SHA1
1a58b74e1a5d546e110718f48d649643f712ac62

SHA256
602c5e7066dcc0ea746489be786afd8272adc1261e746fd0eca38f7b7bd59df3

SHA512
b81ee02a01f139fb15f7418997c0d7bf9dfda84ab746f5c4c704b36214c8807cd97306f8b33da9282be062500c975d715d8192cb6b61ad1b7af661a4c0c57ae2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
1e54ef604818844a36acb11f74111223

SHA1
2370d564b1a13048847e798a0d83e7a2c9d1dd2b

SHA256
9198d8c3c7ae4f353df2b2a0724f1f2f6af80f168ece0f5bea125d4d20137496

SHA512
e4ee4273694d00dd847b83ee7b9b1ddf8132dd63a53c260e85e46f9b76998b0baafe2bb9b2d25d696d0d76f92be9cb48c2ad0cc53b5e39749f8e2e56453408ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7b156f31acb077f74f1e698ad05e8c9f

SHA1
3326256c06347dbbd8f2f031bd3a3a6c5203f82b

SHA256
10dfc6af9ce1490fe522b342501fa8af04d94df4d1aa74ee8bbb05815beb937b

SHA512
01a11f3cb25f7e447f59b133448f6dbcb9d1551335742d598eeaeb7d5672f0025537a3b967ab8e38812f02f895c54e7a23e4792d3810a3351154b07cc728a63a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
15a06e5f9d82d595b9f2e9f83605e6aa

SHA1
0cd418e441938a2cf9d76afaf4210178aae7233c

SHA256
497e3d98f3c151555d055c86f8643a75c7548016f5ebda17bfdd717cadd0e197

SHA512
f60329d4f899e9eb90372cb5f69bbb086065dc1da589d129806be2c79c6b0d497f503b8e8fd6dafffaa31339577d444a121374acc68a6fe60b84331236aa0cd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
939112e709299f2584e8c8dda27214ca

SHA1
c5cded188f00d26b4ae9a04f5a87165eec564a0c

SHA256
03053c314443631110861afc039edb600bce5b92bd626f0380b88da7dada015a

SHA512
f39a82278ed21ed8cfd630662038c9d7302fa49524afbc693b9bb44107971f0674541bd4a624781eedbe8a0670613374c1e4f2160cab42da8054a1b9b51af93b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\99b39c2a4e67e3b166fb70fb244a5ba14e44d5fb\978cd2ed-cd4a-470a-a0a5-5e9a652bcdd2\3352678afaa485ef_0

Filesize
1KB

MD5
aa9abdd71bffb3c9b1e5d4d97e0a0092

SHA1
7404d58e1926bd36f62a238a972c6f54b8f6d5f3

SHA256
21a85ee9aeb613283cd076b8ea74b352e64724a98e804aa4f60b3df8c9f9b08d

SHA512
54795e2802c95b3ed7d3e68c2d64870f6e7af29f7ff81a2f7e1c72c96b56d9db0442f2e0f90720218d8fb9db74287e58a5332dd301b41362c9008d311976b7b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\99b39c2a4e67e3b166fb70fb244a5ba14e44d5fb\978cd2ed-cd4a-470a-a0a5-5e9a652bcdd2\402a896121bd1090_0

Filesize
35KB

MD5
03bbbb9fdae92afe3e63e03a1aa341d9

SHA1
c56610cf48a8a4d1ca003978ea661879623b7163

SHA256
1026ef98814b9cebc8497a787985dd3a198a360d7fb2a17e25de4fe938d1eb9c

SHA512
ea0e7e0b178c8ce02b7eb95cc348686bc44473f901eb1ac5844213afb5f36c689242973f7cfffaa1041afda42d9fa24f0875dd68c8137e297f54d6000f139a13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\99b39c2a4e67e3b166fb70fb244a5ba14e44d5fb\978cd2ed-cd4a-470a-a0a5-5e9a652bcdd2\5799afd90dde472a_0

Filesize
37KB

MD5
0335e27140b3dbf000a7ce0b9af44208

SHA1
82f4781f866eed45d733c53e4897a709b681b202

SHA256
b7375154ad9471c209da816a1d3e4b5d25ddedccca69e14abd163fc9bc982a27

SHA512
7aa5ced0a9e6e23f1164753d1f8b7a1103b0f2f65b8fb394dba353eb71d200d75e365388f14a843c0f1a8ba5441c44c434620273dcf09169670c57d6e93aa3a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\99b39c2a4e67e3b166fb70fb244a5ba14e44d5fb\978cd2ed-cd4a-470a-a0a5-5e9a652bcdd2\5cf4835c44837ff8_0

Filesize
35KB

MD5
5775540acd17bde14cce6dc79b785c9b

SHA1
31c1b12baf33643009a59f874447a29ed032f251

SHA256
94de4c4c0ceb7e2bffdaabbbe21bd576f7f3fc7f675acff400b712f63c629181

SHA512
aebd4ec2b618073a1df9dfecd6cd038348eeef737e8a93645e361f2a77c17dbba0730c0845893e71d1b9b5ecbe0edeb5f9fe145555bb2acfd7aeb505ba67c29c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\99b39c2a4e67e3b166fb70fb244a5ba14e44d5fb\978cd2ed-cd4a-470a-a0a5-5e9a652bcdd2\73da6c85ecba2cfd_0

Filesize
1KB

MD5
9eac846a80fead63317f6c43e6a61d8e

SHA1
363a18f543bcbce352c98baf53de88e6f93777c2

SHA256
3bf113ef8b22d2b8b58da298596bb72e2d8f59607bcbdaf49a60c3a52734dc2e

SHA512
5cb40e47666216179dcf38769cfb9c8ee2fb2f6227a5094379f99c6ad059b09d5616dafe1bf45c9ff8a64b9dabf9fcd187a7d965d294ddb6bd9eb0a5ea1b6237

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\99b39c2a4e67e3b166fb70fb244a5ba14e44d5fb\978cd2ed-cd4a-470a-a0a5-5e9a652bcdd2\9fdaf756fb83f834_0

Filesize
7KB

MD5
984cee025e68a80adfb4f74a49a6450a

SHA1
233f09078f70159eb0421297aca0cde27e3d648f

SHA256
a867aa496c80a0c06636c15f03b639765dbba9921c203a92879a1b792d749988

SHA512
5dbbd17e4bfe0b1d6fbb925f5bad7acd6fee226d5f58b4dd3c2c07c4904847632918efa093195b4307a3495a6656a2064ca886fc0ee3b307b22500952fdfaa56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\99b39c2a4e67e3b166fb70fb244a5ba14e44d5fb\978cd2ed-cd4a-470a-a0a5-5e9a652bcdd2\index-dir\the-real-index

Filesize
3KB

MD5
48de4c7cee9ed6b006e17fb2ecc7767f

SHA1
46ea279d2251cda69bcc9161966435dbb04bc948

SHA256
dfd48692836b54fc1ad1bb955462866731714e108bff3ab21ea7d5951feb252a

SHA512
a1d8240aa55a352e18f9544a49ddab47fbf659170f8ff78bfb5d00972de5e1aadcb11b9a31684deb54efd14d45ea1d7f5e0b63d0e52e5dc7817b5851b50c80a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\99b39c2a4e67e3b166fb70fb244a5ba14e44d5fb\978cd2ed-cd4a-470a-a0a5-5e9a652bcdd2\index-dir\the-real-index~RFe57bd26.TMP

Filesize
48B

MD5
dffe592eccc729cd9a8d6bf06cb267ff

SHA1
e9befdf9b90e4b610287097fced06df179f77996

SHA256
9298bed3a07bedda3713d4255e3be3f4a33a56af00b9b4eca8de7df6da20d13f

SHA512
2d16e372e484c0f86f4a90a42ebd25a99d4598ab5146bb375f353cadf395edcb27cdcb431aeed8d6adcd5d055e4d358fa5acf9a1a7f4049b63ec428139b5bc8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\99b39c2a4e67e3b166fb70fb244a5ba14e44d5fb\index.txt

Filesize
94B

MD5
74f1a5aba2725272587ab23a74c768d7

SHA1
325bc3a318dc6763ba838e04813ecbfc9d823aad

SHA256
78bd9d2be2bbac801dc24e69ebab0b3fea6e6ad7bb856be7076e599f7a1f90f1

SHA512
4c2446078ce0fca51257d855999bfb92316256a2a876b1c88e69aadf50a5b79e83c325c06e7a99bc57609161e21dc32eacd8af813c5f472dda92bb73385d5064

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\99b39c2a4e67e3b166fb70fb244a5ba14e44d5fb\index.txt

Filesize
187B

MD5
141fd18c81533eba29d8dcccc6d77615

SHA1
dd9b09342b6365207d6b1bd18fb635949f9a280b

SHA256
cb9112cc023d7fbcd172d1022d969d6756d41e740e50a90958938269efe7cc74

SHA512
4f8f7963750dda651ea2d91af219ff8dd7b39c9d33ef7b3e0f7fecfc7f5d40835aeed77942606ffee36a2efaa97fc1c9beed74796652480053e327d3b57433e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\99b39c2a4e67e3b166fb70fb244a5ba14e44d5fb\index.txt

Filesize
183B

MD5
b122773fef1041d32cf9be1069c510bc

SHA1
2670e5276eb895f890bd683b62ea9de62f7095ee

SHA256
fc264a606bbdcc191794145b3e957adf087e2fd1994835fb3dfa7cb7b79b9e67

SHA512
bbc6a5f49e62309da1fc779e6a9b100660669b60c3f75d3c2aa8020196c1bf4def334656ca312760c7cc072ac136ba6a04f607330b1519dcb572dfcd2353b7d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
4d97c77d388bb33a4255cfe4866e02ff

SHA1
ed39cf063453438aef17e7ab97afec6809e9ab98

SHA256
a5ffa1e8e4171de371dafb7c60f5c92ef491fbedc97cf7d7b392985ca384cf97

SHA512
13c9759771c5a755d2cd108f7cbd5dc428d8578ab74b64120de2067c3007bdbcd140a7f815e9d2a1b580d4735f69baddc157f93c938cf1e96eb0158cc8277417

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe577c54.TMP

Filesize
48B

MD5
3053c502db580e7cde26666f4d32be05

SHA1
26817f5ab823dd88287ee7939af063a422aebd78

SHA256
e9f2c540ab294c82a53bb26cfdcee6f172945f3df94ab1da6bfd4d38a10fe948

SHA512
b141422b2b3b6a2173d059da32a2bba0c56d49c23088bae07edfddf61a2b0fbe7aa49231cd35b7411859807bc1c250d3c28d1e0b333ce74521fe1b7847bfd112

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
af7846b936ad1ea0bcab3ca5444a5eb1

SHA1
70b9075f1b1a6041a9484172b6f45dc831c5fc87

SHA256
e0d8342a8dd684f22c1bca4717a68bf54d65f0598ece737779d75a4e3dcd3892

SHA512
b7c846e878199054af8ceaeb2ef0873de396352f618a7917b301525314ed79cac871847dad33c9b3ddec3692164a1ace666d00e708f7487d49fedf3939d90c00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe578ed2.TMP

Filesize
370B

MD5
5e92100eb42acc2291ebc308330f9793

SHA1
03c6c8c3d8920d3f82d77ba37e582109be3b857b

SHA256
d1432385a41e51a0c3094a95beec9bcf78070eca38dee882854420975c201f00

SHA512
aa3a26d654dd4348c4cc2fb30ea800171a65455ff700a81dfda71cf141d7fb978e7222c7a0199f6937aab0a332ca085c291602a25c0aafa124410e524133a6a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b6fd5592-229b-49ec-a30d-347443ce3bc6.tmp

Filesize
537B

MD5
9957137cf7187b048b145b044a301d74

SHA1
7de703cd7636c20208e964d1c08c8024b504c184

SHA256
54aabba2b8429c8dbcce56395ca95404faa4f20236a8439fafa4c8844d04ae49

SHA512
e293dbcbd62a1a56b24a67cef52278c721efe2f570de3f0b32fe8f9ccf68eb8ba2b2aecf95f116a08a16926b849de6029b863f5643e54f43aab515d3f3750738

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b8394cc5-566c-4198-acee-1b2892096bb8.tmp

Filesize
537B

MD5
4e89912d130d02c626616d1852b8e9b1

SHA1
b59f088ab6974e3b0c1e452c4c82b20e2294698e

SHA256
ac1e284610240d0e5f4a7fc3999ae36d576fc0581805e14f12c65156be1faf30

SHA512
c5f4c21cf715c8e63d128e89d01f4e0e7ef14157cdbb63fb7d38779b9ac12a7357ac66ea4a0cd436741310fe5f2a8f0eac083a77e5d09eeecb5565da5ceeda16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
865316a7b3dbaadec93edab4060c1df0

SHA1
6f53b502712964e974832b86cb129b9e8390bb48

SHA256
ff7316485546e22f76f850cb305b73452874d729b1178c892223ed42606270cd

SHA512
b93f3a5328c8059c3d11e06c0af0a87731a6b33a4f5a8dece6de651a633a7df0296d7648baf4e7aac6790cc69a37aa9784e7bec84ba5f15a303804966c520cf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
407e367d393b27f193446df5ee63fcfa

SHA1
4e00c6a0056aa26834e7fce0a9bd15af4dca8f53

SHA256
e0b8628696a3a85ae1a2a5c57b85b9634084480d98ca2a0f8284e01f0c1870d1

SHA512
40f88fc1bcc67497346e30f1563de98776755f89a94d49569b051ede86b9718ea9e5fb9fcd6020321d4dcb917a01a68ac2b997f78e37a01700abdace70f9e620

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Windows\TEMP\Crashpad\settings.dat

Filesize
40B

MD5
0a8c17e97526f751a8aa475e8c8b7983

SHA1
2cb070d16a547e867aca22af457f13c44c17d0e2

SHA256
81519c37e7b764606c063607c2fdc287f28845aed7cce899222c4f714f16f860

SHA512
40a71708d63ea949f7132ef01340b3202eb349119623aa849b0e103e4b7ddbea543ba7ebe98b255eb58e26ac050c09a1dde89327f31deaa77f483dcf16136593

Download Submit
\??\pipe\LOCAL\crashpad_396_HNIEDUTVVPFENVGF

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit