discordrat | hxxps://mega[.]nz/folder/3ExDlT4b#3AwpMYtmlnh9srWS8RihVw

Resubmissions

02-08-2024 08:58

240802-kxgyratemk 10

09-07-2024 10:37

240709-mn12da1hnd 10

08-07-2024 09:32

240708-lhz2fssgrj 10

Analysis

max time kernel
104s
max time network
111s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
08-07-2024 09:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mega.nz/folder/3ExDlT4b#3AwpMYtmlnh9srWS8RihVw

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTE5NjA4ODM3NDEwOTQxNzYxMw.GXCO_h.FzCXXHzUl_a4K5zaggRAi_SdLV7ZD0of0VLMPY
server_id
1196038125751906374

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Executes dropped EXE 2 IoCs

Processes:

generator.exegenerator.exe

pid process

3968 generator.exe
5504 generator.exe
Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service
T1102

Processes:

flow ioc

95 discord.com
101 discord.com
87 discord.com
88 discord.com
91 discord.com

pid	process
3968	generator.exe
5504	generator.exe

flow	ioc
95	discord.com
101	discord.com
87	discord.com
88	discord.com
91	discord.com

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exemsedge.exemsedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133649048109241456"	chrome.exe

Modifies registry class 2 IoCs

Processes:

msedge.exemsedge.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-771719357-2485960699-3367710044-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-771719357-2485960699-3367710044-1000\{29D623EB-ED2F-4D54-9204-0AE2C52CDD04}	msedge.exe

NTFS ADS 1 IoCs

Processes:

msedge.exe

description ioc process

File opened for modification C:\Users\Admin\Downloads\Unconfirmed 776116.crdownload:SmartScreen msedge.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 776116.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 17 IoCs

Processes:

msedge.exemsedge.exechrome.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exe

pid	process
3420	msedge.exe
3420	msedge.exe
4420	msedge.exe
4420	msedge.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
1088	msedge.exe
1088	msedge.exe
3956	msedge.exe
3956	msedge.exe
5944	identity_helper.exe
5944	identity_helper.exe
5140	msedge.exe
5140	msedge.exe
2792	msedge.exe
2792	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

Processes:

msedge.exechrome.exemsedge.exe

pid	process
4420	msedge.exe
4420	msedge.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2892	chrome.exe
Token: SeCreatePagefilePrivilege	2892	chrome.exe
Token: SeShutdownPrivilege	2892	chrome.exe
Token: SeCreatePagefilePrivilege	2892	chrome.exe
Token: SeShutdownPrivilege	2892	chrome.exe
Token: SeCreatePagefilePrivilege	2892	chrome.exe
Token: SeShutdownPrivilege	2892	chrome.exe
Token: SeCreatePagefilePrivilege	2892	chrome.exe
Token: SeShutdownPrivilege	2892	chrome.exe
Token: SeCreatePagefilePrivilege	2892	chrome.exe
Token: SeShutdownPrivilege	2892	chrome.exe
Token: SeCreatePagefilePrivilege	2892	chrome.exe
Token: SeShutdownPrivilege	2892	chrome.exe
Token: SeCreatePagefilePrivilege	2892	chrome.exe
Token: SeShutdownPrivilege	2892	chrome.exe
Token: SeCreatePagefilePrivilege	2892	chrome.exe
Token: SeShutdownPrivilege	2892	chrome.exe
Token: SeCreatePagefilePrivilege	2892	chrome.exe
Token: SeShutdownPrivilege	2892	chrome.exe
Token: SeCreatePagefilePrivilege	2892	chrome.exe
Token: SeShutdownPrivilege	2892	chrome.exe
Token: SeCreatePagefilePrivilege	2892	chrome.exe
Token: SeShutdownPrivilege	2892	chrome.exe
Token: SeCreatePagefilePrivilege	2892	chrome.exe
Token: SeShutdownPrivilege	2892	chrome.exe
Token: SeCreatePagefilePrivilege	2892	chrome.exe
Token: SeShutdownPrivilege	2892	chrome.exe
Token: SeCreatePagefilePrivilege	2892	chrome.exe
Token: SeShutdownPrivilege	2892	chrome.exe
Token: SeCreatePagefilePrivilege	2892	chrome.exe
Token: SeShutdownPrivilege	2892	chrome.exe
Token: SeCreatePagefilePrivilege	2892	chrome.exe
Token: SeShutdownPrivilege	2892	chrome.exe
Token: SeCreatePagefilePrivilege	2892	chrome.exe
Token: SeShutdownPrivilege	2892	chrome.exe
Token: SeCreatePagefilePrivilege	2892	chrome.exe
Token: SeShutdownPrivilege	2892	chrome.exe
Token: SeCreatePagefilePrivilege	2892	chrome.exe
Token: SeShutdownPrivilege	2892	chrome.exe
Token: SeCreatePagefilePrivilege	2892	chrome.exe
Token: SeShutdownPrivilege	2892	chrome.exe
Token: SeCreatePagefilePrivilege	2892	chrome.exe
Token: SeShutdownPrivilege	2892	chrome.exe
Token: SeCreatePagefilePrivilege	2892	chrome.exe
Token: SeShutdownPrivilege	2892	chrome.exe
Token: SeCreatePagefilePrivilege	2892	chrome.exe
Token: SeShutdownPrivilege	2892	chrome.exe
Token: SeCreatePagefilePrivilege	2892	chrome.exe
Token: SeShutdownPrivilege	2892	chrome.exe
Token: SeCreatePagefilePrivilege	2892	chrome.exe
Token: SeShutdownPrivilege	2892	chrome.exe
Token: SeCreatePagefilePrivilege	2892	chrome.exe
Token: SeShutdownPrivilege	2892	chrome.exe
Token: SeCreatePagefilePrivilege	2892	chrome.exe
Token: SeShutdownPrivilege	2892	chrome.exe
Token: SeCreatePagefilePrivilege	2892	chrome.exe
Token: SeShutdownPrivilege	2892	chrome.exe
Token: SeCreatePagefilePrivilege	2892	chrome.exe
Token: SeShutdownPrivilege	2892	chrome.exe
Token: SeCreatePagefilePrivilege	2892	chrome.exe
Token: SeShutdownPrivilege	2892	chrome.exe
Token: SeCreatePagefilePrivilege	2892	chrome.exe
Token: SeShutdownPrivilege	2892	chrome.exe
Token: SeCreatePagefilePrivilege	2892	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exechrome.exemsedge.exe

pid	process
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

msedge.exechrome.exemsedge.exe

pid	process
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
2892	chrome.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe
3956	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4420 wrote to memory of 1032	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 1032	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 1920	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 1920	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 1920	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 1920	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 1920	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 1920	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 1920	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 1920	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 1920	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 1920	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 1920	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 1920	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 1920	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 1920	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 1920	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 1920	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 1920	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 1920	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 1920	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 1920	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 1920	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 1920	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 1920	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 1920	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 1920	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 1920	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 1920	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 1920	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 1920	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 1920	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 1920	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 1920	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 1920	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 1920	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 1920	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 1920	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 1920	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 1920	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 1920	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 1920	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 3420	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 3420	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 4204	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 4204	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 4204	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 4204	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 4204	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 4204	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 4204	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 4204	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 4204	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 4204	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 4204	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 4204	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 4204	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 4204	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 4204	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 4204	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 4204	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 4204	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 4204	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 4204	4420	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mega.nz/folder/3ExDlT4b#3AwpMYtmlnh9srWS8RihVw
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffddc9446f8,0x7ffddc944708,0x7ffddc944718
2⤵
PID:1032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,3915927952028172846,3988909109677289662,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
2⤵
PID:1920

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,3915927952028172846,3988909109677289662,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,3915927952028172846,3988909109677289662,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
2⤵
PID:4204

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3915927952028172846,3988909109677289662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
2⤵
PID:4852

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3915927952028172846,3988909109677289662,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
2⤵
PID:4784

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2892

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffdcaabab58,0x7ffdcaabab68,0x7ffdcaabab78
2⤵
PID:3272

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1824 --field-trial-handle=1928,i,1209644992365444416,6624693268831722789,131072 /prefetch:2
2⤵
PID:4888

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1928,i,1209644992365444416,6624693268831722789,131072 /prefetch:8
2⤵
PID:2080

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2240 --field-trial-handle=1928,i,1209644992365444416,6624693268831722789,131072 /prefetch:8
2⤵
PID:208

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2988 --field-trial-handle=1928,i,1209644992365444416,6624693268831722789,131072 /prefetch:1
2⤵
PID:4768

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3248 --field-trial-handle=1928,i,1209644992365444416,6624693268831722789,131072 /prefetch:1
2⤵
PID:3920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3812 --field-trial-handle=1928,i,1209644992365444416,6624693268831722789,131072 /prefetch:1
2⤵
PID:1832

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4528 --field-trial-handle=1928,i,1209644992365444416,6624693268831722789,131072 /prefetch:8
2⤵
PID:3640

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4668 --field-trial-handle=1928,i,1209644992365444416,6624693268831722789,131072 /prefetch:8
2⤵
PID:4064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4588 --field-trial-handle=1928,i,1209644992365444416,6624693268831722789,131072 /prefetch:8
2⤵
PID:2792

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4076

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4720

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffddc9446f8,0x7ffddc944708,0x7ffddc944718
2⤵
PID:3828

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,7258211440747527899,15585166609159007422,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1992 /prefetch:2
2⤵
PID:1184

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1948,7258211440747527899,15585166609159007422,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1088

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1948,7258211440747527899,15585166609159007422,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
2⤵
PID:3640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,7258211440747527899,15585166609159007422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1
2⤵
PID:1700

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,7258211440747527899,15585166609159007422,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3584 /prefetch:1
2⤵
PID:3308

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,7258211440747527899,15585166609159007422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4060 /prefetch:1
2⤵
PID:5392

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,7258211440747527899,15585166609159007422,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
2⤵
PID:5400

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1948,7258211440747527899,15585166609159007422,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3700 /prefetch:8
2⤵
PID:5736

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1948,7258211440747527899,15585166609159007422,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3700 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5944

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,7258211440747527899,15585166609159007422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
2⤵
PID:5952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,7258211440747527899,15585166609159007422,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4364 /prefetch:1
2⤵
PID:5964

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,7258211440747527899,15585166609159007422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
2⤵
PID:1540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,7258211440747527899,15585166609159007422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4364 /prefetch:1
2⤵
PID:5584

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,7258211440747527899,15585166609159007422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
2⤵
PID:5716

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1948,7258211440747527899,15585166609159007422,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5640 /prefetch:8
2⤵
PID:5032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1948,7258211440747527899,15585166609159007422,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2096 /prefetch:8
2⤵
PID:4424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,7258211440747527899,15585166609159007422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
2⤵
PID:5068

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,7258211440747527899,15585166609159007422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
2⤵
PID:5580

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1948,7258211440747527899,15585166609159007422,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6312 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5140

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1948,7258211440747527899,15585166609159007422,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6592 /prefetch:8
2⤵
PID:3312

C:\Users\Admin\Downloads\generator.exe
"C:\Users\Admin\Downloads\generator.exe"
2⤵
- Executes dropped EXE
PID:3968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,7258211440747527899,15585166609159007422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6308 /prefetch:1
2⤵
PID:5908

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,7258211440747527899,15585166609159007422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4284 /prefetch:1
2⤵
PID:3048

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1948,7258211440747527899,15585166609159007422,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5320 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:2792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,7258211440747527899,15585166609159007422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2816 /prefetch:1
2⤵
PID:5244

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,7258211440747527899,15585166609159007422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6860 /prefetch:1
2⤵
PID:1420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,7258211440747527899,15585166609159007422,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1856 /prefetch:1
2⤵
PID:6036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,7258211440747527899,15585166609159007422,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6836 /prefetch:1
2⤵
PID:568

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,7258211440747527899,15585166609159007422,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
2⤵
PID:5640

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2928

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3012

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3f4 0x3fc
1⤵
PID:5736

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5296

C:\Users\Admin\Downloads\generator.exe
"C:\Users\Admin\Downloads\generator.exe"
1⤵
- Executes dropped EXE
PID:5504

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
d2096b85f8138c9669911559454f20e2

SHA1
fe8b886470711e0df3eb5ece0929a580a4ab9b72

SHA256
e752659017240bc23b1a90bcb242685abac674dd9cbef1f04ef6e1411585be67

SHA512
c33cb777c519d8fef9656f6f5608617caf252ff0c3171619dcf1d5382d464269ec92bd6b090d840b252d1e112704b2d60f1843a91797c4d677d106b9cc95f7a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
65ac99780f50beb592f3b685c932cd03

SHA1
13a0ed08f3ed2e99c370b1958e77beea45423412

SHA256
1e704a44e2fca791c2059e57461112f16acc6914e408d2f3c5aac600a5d59f63

SHA512
9f9b48f00bb1b148211d8fd13520317c3969319637292ff2ee0609d3c9aa909f2d826bebdabb504ae239a9702406dbd391a38ed0be5210a77c27ee8c0bcf2587

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
d2d95c2b203143237ec740733fbfe86e

SHA1
d548cfecd681726dcd72574b25cc1c2a8a09a558

SHA256
1abc60917d5ee400f75e9b909671ce84e9fb23fadb7904bd80ec7f0fb1eaf88c

SHA512
9c49461a6c06f3e1cf985416a2ab42f41a40a011205b8f6344a2f5aa94653dcaf77c70955b1e0933bd8c7f70d56aa834f169e15fac362efbe7445e4eadf23efe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
16KB

MD5
9523e0e210c949f2c2e71bdccca62e15

SHA1
cfe81507efe69bac99557b8354695318d48ab126

SHA256
e470a9be53dd276d166574577299ffc95889425e9455315752828b192854cf2e

SHA512
be5281f78d6dfc1db4ebe2286ee89b8ae07b9208adef1ea7f0f6617b1c7d341bfe678b1a98cb947f1a7c7a08046d560ade9e640f618a8a62d47abf946880055e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
285KB

MD5
7bec6d06d7fa448f6a335125b55e53c7

SHA1
1a615d9d3e9be43a302d73fe18a8aed10d8a2c2a

SHA256
306d75b5ba63a7232c2cece98b51f81fcc5a78940c4993e715bae41a1bf41bb3

SHA512
89bae5198d28a365f140fedd82169f6498019e5122fdf34a7b93d1a36ca1d819ea586fa30ecbbc25b060c24b6d8ca9b6c0977f42892ddd6258aa820eb90d4647

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
fbc957a83b42f65c351e04ce810c1c11

SHA1
78dcdf88beec5a9c112c145f239aefb1203d55ad

SHA256
7bb59b74f42792a15762a77ca69f52bf5cc4506261a67f78cd673a2d398e6128

SHA512
efad54eb0bd521c30bc4a96b9d4cb474c4ca42b4c108e08983a60c880817f61bc19d97538cc09a54b2db95ab9c8996f790672e19fb3851a5d93f174acdfac0ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
34a96d6f092348644f69f7708f903998

SHA1
398770a7f4cb15bfa3b3afb198b9c6364bd47c9d

SHA256
75a938c442414146b4a7b2248f9eac6120726d87318772395c1c0fe533e86cdb

SHA512
65435fd45e8549ff1b78ecfcf26e0bb82d2b44f52bc7011d278d42cd35800a8912f09eb5eff5ef0ddc039a70dd215e30eb59078255c93f175d3640d4f67c382c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
9165094dfc36bcc0f1b031ca6eedc62f

SHA1
0343ad7a1585f45939289431d8280ed4d1f0b29c

SHA256
9efbe48a03ced5dbef692c028a01ecad74448157a023521e544d3bb2b8da5a8e

SHA512
edcaffc3edf4359e79f2b67c12f73a821a6cc418dcb68e8b09a8f16f2c64e8678c95b281c842c72b83ab108951752c2bf33d1b63d8c0dd2b8c5538a8f254db0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
5b6ff6669a863812dff3a9e76cb311e4

SHA1
355f7587ad1759634a95ae191b48b8dbaa2f1631

SHA256
c7fb7eea8bea4488bd4605df51aa560c0e1b11660e9228863eb4ad1be0a07906

SHA512
d153b1412fadda28c0582984e135b819ba330e01d3299bb4887062ffd6d3303da4f2c4b64a3de277773f4756da361e7bc5885c226ae2a5cfdd16ee60512e2e5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
Filesize
44KB

MD5
3d35422232d1f9d571c06a489d28f7aa

SHA1
a26964ae30f10e66ed19fdd9f1ad8d3fb67c3788

SHA256
93690b3a78518097076cbf544e85472487bccaf836967347daa95e41c35031b4

SHA512
b30c2b07b86b1cf462ee23d3e34a9bd8c3f05f355b5dcfc64cd79eb8520a0900303e8f24f65f6e42a5d97c69ebb3ba543bdd3b82715a20f69bcf18fae0af93f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
Filesize
264KB

MD5
92dc81c8453ae4e40b792d4c005a1e0c

SHA1
f9dc375191f03c51f84d65f96f0b0ff60d9270ec

SHA256
73bcbb124197e3522abea217ad438db8fb5541056f53b6cf3ae6af985c59871e

SHA512
0dc1c7225948e521f3aeee650a4f27e0d9861e92e51ec929f82046550f94cd205642400c2e29059753d5f6ee54809ffd9ded7097d728b97c32372ee5fdda94ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2
Filesize
1.0MB

MD5
030810f494823140fb6f4aad0eb82281

SHA1
9e915a436d2cad957f0b051cd314ff59b2d5326d

SHA256
9b122bd3030355b2d1ebc6cf3a689bf490aa12b5be087b6833a5b1148e380b88

SHA512
720cf25a4d86013f7d0fd8f9a87cf0dd41209d8f98d7ddab07a66b7e1befb5a1291449af97141eb9844861e6d8f167f4592b5e106bc4c55ca29c4830bbfbed02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3
Filesize
4.0MB

MD5
fe2781bfeb8f9a41cb0a25d8bbe7de08

SHA1
76b749480c1fa149e296e7957ac44ed74acd28e6

SHA256
0050bdadfbbbcb642373c5d34e906ab5ea5c738f457f99769c4d8ea87dfd9923

SHA512
105631f82d4c9562bf3042d9293f050e4aad9c5cf0e231f0b000ec5da56ed57f29b6827d5b03eb58b401db61124efffca0e809801a9dfce968aebdcbf9adc098

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001
Filesize
94KB

MD5
b09b52f58aa4fd322d49371885dad09a

SHA1
9afca8c6bea9727056256052d776a270bbde4039

SHA256
760461a3b3b2f06e5e87ec0a757f8f19e33fc2f52bc594f634d3d6b34a31bf38

SHA512
1f3f8d7a626c739e88a5d8a7f1290a6b71d502adfce7f729649a8422da2e84d2a3489f5c8c81c46e09875ef0561ecc4f84f264a024d830ff4c31c51c75903e9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
Filesize
112KB

MD5
de72226d6fc581f94b7a31e63906ca86

SHA1
f5884d962dd3f69cf8314d053ac607d01d796c0f

SHA256
357c43fe812392a57d6dc46b73ce980faa0f6c3aaf9c57e33881de0290656e7c

SHA512
5e07180f96d50ddac9c7578f070ee4d222418c5bfda105dc5f2bb4d49c19e4dae42d13ce6e2c77141703584ae040323420e570982280f5868b587e5e796d3e57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023
Filesize
21KB

MD5
b1dfa46eee24480e9211c9ef246bbb93

SHA1
80437c519fac962873a5768f958c1c350766da15

SHA256
fc79a40b2172a04a5c2fe0d5111ebeb401b9a84ce80c6e9e5b96c9c73c9b0398

SHA512
44aefedf8a4c0c8cbc43c1260dc2bbc4605f83a189b6ef50e99058f54a58b61eb88af3f08164671bad4bd9c5e3b97b755f2fa433490bef56aa15cdf37fb412b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024
Filesize
36KB

MD5
f90ac636cd679507433ab8e543c25de5

SHA1
3a8fe361c68f13c01b09453b8b359722df659b84

SHA256
5b4c63b2790a8f63c12368f11215a4ffec30c142371a819a81180a32baeb2bce

SHA512
7641a3610ad6516c9ecd0d5f4e5fa1893c7c60ca3ba8ae2e1b3b0cc3a72f7f9bef4c776a1f2fc52f366bd28a419ae3594a6576e886e79a20ebd98b55b2acc967

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\85dd09840061839e_0
Filesize
196B

MD5
ca23eca0447df07d20bc9f1e147db000

SHA1
192cc13d8cbc38d7006b4fbf94497b2cd12fad5b

SHA256
d2032841b8f013e7715fe80086820ef101aaaf5b2a33c6fea6e779d7dfe7022b

SHA512
60eaed3faa7158c16c5d55edac13fdbed342065109204d58801dfa20ad1749d5c9131db3b6a22845a0f2ba12fadc191b2db18fc7fc16a1649b2a839100594ee5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index
Filesize
72B

MD5
5afc5efbe47fe6f87a467946597f2806

SHA1
a896916f9f3ee631cb4fca3bc835f785eeebb866

SHA256
acaebd220cade987443b5f2b19090ff6345d0eae9343c656f4a04776a769a9dc

SHA512
696bca7d6e713a1dfb1929a62227f5e9071082d128087cf02fb381e57850850ea6784125069a3eef2fee1d871bc463379a481a75673ffd183211df0052d4cd8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
72B

MD5
6dcb2c9f8d020dbc08723b6bb885a653

SHA1
96e1df46d32c51b9cf8fcf0e017bac47c90fb57c

SHA256
d1abcd0bca98152d9298f690f5a9a95de0cee743b67338de07ed089a7c60010f

SHA512
ef38a85a062fcf3b031329c5a8661bebb88e0c87bc74e9889e1ca2543dd5705d8ac9005e2e83d19ba0c389013671a42e561fd65dd85ebc28a60b9810e042c9e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
Filesize
319B

MD5
2c60f7a31f7ad96185fdc953a88bf902

SHA1
4e7265edb34eace3a57684bb337c0799e3d88f31

SHA256
4c00292fe42558d4ca61d3d360721007778c7ecfb11ae8e1d8638cce20cd0c75

SHA512
0055fd317b75417d9d34be1c8259a9298873c65ff3c21c7263dfefb4a3bcc1ff5ec1eb866e12c923f2d54d98027cfc34c84e190c130028e611fe8c7dc495ad8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
Filesize
20KB

MD5
21cf2292181df1cf4aed97afaf54bf3e

SHA1
82b3ebc9b6bf7c2e6dfe6a4dbfa64c2a6a3a49d7

SHA256
33e2e26bbe7885eefec7cca94fa97a18e30880e6f06413204d54e033b06b4efb

SHA512
8876bd4ee39ce0aabe62f046f2567168a8074c256f204cee5a4ddfbe1314b16c28f16807842f1dc5b293cbbb3c18a23a3db82c8c8a0c8270bf7c0d6723874650

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
Filesize
124KB

MD5
95accc5f7210bc9ab17227fa668ac44b

SHA1
513575b5d3883646a21d9d39edf19b6f352025d0

SHA256
22709b52b5b85c1e6b970a2709f4239e34f2b846427576872514543a00531d33

SHA512
1551366f9906d98fa6cd28d514bb11aa4783faf5ed196d0b15f05ab5f7c9584d8205ceb348d9696f466f3860c7fa837148bc2b4db61e82f10e45a801461350f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
Filesize
652B

MD5
358d89aca550045ca6a4ec183a3e7998

SHA1
54ef9a33efab5bd2747a40a7aa6eb207d541fcbe

SHA256
3cd33bfa46b51d7b68dc26431b0be0abc6bffbdb9d8b257150ded40df6c7874a

SHA512
45a18cc383eaca8ccfbbed9216fae0eda8837af8e1b9ed097fa4f41b5d761709b01b00c3b92410615590e5d9acd639528cc425683cd5d20c55c17bdfa32ef92f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
Filesize
20KB

MD5
a991a89ad2d56a875a0a919d68d53805

SHA1
720783451b6a8baa77c8597b0b1e3db4f9411948

SHA256
f51cfec45e7aecd7802b4fd289d5dde85ab7bc735e576854ed2e1c1bbfc9b568

SHA512
c16b47e5c72507cf515dbfcb592ba46e439a47dac5b3f12ff86306de538101afa71684699a45644fbd6c40bba0c19cac93edf21ad45486debc0a87843d33691e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
Filesize
105B

MD5
66f8dd72513b99b659f5e96ad284fa79

SHA1
7b366941103b7ea4d48cc4938b8fcbd4533a7bd4

SHA256
6bf4fb19d63e66a4f6dba1efd2439bc73ca21670030550a5682b323fdcac2176

SHA512
aa7710ad8714c96f975645acd0cf2a9613b320210ba3457039f85f1291af965c1e5fbe63f85576eaf36e3aed652f9c385b5a188565d4bb18f3e1b42f6e4d44a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
Filesize
331B

MD5
3a70fdf8348cceea27e756c7111bbf4d

SHA1
c1b282cdb4caefe45e493173b48f489e76a751ff

SHA256
f9072e18a3d29b265f1cc7f98402db87de9796145b6984192c76ddf841b407b4

SHA512
737d9ed2a9ae000ecd060a96c34b8f65d9cfaa4f928c9421f77522bb2d5c1f9a5398ad84d06a833a307f0618da9e78c69fb5b44b6117d3fffa8658cbbdc4a972

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
188B

MD5
008114e1a1a614b35e8a7515da0f3783

SHA1
3c390d38126c7328a8d7e4a72d5848ac9f96549b

SHA256
7301b76033c2970e61bab5eaddaff5aa652c39db5c0ea5632814f989716a1d18

SHA512
a202fc891eace003c346bad7e5d2c73dadf9591d5ce950395ff4b63cc2866b17e02bd3f0ad92749df033a936685851455bcdbfad30f26e765c3c89d3309cb82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
e12305431c2f60f95137ebb66b1ff064

SHA1
aac0753a2b99ce858ce6a011b06bf7650beef119

SHA256
7b3b92e9fc6bee919b50c583e141c0618f7b8519ff27e3f627bd9914bdba36f4

SHA512
794eb732f177fa1c76621e61f4cbd8c50d410026041af7928b3db116027398611e33f114c72b6e6f11806a6b800a8ffd3c07c207720f7633cee11f9936438dd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
64a9695fc58b37dc011d396aedeb19f9

SHA1
100955011e9ef625efde8a7fa2cd9b942f625241

SHA256
11438953ad6153353f6f0514a6d0f8f844237f7b46d77ef0c56d28c7e30d2966

SHA512
70971e93e413e76e2082bb4a66425dea1f6801d66f8426b61164e5144d3e0e069d9f4834949dec0b2c0d5afe3e4301504c666f8eae28b14efa769a0815809e73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
05eec30e853c3653539c434878e0815b

SHA1
062317254859a48bbf501d6721c785a0e68256bf

SHA256
c01e5fca8648ef8e97c33ae7f7cbc8e34b428c466e7c83f1e3cbda82208fde09

SHA512
dbc9aefec9175230cba71fb4f2e311ba6c44d831a611550023e1ee47c09effbb082c34601c10e15475753ae1b61e895907dfff41dd2a409cd29b43c079dd01f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
3aa0f14cccc00ed7eae8714d387540e0

SHA1
3554a37f38d432f09eb688803d8a29c25a7f2612

SHA256
dbe6af9f119cae79c02de944d90019d715457754e34f0c2b0e584154cf163aa4

SHA512
745987e9a5e71a5f48f2e36e866d07a617d6e52b3c98f55b3caba35a45442433bdeb983f8f90d854263c28917a101d1056b5078cfa8774aad71dc004e767d501

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
6fc9a0da1b69c74bc8e214418d7d092f

SHA1
be9d0f436c7be11206f89f056666d5541d67b3fe

SHA256
e28520e9c1f571375eb3becdc19dcb9bce29f3a9c769ae59d6cde8ec24fcbfe9

SHA512
820cf493bb331d681a91ab8a6709c0d9d95b058fdfe5978b07769a780c2e8952a3cd1730cdbd5ddffd06eccf068f339a7d60f2c23969f12f126bf9f3d8ea521d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
311ab3f48d4d9d7476ab7c7e9f59db5a

SHA1
a612c2b591d74e312537178799ccd35858c81ac2

SHA256
fabbd861c3e9ed9c317f717df1a568100edccaa66dbba57dfe16ffbe5126a5ef

SHA512
09cc2e76ecb841c365fa0290a3fc22263abd1f08dfa8822b38c1a0fcae5275617f877860712a34341ed883982e7b0430ba400232a25ee449fc113405411e0d8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
a5a9b5ab18f831077d80983db0ff2455

SHA1
4f33907c6c90a4868af5ed3ece48f64e4033bdd1

SHA256
2aeaccd87cb464e0111316856ffb6e14564b5cc7c33d6a5fc50803d7be493224

SHA512
0388f0f6bc848aaa0774a267dd60b71b5cb9314d2ad8ab3f507686fc40162c78555fe48a5dcf59fb24b65a4617f8fe53af8106c66e19cdfc3ed7ed713dd15a07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
50e00df7714709c2effe28cd2bc44ff9

SHA1
3abd5893d9d13e5cc9b8a2d756996e0fd418c544

SHA256
f272add244839dce8cf856fe2e8311117c8ff348443461446b522b59cb37c2a2

SHA512
44b69d1aa0acd8d1ba89f4f8f041e2510a7b5f994a26c2feca11f3f41a440b26e2a4bf3a72f00a034f0d5b9a7858c47949f74ad9e5d5a540833dd790ed41826d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
72B

MD5
b046da001e274a85793177514d25b224

SHA1
c151fc6823058aa5a3abb494e3039adfeb8ced7a

SHA256
897d0d6dd05547c002479e81222ec08ac4c5547fe0845692f36bbf739d00d402

SHA512
92502805149d69373d2995304ffdb27fa2e4656b4977bb1ba03b8126edbf9b86d1dc3937b29baa7673670da9defa2f97633b971e1a1316a880e62d5e992af93a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58af94.TMP
Filesize
48B

MD5
c7e449bf875055c686a380d903c5cb01

SHA1
dd6014b1eaf52cb7fbfc918c7e4681458cc14378

SHA256
08fd5f73285a0e5fbf1943573855ad8db2d8b57c0ed3563dbf6a93a70d42227d

SHA512
5de0d651e2894f350a220ff1316e474ec99a6a49959a830181699bb574411b2d9aa2193ae95d580f2e4e9739c4b9975dd3abf50d0a00a7e996402c4e70d62629

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
Filesize
343B

MD5
8045eb6700c176577e9c03b6233ab8e8

SHA1
d333e848149011fdd6986a8700107a3f8a79e028

SHA256
4ee02f39995cc2808d12c122cb7c095eed1497c8cebca5e474ec4295c034c392

SHA512
60923900217c4acff921dd6adc782e73f8018bcf4a5d2764c22fc646078b2090552608b9f6195c78aab68bde8eb0820826f46e94e834b8121011121b61e73493

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
Filesize
319B

MD5
6e87424f558e662ecbe5a9eb940fea22

SHA1
d7abc1f456d7585f76dd46579fa571584d27a604

SHA256
fd14e497681b07a66bae14b89246a018cf12ef5598ffa63908f410fd6c7838ff

SHA512
4d38ddebe9ae5c7b20ec96b6f0776653478a6b86a66c77b8dddb2ba7e319d2040adbae1f0a40e296a993564fd2c514646523eb8c4d21a7cf74701d26b8ca0466

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13364904798489613
Filesize
2KB

MD5
868ce7660e5bd386ab31d6a71127b31d

SHA1
f78ccc9e6f753b7608463817ffb421125bfbf13a

SHA256
5656e85242fe0658a61e9eba55e0cd95a977b9990f4ddc2165a7ecbbe5d92442

SHA512
7a2f039c91f99e08d0b8453771e855349a749104f83dd251e69523014be747aa687f3a36a0fcc5a60b768222cce53d8587cf53be8f2d4a10d927feabd24270c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13364904800928613
Filesize
2KB

MD5
a937a82ddbebb9fab0fe5e824508e54c

SHA1
1b19a42b47c22467064ae28017d3912e113f4740

SHA256
6c5d02280da383bfd78abc04cd00f0baadbc260deb23ef593780ef738f20782d

SHA512
abed2aa4295057e34c1cd73d6d0264c6f8f08cb68409521b5ce4ee6f671745c629d98240bc83555cfaaef02a706eac7c2c43bae36fd0dd65b350c990d237e4ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
Filesize
347B

MD5
7db110f94b42ed801bb0edfec67ed719

SHA1
3ea19bb174e5fbff81614e448bb8256cfef4eb26

SHA256
a349912999aafbf1e01334bef5523d881473be4844e632de66bf1d9d21565ee5

SHA512
2a87d6d6a4c682f240e6dbaa5f32039461503f8a2f89c6ecc1906b9e51019f2bf18e0715c63172d0eed6a068a8869689e365b8f6fb8191115b3c2ff135109481

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
Filesize
323B

MD5
36ae8eca46095507638a7b36980bde4a

SHA1
cfd97fe76c2ab7c3176513caa8c3ea91544c485f

SHA256
2f9f9fef7c78a09c970f130195a1b5a174b8af5edaeef29444ca6f7fa2380cf5

SHA512
ed24ccd39b333cf2aac0e49d11cbd5e042a89f4f566b6cbf09187c5a494d442d6637963f25bab824b3932ea7751b2812cd648e9a31df37b611ddc7238e37573a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
203B

MD5
ebf091100d489580f792ae08b26c7471

SHA1
d85b4f25fe6f92dce3b2ba3b07ddee43c6dcc2a5

SHA256
bba361ebf3b385070b5d9682f58be0e99ed81aba050f64f161151babc18d43f4

SHA512
923cf0c80b71f117ced3f163d938f27de0c74e47151897c11723cf04073097b0e26a3b16062a0ec44abc42088c26a5031031ce1df1c6d50f599ff2f5f0c77f6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
203B

MD5
aaf911541c4f75ad81dcb6ed3d2fd98c

SHA1
0caaab51103b410f30d55476abb4391b44d78960

SHA256
68fb9610bf54cc90ddcdd9e41468252aca0963f1fc732b04fa2d6f9dc29cbf26

SHA512
92ded17bbf873e8441afccb6222328927f49430fc5221e365a7a76f250ed66efe55a67f1628cc96511fdcb0e63053c18d28a5d4c25cee3d3c714adda94752095

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
705B

MD5
fb80dbc99ab749f8960d9906487d9115

SHA1
45190ae4b83b19dea7aa974fc323448be2be3d96

SHA256
2ff903e9be2a23be1455daf8d3c93aa2e33a92ed02404b0a7e5c5b97da606dd4

SHA512
8142c32d91d25e3ecb68c90b02ba5ce41776e75c689b2d220cc25786ca23473d84395f22dacde82be87b6ad1452b34690ce3c13f6912c753ac8b0e01580322db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
Filesize
128KB

MD5
f6e64ccdf913288876ae2b17b697eca3

SHA1
b9c04b9f8ff0d2f61379404593c7724440ccaf2e

SHA256
97b17d62f80d7c75cb82348a8ce3b79d65df719dd2e6d8d0ae0f89ca6abde0d7

SHA512
7f6d68cd29747937ca24cffeb24ac5a05d00ba129ce11bbeb580d877f2c02e265fdcd7ade4da82770659d97835388171577a824bbbddd9a7ddecfd3d69e44b00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a183474e-88d1-4fa0-87fe-8bc6df574bc8.tmp
Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal
Filesize
64KB

MD5
2c7b60240b4c4af2393e05ec696f5fae

SHA1
b1483496a46a48ecff885af1714350078c708fde

SHA256
6a57666551e129749d352b54709b396ff97bf0109d9e6dc3d239fb84e8d9352c

SHA512
9d30c0d995331123b0ab932c134c3e8edb23a322a59535d4dd9f8d1af6321f3814e9e20b77c3ecefdd2cf5c3ba0e9af63d9fceb537d5619f0811e80437d248d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
Filesize
319B

MD5
d62d0056492abbf99ee2b63626f5ed4b

SHA1
1e9cfa8db0706610e96112a45d21e93857715162

SHA256
4b0af99d84cdbbe5eae905aa8a5defcaadc0b48e94b119ef187f5a3dbeb9507d

SHA512
094f52438fa8e8d74632263733f95760d3663e199e6df29e47e95d0382434b4fb9f23173cebf15d5c4a4612d26591d54e212d9adb6892f07ce06a520f84cc4e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
Filesize
194B

MD5
a48763b50473dbd0a0922258703d673e

SHA1
5a3572629bcdf5586d79823b6ddbf3d9736aa251

SHA256
9bb14ea03c24f4c3543b22a8b4e9d306b926d4950cfcc410808ecac2407409fd

SHA512
536406435e35f8204ce6d3b64850ffb656813aacbc5172af895c16c4f183005d69999c4f48f948875d9837890f290b51a7358ff974fb1efc6ba3d1592426cca1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
Filesize
337B

MD5
ab9cc7b0295d28e44d4f33a871b4b6c2

SHA1
3eea83662c9da0731bb3a5fd3cfe1c8132b35a8f

SHA256
f9398a5b869fbbcad1232f499048f9a598242a043ab4c7f5b5dfbe797f7003f9

SHA512
2221c22ce61c96db0c4d22e4c6efd0499df6b477e5507e42b05443e0df7455b7f222fec9e9cc48069bcc14e63ad9bd97dcfe4ab44a752b9254a1e567c0a2d63d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
Filesize
44KB

MD5
f9eb259c36748c74ceb94b080838cfde

SHA1
e094bdc279564c1525e74b8dcaf76a922ed57a7f

SHA256
e5020d662df36817145e2d80116e95dafbf8cfae58cdcd59958420a92e3139e0

SHA512
d8c13443eee55a9abda443febc39171e66afce387fef758b4ab1d9e6198189a3353ca158ccd422cce4936568005dddad279c30ab955edd946ba543a958067e17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
Filesize
264KB

MD5
b0f0d38ca9a7b38655f4788a61c6195f

SHA1
16b6772772d08d1aeb82073e4c80744fbf9b9e2b

SHA256
dacd7196ba2a6470f72c81849ca26b9bbf52747a37dc8ff12dd78910c7f3bdab

SHA512
044bf7e08a5e7735ce101b7a1bb46fe888396257f61aa687be022c2bd26a63c26cf15e7c19e74e26fd5f6c5e4cf2ab5070dd37b9d519de911f791ca17c7a886c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3
Filesize
4.0MB

MD5
8b533dca1d772c29d381d3cd79675080

SHA1
6b6482c75e2b4eb74452c06ce83a1819b0670dd0

SHA256
344a2c6980e868de51c7760465a41dc5210591dd97c7ea7469124f0c3b5df22a

SHA512
e2e8044b1a112a7b344bd5c441a376d1fad09c803fb5b8a2690d2b23abac048a74abf914168112522cb5dddb7c353672d1c71428781a12836096bc15f281bb05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
1cb4a76fdeed6b42c3c6b24f9c06ef72

SHA1
c53643cea05bd99344b719052bb53dae48b2be13

SHA256
95de711642b7e561d0f5c99d12b2e2fd94d9ba38f4ff04e5d830f8c427002b64

SHA512
81b288e151237569f35383ad3736c8885cd57dbd151ff665f329f5b8d2f151c242e3ab614d824aff5bf3d71c302a6f4e18f1f6477271dc828eed041a3c0eba66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
14e2f2d978c22d382cb17dfd0f7a5417

SHA1
ef105150d98a9b7b2727ab80504d95fd2bd51818

SHA256
27aead82b516af2a5f231c1cd1b93df0a58640686f0178a3e0ee45a57cd6362b

SHA512
3b1e7bb89e2762e049fa1f6f97f9631c86eac917cc6042d524900e58d1443cf758064f3994502e8b1edb3ab194944c9eb5d220f9b8241b9b67a02466e5f31bad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
a65c78272ee4f9a916c6522faa79b80f

SHA1
3c780eeda98b569e6f6f4fbeb820a6b97c8fc60a

SHA256
ce843ec1627872b1c04aeb5f9310a39fc365f956b3163b454fe05dab9c8fceec

SHA512
f6024e02135c1153f096706e86cdda9f5f2cbc1abcc9fd07c858502eeee516055962ef6a6c3a805a1f1b8c3a223a5d48babfa542cd96d54e090cc5c8cbb98953

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt
Filesize
5B

MD5
fff956afcc8a2dd2583480ded8aa4035

SHA1
2d051579867e9c6edfbc8c52d39aa879de7d824a

SHA256
735532b03131d69dce47d1cf2bf6808376e51cb7d37156c04c80c4b508d91aa3

SHA512
165b9452542564bc547ccc250900f3b20764f37b4d5fa0f9d7666c1ed67ce8f093a009a95444889919805a87c04b34fa25dc4480d4060ca17dbfba37ab03de4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres
Filesize
4KB

MD5
63d1b777effd9e1ad737ef78e7c6382f

SHA1
78eaffd3c3bbd63958c510778b679417c84c76e4

SHA256
8258845460b40773247afde232a9ad04c976e531fa97e6f538329927746ca758

SHA512
b352aca94b3dcf290810d98bf2d927b0a988258a055b6b5969dd6cba816fabb9fa49d713721f004c275b5f73bc3c4c9f026bcec576b4a7b3fe4a7455e500d313

Download Submit
C:\Users\Admin\Downloads\generator.exe
Filesize
78KB

MD5
31bcda599c19f1632e95d5a507e0ebbf

SHA1
7c005dab2c1ffc4daba3f712a9cc2d8938fb8a4d

SHA256
f65160ca4fdef810b8f508ff89c5d6aa179f016a406daa6821cf547dfe6713ce

SHA512
575bda4b684b9cf786e2de32b69d5df31e49f15964113260b74058027a305985ea0538276717547ac630f1d07ef84913b5c21e9b32df6d28db0c5da637f944e5

Download Submit
\??\pipe\LOCAL\crashpad_4420_DUDUDZOSXGIJLBNT
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/3968-473-0x0000011BFD0C0000-0x0000011BFD282000-memory.dmp

Filesize
1.8MB

Download
memory/3968-484-0x0000011BFDAA0000-0x0000011BFDFC8000-memory.dmp

Filesize
5.2MB

Download
memory/3968-472-0x0000011BFAA80000-0x0000011BFAA98000-memory.dmp

Filesize
96KB

Download
memory/3968-503-0x0000011BFCEF0000-0x0000011BFCFF2000-memory.dmp

Filesize
1.0MB

Download
memory/5504-556-0x000001F3F30A0000-0x000001F3F31A2000-memory.dmp

Filesize
1.0MB

Download