679bd6cafa2c26a5a960ef6c7f8fb6381020b765db59903b9540a692a0bec008

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
27/05/2024, 18:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

21KB
MD5

5e14b7ef57ebdd288bc110b061756258
SHA1

f4407d608b8333a56f0feea9f8b0c06db800b8c5
SHA256

679bd6cafa2c26a5a960ef6c7f8fb6381020b765db59903b9540a692a0bec008
SHA512

d023ccd7ab99fbf93b2dd9052b9f10b3cdb62290f63e78ea2c822e681b18d463a994667bfe2d4a9dbb134008c313499b75ba80abe06dfcf3ba8bb0be47b3bd8c
SSDEEP

384:rLopEDBDpmReVoOs4ti9ylKeGMNUMHHhhbhIy7yo2paWhOwob0O+9IJCgMmV6:rLopoBBVoOs4tmyI1MLBhbaULWhOwoba

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
5016	msedge.exe
5016	msedge.exe
4444	msedge.exe
4444	msedge.exe
1236	chrome.exe
1236	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4444	msedge.exe
4444	msedge.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
4444	msedge.exe

Suspicious use of AdjustPrivilegeToken 16 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe

Suspicious use of FindShellTrayWindow 53 IoCs

pid	Process
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
4444	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4444 wrote to memory of 4192	4444	msedge.exe	83
PID 4444 wrote to memory of 4192	4444	msedge.exe	83
PID 1236 wrote to memory of 3916	1236	chrome.exe	86
PID 1236 wrote to memory of 3916	1236	chrome.exe	86
PID 4444 wrote to memory of 812	4444	msedge.exe	87
PID 4444 wrote to memory of 812	4444	msedge.exe	87
PID 4444 wrote to memory of 812	4444	msedge.exe	87
PID 4444 wrote to memory of 812	4444	msedge.exe	87
PID 4444 wrote to memory of 812	4444	msedge.exe	87
PID 4444 wrote to memory of 812	4444	msedge.exe	87
PID 4444 wrote to memory of 812	4444	msedge.exe	87
PID 4444 wrote to memory of 812	4444	msedge.exe	87
PID 4444 wrote to memory of 812	4444	msedge.exe	87
PID 4444 wrote to memory of 812	4444	msedge.exe	87
PID 4444 wrote to memory of 812	4444	msedge.exe	87
PID 4444 wrote to memory of 812	4444	msedge.exe	87
PID 4444 wrote to memory of 812	4444	msedge.exe	87
PID 4444 wrote to memory of 812	4444	msedge.exe	87
PID 4444 wrote to memory of 812	4444	msedge.exe	87
PID 4444 wrote to memory of 812	4444	msedge.exe	87
PID 4444 wrote to memory of 812	4444	msedge.exe	87
PID 4444 wrote to memory of 812	4444	msedge.exe	87
PID 4444 wrote to memory of 812	4444	msedge.exe	87
PID 4444 wrote to memory of 812	4444	msedge.exe	87
PID 4444 wrote to memory of 812	4444	msedge.exe	87
PID 4444 wrote to memory of 812	4444	msedge.exe	87
PID 4444 wrote to memory of 812	4444	msedge.exe	87
PID 4444 wrote to memory of 812	4444	msedge.exe	87
PID 4444 wrote to memory of 812	4444	msedge.exe	87
PID 4444 wrote to memory of 812	4444	msedge.exe	87
PID 4444 wrote to memory of 812	4444	msedge.exe	87
PID 4444 wrote to memory of 812	4444	msedge.exe	87
PID 4444 wrote to memory of 812	4444	msedge.exe	87
PID 4444 wrote to memory of 812	4444	msedge.exe	87
PID 4444 wrote to memory of 812	4444	msedge.exe	87
PID 4444 wrote to memory of 812	4444	msedge.exe	87
PID 4444 wrote to memory of 812	4444	msedge.exe	87
PID 4444 wrote to memory of 812	4444	msedge.exe	87
PID 4444 wrote to memory of 812	4444	msedge.exe	87
PID 4444 wrote to memory of 812	4444	msedge.exe	87
PID 4444 wrote to memory of 812	4444	msedge.exe	87
PID 4444 wrote to memory of 812	4444	msedge.exe	87
PID 4444 wrote to memory of 812	4444	msedge.exe	87
PID 4444 wrote to memory of 812	4444	msedge.exe	87
PID 4444 wrote to memory of 5016	4444	msedge.exe	88
PID 4444 wrote to memory of 5016	4444	msedge.exe	88
PID 4444 wrote to memory of 5064	4444	msedge.exe	89
PID 4444 wrote to memory of 5064	4444	msedge.exe	89
PID 4444 wrote to memory of 5064	4444	msedge.exe	89
PID 4444 wrote to memory of 5064	4444	msedge.exe	89
PID 4444 wrote to memory of 5064	4444	msedge.exe	89
PID 4444 wrote to memory of 5064	4444	msedge.exe	89
PID 4444 wrote to memory of 5064	4444	msedge.exe	89
PID 4444 wrote to memory of 5064	4444	msedge.exe	89
PID 4444 wrote to memory of 5064	4444	msedge.exe	89
PID 4444 wrote to memory of 5064	4444	msedge.exe	89
PID 4444 wrote to memory of 5064	4444	msedge.exe	89
PID 4444 wrote to memory of 5064	4444	msedge.exe	89
PID 4444 wrote to memory of 5064	4444	msedge.exe	89
PID 4444 wrote to memory of 5064	4444	msedge.exe	89
PID 4444 wrote to memory of 5064	4444	msedge.exe	89
PID 4444 wrote to memory of 5064	4444	msedge.exe	89
PID 4444 wrote to memory of 5064	4444	msedge.exe	89
PID 4444 wrote to memory of 5064	4444	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa9e7046f8,0x7ffa9e704708,0x7ffa9e704718
  2⤵
  PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,1281720915124563650,2573489071598654912,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
  2⤵
  PID:812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,1281720915124563650,2573489071598654912,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,1281720915124563650,2573489071598654912,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
  2⤵
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,1281720915124563650,2573489071598654912,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:4088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,1281720915124563650,2573489071598654912,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,1281720915124563650,2573489071598654912,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:5928

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa8fa0ab58,0x7ffa8fa0ab68,0x7ffa8fa0ab78
  2⤵
  PID:3916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1724 --field-trial-handle=1912,i,11257260579740788239,4713845976742079624,131072 /prefetch:2
  2⤵
  PID:2464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1912,i,11257260579740788239,4713845976742079624,131072 /prefetch:8
  2⤵
  PID:3548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2220 --field-trial-handle=1912,i,11257260579740788239,4713845976742079624,131072 /prefetch:8
  2⤵
  PID:3092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2988 --field-trial-handle=1912,i,11257260579740788239,4713845976742079624,131072 /prefetch:1
  2⤵
  PID:4232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3020 --field-trial-handle=1912,i,11257260579740788239,4713845976742079624,131072 /prefetch:1
  2⤵
  PID:3264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3500 --field-trial-handle=1912,i,11257260579740788239,4713845976742079624,131072 /prefetch:1
  2⤵
  PID:3892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4236 --field-trial-handle=1912,i,11257260579740788239,4713845976742079624,131072 /prefetch:8
  2⤵
  PID:4540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4520 --field-trial-handle=1912,i,11257260579740788239,4713845976742079624,131072 /prefetch:8
  2⤵
  PID:1164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4668 --field-trial-handle=1912,i,11257260579740788239,4713845976742079624,131072 /prefetch:8
  2⤵
  PID:4600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4812 --field-trial-handle=1912,i,11257260579740788239,4713845976742079624,131072 /prefetch:8
  2⤵
  PID:5040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4360 --field-trial-handle=1912,i,11257260579740788239,4713845976742079624,131072 /prefetch:1
  2⤵
  PID:4344

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2868

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4668

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1556

C:\Windows\System32\WaaSMedicAgent.exe
C:\Windows\System32\WaaSMedicAgent.exe 86b41b3c7917ad2bc8e385b575b35040 d4nw3gWdak6XV7h+wgxoKg.0.1.0.0.0
1⤵
PID:5040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
326KB

MD5
6930ea7c53f0ce009cb02aaff619f4eb

SHA1
93bb7b8749e7e8f074294731776207371043d3b4

SHA256
16f28dd66541dcdac4dc74947b37305a05d20351e57e69662f7e37abef045f8b

SHA512
2806b3203ba93c5acab0f76bbe2d96a782fd65948ba61cdf49cd97fcf5b24ea1f811bf26a7900537b7f3c9ea4f5372d7e2d7998659036841789d4d5451d90427

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
133KB

MD5
da1d252e947bce39c6b4fc3270383195

SHA1
f6e8fcd9d63683e56e457bbf1dfbd684586382fc

SHA256
28ac23c8020d600a3141888b982e3061d34aeaad83fe5993d8e61cf2a70b7bd4

SHA512
320539f5ec40d9bf31f6b9b7c1c99f6c644937060c5f29726b6719f2ff5d2043d237ddcbf4be20055e9b13673fc0e4e025d172bcd51495caf65ca57a689e2eb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
768B

MD5
76335bf042e6720d681dc4d2f48472dc

SHA1
3bdec6e2ecab9e52a4d3c30c440fba165406388b

SHA256
c74c7d32476af18caea37bf791305411b5d8b9af4fa0f3298753cbd7e6159d62

SHA512
2781b9ab3809ed9d39266a4cb4dd88347c8c74fb80f9067820b7f54a6472feb329659d8a064ffcf81f27cc3590b4ebf4654d3e0519b2f805199450c0e7985853

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
c741228c9429344e075ad7db65a486e4

SHA1
dc6d0dd6c02bbdcf50bdd11b7e89aaf604e6c52b

SHA256
d007de08bcc693f6433b6a7dfa2abaf72eba5bc323a4c94c55a9805eed1f1a59

SHA512
c92139b49b8f2e91ee943f589c90aad7642a506c42bb75a884803de7a5f63a0a5605c582aec55838fceef0df16c3c44ba66cc17a7fd8feb8e2a83736c02f26b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
7761a12a67ee515c89df6e1ccf6bb39f

SHA1
f0143ac50d3590e2ddc4ac109de55786afd61127

SHA256
87834e9fefe9c61a6fc70efebbbda1a3b80b5ac780b850d1b83ba80bc57ffad0

SHA512
c1432b959d9daa030ac3eee2538464278d65ef7c5761705daa132775bac6a577b2f8a3261459137d0e0d1b5bcb5d403ef6a46b17f734efb2bf3e96a81d8e765c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c66947752f725e78b2bb78b79a64105d

SHA1
113b51896aa3e10c16ae03442659a0366cce104e

SHA256
996ba18b074e3a8c9405d87860f7355aadb858df4013ab3f301ecda4ad10a183

SHA512
1f853c690decf3f73e1949dee063d403de592d56c1960c788ad602357947fbc6c636b5927a784f9f1af1ae3fc29430bdb8eec29053b8ecc1ae351655962bfa57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
3253c18e728fc35ab89aefec31f10bbd

SHA1
2f16068eaa6b3e289c14e3878e89708c1b0d4a82

SHA256
d6eb63e4c0485a9c5c692cbfaf357fe4b37d8404f1153e9d4b634c98ea9c6da0

SHA512
094fabd56afc6cb5f8cd85634a3a9ea7d1605c0976a611c8cd2700a79e918dfdccaa27937881712a16d7ae97c051ce83b975cd56a39da70346138539fa53262a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c9c4c494f8fba32d95ba2125f00586a3

SHA1
8a600205528aef7953144f1cf6f7a5115e3611de

SHA256
a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b

SHA512
9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dc6fc5e708279a3310fe55d9c44743d

SHA1
a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2

SHA256
a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8

SHA512
5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
303B

MD5
1e154818c4c6d5ff677f1cb87a654c9f

SHA1
cb552474b5d458039182d2bd1d48ae40538233fd

SHA256
05819e3181a605fee82b6107eabaf8ce1a52307e98d5f2b677f740a3ed0cf931

SHA512
91fa4dea3673c395a6b34d6682a4b3808a7e60f4c9e808d12dbe6ec64ebb2ae588e07f040226012af9f071deba749a24d0d95ef716529620e6f125a5617270cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0d46e16c43f71c513039dd4a36bb22b9

SHA1
d0f2e12813a88bf74dd813f071b6d78f361fe225

SHA256
ec198e50d4c02e9fac406046a2e7bfcf81cf554aac7394b21e91438ec8e36213

SHA512
400209fd7b96c8a703f41d7bcf6589791341e7fe9849e890679fb38ab36bfd321c7f624323738aeaf55d95f6e6619e178be6696a4673e3698064ef6daa48af48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
991a2c3697e240d1e50acb5e899d79ca

SHA1
128b459c7a7eed3139cf20057f0056b18cd9f4e9

SHA256
7336ec92bb15e7d0c2c46deb99d8f27ba21abd5c7e723caca4ff76f213620bf6

SHA512
8e44fb9dee86bfa3f21622cc59146cbbde739816b94510d54e8144803f2672c0c90958c8641eae78505222e856012390a5f41ca4745e5d9e9486fa66374892d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
62a79d7719da99ca80208dee684545b9

SHA1
2437ec72ceb7eb35d4436bea0ac4fee2dc5951be

SHA256
61d128ed1793b4dbac4bdaad31ad17d2d63d97e7e77576b67f3b9cd73911b03d

SHA512
2375a660b44eac1fac5f058ceeb5765bd50bdcbd115772b29e32420037cc409a318b844d09b4126d1238c3974dd4ff5312f61698905f3ad51b92954157ae8b92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
cefc7e64bd5ed2ec01f9696e807b5b52

SHA1
85bac8e70d4a6c16c8b6dbc79a3d2cef04639b9b

SHA256
27e89b9f07253f8e0d024f5948a7d05504d4dd68caebbaffea7c959da4873095

SHA512
efae86682bdf1a96d413323f6a7717da1838528523166ebd04ede355c1eb5ba424737ae67f480a7cf37c6f93fbb4aa22f4880c3e071cfe492a2bbc3f43fe3323

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
227a9e54dfa8ce459d1d1352119e2c35

SHA1
135edab55cb6ce897598ebf4942b1254fa0a7ba7

SHA256
2e844fcc17d87d0c65341b8d646f0c4daeb9024509713f793794aabba28d4cfb

SHA512
29ea54629897cb1a61b6a66b2c8a0d0cbaa6046ca1e4345a7a8f6865065fd65c8a07f1df67bd5f7cef42f2065d8b4ab9b846a42eeac664530a2b6ed92d322c16

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit