hxxp://silaspuma[.]github[.]io/powerpoint

Resubmissions

05-08-2024 13:19

240805-qkssdaxbnp 10

05-08-2024 13:16

240805-qh5zxs1bpc 6

Analysis

max time kernel
149s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
05-08-2024 13:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://silaspuma.github.io/powerpoint

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
11	raw.githubusercontent.com
97	raw.githubusercontent.com

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133673374650117872"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-661032028-162657920-1226909816-1000\{87985D35-C6CF-480E-8A62-F6CE147E1418}	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\PowerPoint.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
1632	msedge.exe
1632	msedge.exe
1532	msedge.exe
1532	msedge.exe
4212	identity_helper.exe
4212	identity_helper.exe
3900	msedge.exe
3900	msedge.exe
2424	msedge.exe
2424	msedge.exe
4324	chrome.exe
4324	chrome.exe
4840	msedge.exe
4840	msedge.exe
2016	msedge.exe
2016	msedge.exe
664	identity_helper.exe
664	identity_helper.exe
3076	msedge.exe
3076	msedge.exe
1436	msedge.exe
1436	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 27 IoCs

pid	Process
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe
Token: SeShutdownPrivilege	4324	chrome.exe
Token: SeCreatePagefilePrivilege	4324	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe

Suspicious use of SendNotifyMessage 36 IoCs

pid	Process
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4324	chrome.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1532 wrote to memory of 4920	1532	msedge.exe	81
PID 1532 wrote to memory of 4920	1532	msedge.exe	81
PID 1532 wrote to memory of 1568	1532	msedge.exe	82
PID 1532 wrote to memory of 1568	1532	msedge.exe	82
PID 1532 wrote to memory of 1568	1532	msedge.exe	82
PID 1532 wrote to memory of 1568	1532	msedge.exe	82
PID 1532 wrote to memory of 1568	1532	msedge.exe	82
PID 1532 wrote to memory of 1568	1532	msedge.exe	82
PID 1532 wrote to memory of 1568	1532	msedge.exe	82
PID 1532 wrote to memory of 1568	1532	msedge.exe	82
PID 1532 wrote to memory of 1568	1532	msedge.exe	82
PID 1532 wrote to memory of 1568	1532	msedge.exe	82
PID 1532 wrote to memory of 1568	1532	msedge.exe	82
PID 1532 wrote to memory of 1568	1532	msedge.exe	82
PID 1532 wrote to memory of 1568	1532	msedge.exe	82
PID 1532 wrote to memory of 1568	1532	msedge.exe	82
PID 1532 wrote to memory of 1568	1532	msedge.exe	82
PID 1532 wrote to memory of 1568	1532	msedge.exe	82
PID 1532 wrote to memory of 1568	1532	msedge.exe	82
PID 1532 wrote to memory of 1568	1532	msedge.exe	82
PID 1532 wrote to memory of 1568	1532	msedge.exe	82
PID 1532 wrote to memory of 1568	1532	msedge.exe	82
PID 1532 wrote to memory of 1568	1532	msedge.exe	82
PID 1532 wrote to memory of 1568	1532	msedge.exe	82
PID 1532 wrote to memory of 1568	1532	msedge.exe	82
PID 1532 wrote to memory of 1568	1532	msedge.exe	82
PID 1532 wrote to memory of 1568	1532	msedge.exe	82
PID 1532 wrote to memory of 1568	1532	msedge.exe	82
PID 1532 wrote to memory of 1568	1532	msedge.exe	82
PID 1532 wrote to memory of 1568	1532	msedge.exe	82
PID 1532 wrote to memory of 1568	1532	msedge.exe	82
PID 1532 wrote to memory of 1568	1532	msedge.exe	82
PID 1532 wrote to memory of 1568	1532	msedge.exe	82
PID 1532 wrote to memory of 1568	1532	msedge.exe	82
PID 1532 wrote to memory of 1568	1532	msedge.exe	82
PID 1532 wrote to memory of 1568	1532	msedge.exe	82
PID 1532 wrote to memory of 1568	1532	msedge.exe	82
PID 1532 wrote to memory of 1568	1532	msedge.exe	82
PID 1532 wrote to memory of 1568	1532	msedge.exe	82
PID 1532 wrote to memory of 1568	1532	msedge.exe	82
PID 1532 wrote to memory of 1568	1532	msedge.exe	82
PID 1532 wrote to memory of 1568	1532	msedge.exe	82
PID 1532 wrote to memory of 1632	1532	msedge.exe	83
PID 1532 wrote to memory of 1632	1532	msedge.exe	83
PID 1532 wrote to memory of 2196	1532	msedge.exe	84
PID 1532 wrote to memory of 2196	1532	msedge.exe	84
PID 1532 wrote to memory of 2196	1532	msedge.exe	84
PID 1532 wrote to memory of 2196	1532	msedge.exe	84
PID 1532 wrote to memory of 2196	1532	msedge.exe	84
PID 1532 wrote to memory of 2196	1532	msedge.exe	84
PID 1532 wrote to memory of 2196	1532	msedge.exe	84
PID 1532 wrote to memory of 2196	1532	msedge.exe	84
PID 1532 wrote to memory of 2196	1532	msedge.exe	84
PID 1532 wrote to memory of 2196	1532	msedge.exe	84
PID 1532 wrote to memory of 2196	1532	msedge.exe	84
PID 1532 wrote to memory of 2196	1532	msedge.exe	84
PID 1532 wrote to memory of 2196	1532	msedge.exe	84
PID 1532 wrote to memory of 2196	1532	msedge.exe	84
PID 1532 wrote to memory of 2196	1532	msedge.exe	84
PID 1532 wrote to memory of 2196	1532	msedge.exe	84
PID 1532 wrote to memory of 2196	1532	msedge.exe	84
PID 1532 wrote to memory of 2196	1532	msedge.exe	84
PID 1532 wrote to memory of 2196	1532	msedge.exe	84
PID 1532 wrote to memory of 2196	1532	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://silaspuma.github.io/powerpoint
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb269d3cb8,0x7ffb269d3cc8,0x7ffb269d3cd8
  2⤵
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,8212418821748796438,13813929563044089699,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:2
  2⤵
  PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1928,8212418821748796438,13813929563044089699,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1928,8212418821748796438,13813929563044089699,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2568 /prefetch:8
  2⤵
  PID:2196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,8212418821748796438,13813929563044089699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,8212418821748796438,13813929563044089699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:3512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,8212418821748796438,13813929563044089699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:1
  2⤵
  PID:1604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,8212418821748796438,13813929563044089699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,8212418821748796438,13813929563044089699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:3012
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1928,8212418821748796438,13813929563044089699,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6088 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1928,8212418821748796438,13813929563044089699,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5704 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,8212418821748796438,13813929563044089699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2940 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,8212418821748796438,13813929563044089699,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:2336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,8212418821748796438,13813929563044089699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1928,8212418821748796438,13813929563044089699,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5800 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,8212418821748796438,13813929563044089699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:1
  2⤵
  PID:1980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,8212418821748796438,13813929563044089699,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6436 /prefetch:1
  2⤵
  PID:3956

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2028

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4172

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2916

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb159dcc40,0x7ffb159dcc4c,0x7ffb159dcc58
  2⤵
  PID:3620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1832,i,5025566310948582606,9379211724012654185,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1820 /prefetch:2
  2⤵
  PID:2368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2056,i,5025566310948582606,9379211724012654185,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2116 /prefetch:3
  2⤵
  PID:3112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2184,i,5025566310948582606,9379211724012654185,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2200 /prefetch:8
  2⤵
  PID:3868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3088,i,5025566310948582606,9379211724012654185,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3148,i,5025566310948582606,9379211724012654185,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:4540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3520,i,5025566310948582606,9379211724012654185,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3516 /prefetch:8
  2⤵
  PID:4440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4560,i,5025566310948582606,9379211724012654185,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4448 /prefetch:1
  2⤵
  PID:1404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4712,i,5025566310948582606,9379211724012654185,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4808 /prefetch:8
  2⤵
  PID:4368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5092,i,5025566310948582606,9379211724012654185,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:1720

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1412

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3240

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb269d3cb8,0x7ffb269d3cc8,0x7ffb269d3cd8
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,10690434148833371828,14589157456649135114,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2052 /prefetch:2
  2⤵
  PID:780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,10690434148833371828,14589157456649135114,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,10690434148833371828,14589157456649135114,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2540 /prefetch:8
  2⤵
  PID:1872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,10690434148833371828,14589157456649135114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:1280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,10690434148833371828,14589157456649135114,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:1336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,10690434148833371828,14589157456649135114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
  2⤵
  PID:1032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,10690434148833371828,14589157456649135114,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
  2⤵
  PID:784
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,10690434148833371828,14589157456649135114,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3376 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,10690434148833371828,14589157456649135114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:1
  2⤵
  PID:1300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,10690434148833371828,14589157456649135114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:3372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2040,10690434148833371828,14589157456649135114,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5296 /prefetch:8
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2040,10690434148833371828,14589157456649135114,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4876 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,10690434148833371828,14589157456649135114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,10690434148833371828,14589157456649135114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:3956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,10690434148833371828,14589157456649135114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2480 /prefetch:1
  2⤵
  PID:1048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,10690434148833371828,14589157456649135114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,10690434148833371828,14589157456649135114,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:1316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2040,10690434148833371828,14589157456649135114,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,10690434148833371828,14589157456649135114,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
  2⤵
  PID:2516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,10690434148833371828,14589157456649135114,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:1964

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4344

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
00bb30c9b7b757b7e44aec330dff2824

SHA1
1a4d14e9feca95d350b20728ff733abd281fc17e

SHA256
91e3235758a015798915f01085b90facc675af3fbc6081143a9bb30bfeed5150

SHA512
3989cd4c84d82ec030fdc3664cf6885a807197d3781c17fb6f5d4db9f2f2b64843e795fb14a819808081b1f69c9320d7613069ad8f33b04d7d67bbc72a6b447b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
8230321d07ac898a5cb22f1b264c3e7a

SHA1
8600e2778a7bcd5876bc4228e20c048f323b3a3c

SHA256
c1d0d3a3016d45c1b1979b60a80f1a6ad130743695f6b3a4a9ff612b642924c5

SHA512
1ea997793c6a06b99c30d166282eb6ea423d105bcdd927a86256da1d55292385c6a75048c7171c61b8bc4eec8e1551ff7d4634908705d76c913418da3517a288

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
bf8fdba61980422037b30d28de4ed3ee

SHA1
2a8525f865d52716805a46f28db5366ef144adb4

SHA256
6682d93980df23a534e31dcfc4a6083e982e5c24ba10988227ce85e3a0324532

SHA512
b18515e34078548e4f588dd724e6e51c6c3733ce420c794780b8533a962ffd557a131715630c2b4995e774fbda4f1db1437312c8a2ddb87d1854db92aa966393

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
68470f97c4115474844d2102e7b5b470

SHA1
755ce715ab85e446ddecdbc0e9e55b8306f5b3f6

SHA256
b2ea9d54593bab464cfa2a5cf355e2cfda4b34039aa8b845f21371ab1430a549

SHA512
057837ca904d97f497c86e2e6d6dd8677f8cea7ed5995f67e40edde6964dc7a57eeefa026dcac0e3a13fd4b5dcb85f4fea94796f5dac4fbadd1da35e40d04ac5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
bde29a0269cced5c0f67e25768531ff1

SHA1
42cd87fab347cc037d1f55d86c1e51c8d1bccb30

SHA256
3ef8c98ebaa9fe922c9f82b42ea3ed8f53587f0ee973d890c81aa524cc2ec0ef

SHA512
08ea487eddb9890b8bb787445edd39c4a48912efb04c79b3217f57e8e0374f467bfa3aef74c48b5993033316357b520f97a94b92076bc3c28cf890c87f8187cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
aa93ead91a506f64d8299a84784711d3

SHA1
f4ca0a2781dce74e693870c51397c6d857cd6875

SHA256
ad4059a00a28b5547df1c8206f5b3945152dc45a3133e6e760a9743cdf218f19

SHA512
4023edb4d90df0e4819b207c163738c547854274ba39dcb294e889518889c82a6d190016c21a54bdee5a1d7158e594c1d44e6980b58ed43135df2439798c1b9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
dad9010cd73892508d36f62a349890b6

SHA1
d5c0bfd61556bc395b47d96727146f0cc82fa80f

SHA256
45d32b44b09f920de79944c9745abb594f103dbe03316431d8d9191d9c6fe7fc

SHA512
2b4e288f4f06fa7ae9a5014faeba0ac33c4a7ae0f48f83fac49e478d4fdaf688fde0ca30cf9fed7ef3b945dc6dad8cc036b916ec59839cc5b110cc4250581dfb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
13KB

MD5
9394da53c1e673cb146e00e5bef4cb16

SHA1
e70adb4bf6d17c3b6ec4f503bf66b5e9e41367d6

SHA256
298d8450ac91bdc47a3fc50548e48a5a29f7166c22c932a4b3a7a2bca03981be

SHA512
be7f6a5781225f9102e536c295f00c252d923b865ec0454ef2da84f497eb1c20e0804e09083419de1d080e2c5373b46828a777422fbd2fdf5f6c5cdae82ebfde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\d36417a7-b7d3-428f-9b10-364b75e39224.tmp

Filesize
8KB

MD5
88279f70e35021593f22677aa79763fb

SHA1
56678738f17ce9adb379be9225b4d7db3ecfd0b7

SHA256
0fe23e0d84519e83e65336abaadd38b4e01d4f9525529876de507ce7e072bfc8

SHA512
029bc7177e16f624f3ae110de41ca18b3e80e1befff850b07601d976d51fe9d01f323001f813891580ff7b3cb91b7ff98d67dc7058573c26e9807ad3b4b0c5e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
194KB

MD5
3540740322e312661cf1e14fd40a70f8

SHA1
3c65632f413f122b5aea7e435b84bbfe47c22011

SHA256
d8e958e2e69b76fe18dc4aa0267fb2e343b749e1745cb4a2f56ee65b4e67d1e8

SHA512
c09b3ec81089c12dbce82bab065c3689b3e72af3add591ba51700890c47077b200d4924e6913b1e40b57918d8f5ac916f4372c05b9273858033e257d4b02eaa1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
194KB

MD5
c5cc9ad37975cc1b9f89a387322cd399

SHA1
769687720e70b0a852c1d83c93421796bf0ea372

SHA256
d6be38ef5d850857b0a8a1e4f0cebd9ac911b647f6fde1691a642b21b038ddae

SHA512
0245e3dc5e75a4142f1e78c5f3354547628f1217bd98602bfc7feae7ea8f21da43af6c93fd8fdfad927093775224948d4817c8157c13162c8e8d0330af589a83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9af507866fb23dace6259791c377531f

SHA1
5a5914fc48341ac112bfcd71b946fc0b2619f933

SHA256
5fb3ec65ce1e6f47694e56a07c63e3b8af9876d80387a71f1917deae690d069f

SHA512
c58c963ecd2c53f0c427f91dc41d9b2a9b766f2e04d7dae5236cb3c769d1f048e4a342ea75e4a690f3a207baa1d3add672160c1f317abfe703fd1d2216b1baf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b0177afa818e013394b36a04cb111278

SHA1
dbc5c47e7a7df24259d67edf5fbbfa1b1fae3fe5

SHA256
ffc2c53bfd37576b435309c750a5b81580a076c83019d34172f6635ff20c2a9d

SHA512
d3b9e3a0a99f191edcf33f3658abd3c88afbb12d7b14d3b421b72b74d551b64d2a13d07db94c90b85606198ee6c9e52072e1017f8c8c6144c03acf509793a9db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
461924653c72390635bc7f7d122591d7

SHA1
c0fc9c61fdb591ec80f1d43aaede86d8f5e58e00

SHA256
705554d960efd4550b23503233bb66192df7a8aa6f56394ccc649184a3c1ebe8

SHA512
0f28c4c181f34a3ee192089ed814996061576ff695a2d7864453f0a1efe4257e9919f28349fb90b93f2c34aa79d92c678534d1427d33791dc994306bc5355adb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
41bb166ae15d12b66bff3522c351fea5

SHA1
5fce8013a3ff21b7ada3c715845bfbaeff1f742a

SHA256
681435351d67e190c34e5676eb14d50046dbd72c89eb35a8cd5541c2ee8cafb9

SHA512
ce71d0286172635216a5678dd35234042c95ca187e878e3998b1136bac96ac7437f34e72f318856b212c15a053f948b96c5682a57eb18b3ffa546a1de5082081

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\447771a3-e361-4611-8419-89abf9db6f3b.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
1e3cb39d73cc835f7fe1386802225601

SHA1
10bd8145401d019bd2c3d1676f6e1f1dd74af04c

SHA256
f48887e59eca34aa1445a3105a069759e4d028ed9016bc711ff79ffee7558f24

SHA512
8ed22923eefdbf9111b0f4577625a790202d07bdac16eb70623d317b1dfad2b0e421469ced02bebaa1971cff3fec572f4d8ce5708d6baae191b05a2e9ad10743

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
1a5425eb3a91817dc1f65c8ce08eb640

SHA1
b8c99a5bbe4dfae3f04d21db4f8dacefece4e9d4

SHA256
9fa168e7e5ea7e17d7632cdd078593fc19d153b89f7051c57ccce4fb9fe9f846

SHA512
2507c21934c25b41e4485fd560771f7f8109333e6b79f0854a0f4c5eb669e7b4da250a53618d7739539c303389311a73fa1df908dccf9f5e1534cf3b1ac8c663

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
a238599b6eca213bbc3141ca8354c0b5

SHA1
01e387eb5a425750b255167a6e4a5a61255832a2

SHA256
ac32e574c5fde12f0c79f526564a65b738d0907cda18637d3bd166769e0b8787

SHA512
4b85d605fe6333cca5e9bad2d9bbb8f31a3e16c0309865979b4427200607b18907bb07d4dce3174b4ae9bac84c44fa686908c52c258a292d24b0838a0ea971fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
5fbe910b57fd9b453f0eef5afbaa561c

SHA1
3631ff8e5d6044c5b0d7b9b217566013aa38b504

SHA256
04f97f5beddea3e825813ba9cccfbd611d6ba52b566155d55e1326c13ebe0cf7

SHA512
4bc102f588b397b8884720e47cb28dd70607b38d12ec11e1370b690900e19a4eaab0e46c8d8276e98dbae61ff71738328d0260d1e9beac130737f88ca0842095

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
864B

MD5
1efaffe21bb32e2d8463f1c3d1090338

SHA1
57e80c66518e3e39ac82a9d8389667a43cbb271a

SHA256
d12eab18a59ea98e264633d7cd3923c15dcb0289d1283e5956cba8893e9c1a6f

SHA512
f9e18baa9d74e2a5ce4045f4ee68f95e90e18fc16d6136585298b2c6ed90f608af9d9142347215d57f4d85c5f76d6cf7bb2286243643fe1b31f28d51a1479271

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
cee59d36b792dcf7e8c9bd0ebdc95eb4

SHA1
f0796f89130fc6396629d65a0bde2cedd532093e

SHA256
fdef98f4d5081cac477ea2cdaada76ff85b7cf6302a021c7987edde76f0b237a

SHA512
792bcaef0e9928f1ea55695c7e0f83299b858434f86f0878d24bbdb87c268a4969a7c11d2bb88d43fee3e718ed7bf3c4aeeb2aeed98dfff5a5c7451f8c4018c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
60eecd844a35d0c1ab8b240d1edf04f1

SHA1
2c9a957e9321c5a66903bbedcf41a741cca55d15

SHA256
d4cf8bf2e7d1a7d40edfdb68d0cdbdf52fc5d782b5704d49696752ba3b326f64

SHA512
89775a505b085e551cf1c90260b2447048772485e2b7e5d8460202332619cefb53e52252a2be10a29eb27b1225a7d46ba6668bd804afb076513483f4d572bdc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies-journal

Filesize
12KB

MD5
af0cd3f6fa49acf1df99a0f620676baf

SHA1
81f732d579ab7a72124af3e6dc869faba53cbb59

SHA256
de80c43e89381b59a1ebde3e88d8384124dcaf99cbf87fe28b6871ca04b81375

SHA512
359b3765b6c9e8c3b0f860ea4fc2d4016a1b97035d63e2dc386134aaed9985f44f7f0e8ebe7b4756af0a2de21187e6177657cf7919e9fbe6bd3f7d0e1179c6fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
24KB

MD5
911a308e74e24e91f8adda1ec5b0bf75

SHA1
8ff887c6f4b64988a5f46d3d8968c9075f818d7a

SHA256
ccb8079a47f6abdd9f9a2bab38a33e27ab91a11edaa063ca5c65f92f26282544

SHA512
efb6f226bfc31c9a7b440b61f16164627d124df91b0d71818b599ccf842e4c27f377a6ff7016da757e55a4db3adf8da65c5c93b58684670591c561bccc952e57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
116KB

MD5
d2dabf46352248521cc8c3d09557addb

SHA1
5961e87bc226141fea8a7d4a146c37cddc3fd814

SHA256
50fe66327cfea194d5205a2652ee82d88a1dc1812b8ac312c33ca34e024b7a36

SHA512
86af1fd63f99dd2de7d4dd150735536f9d7022520ccf203293aadefdf74ccbf1ff4c0e0ce2a4e21e1f75920773e1d51abcfb3867b0fdec6cdf46afccf446a3b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
862B

MD5
db616cf040121d6b1c6de8c22f2ed26c

SHA1
f3665bef86a04cc83a8084ed213fd9dc4e6c7580

SHA256
82136da417a41b2501c6a063ec48fe16c5ea83474f050204938c7a32f79e7f71

SHA512
63ee6108b24d6b84aa5557310c7f5c78f07794f0521bd3b25182f16175d056f4db0a3e5146cee026b301bfb86c9e3c52c21ef5882080ba4852976bc0897579f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
3KB

MD5
7dec57dc1e2f80c4fed6cc3fae1c1f84

SHA1
7883976118d41188e550862cf8d73960e148c348

SHA256
536e89211c179221cd4972b8004af8b73cbf814abfdfca9a00be2389f0d2ef1b

SHA512
015d9f491da825f2ca0d50614db7edaf3399b5421eec2bbbbf9ca048d3b9d89e5f73632b1129b8cfe870c3791f262aa64630dadba9962861577f241edcb6c789

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
ec5b2cbdf7869389681022bb5ec638b3

SHA1
e27f705cae8bf5aae68b8d11a2dbc47c45683a4e

SHA256
e65e1f4de3c742efec49ead77f975f548cbe9d992824bd1ee0d817d9b6aaa4a5

SHA512
1059004d97c20c3c9b62c373c4810dc281a9de54a63f34d16f82591abdde1f0972ee43b8003e0a098429f632ce4ea0af23307ae85474bc9a2b7a21bccea8f6e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
97af56d62895b98f3a2692921a6c802d

SHA1
2dc8b80d1b9dba9bc87169830c835398fd0472f6

SHA256
ce68739cc34771124d5158be6fc8f13df13983e0561130702cbfda6d35115f40

SHA512
373fe2397b8b515293d13b87b6700ab91f6191bdaa7842b1e0a51519b28a0b8639c9b4fce20efe74b886bae6e2d75267caf503ec4718f50df395df1370dc9cab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
55a541a1a4e80ef44df504d8557e9512

SHA1
b8cf5bef43351893f24c4840a414514e2cb3d140

SHA256
5a8cc16fb479c3cf81c440c4854d55e83f8357b5d170015fad9615a93288c47d

SHA512
6f533d58214f7457c3adf87c41fe50b8b8baa6bd48f62e171717f591a4b79241767abceb8c7956d2ddee96e8046d27c2390d3bf20a8d8a03d22adb114574c6d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
1d2e9e37188e159a82be3ca278b7839d

SHA1
154eae9474a023efb833daa69be246fb6a131673

SHA256
16ac384bb51858ae5e95cdddcb00e243aede4c9ff6d4f710fec3b21865721b7f

SHA512
4e9e3777d4d271e2fa480b72e60abf8c61d743b9434be79a0ee8bcb4eb266fe92b6c202a99834782783835224bfe72fe281035eac397133a3a11653b26060bc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c74cdc89fd8e9fd741a8e8ffe7dd9276

SHA1
359e61a61995a915eeffdb2a5565a32888003185

SHA256
b2ef2c2fd563abc3b3ecf52e36222a2ad7aaeef2849987693ea5db69cb1c330d

SHA512
04e7ff9479c8cff429872433bc9832ad69f5fc3b918f12dd4c26165cce9303b460a8b59e9bc8d62ba781456aef9cb9cc4a84878abbba68af6cd47c09f84a01f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
fcaaf8a6040a99924712a3a16e64e73c

SHA1
fc7dfb81d58ca82832d509fcd37431233d3b1499

SHA256
f84a5b82abac3940052bc06b571f0b45de0e90c7dd3a497a5561e8d7a57e7a3f

SHA512
3b1dbb733032e24329817aefa1d79d6e8dfe33657266b718210f538a243201fe5457980f8388b53c354da6c347118748ceba5c3e49cb70a69aa320f8b8ab6096

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
1aa19d02903ef55c76e5f6258a30d58c

SHA1
882ae2bbfd6c6d98f3c4c401f48f40ba78eb45d8

SHA256
3846b2e48f2dcd4335308e30cf4fc2b41b92ed26415cc05af7885aa25f06ca55

SHA512
c2ad2357b1a2870ba2b92fd82c6e22b35759a9bac21ed86f7a03bdf0860b203884f2b50696e8e2b97be23824f049c71f982feea6a35a5cbff7e4eaaecbb5f17d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
1884a8e48d20b1a9ed7d116fcc2c1e37

SHA1
cfa72479bb2879ecef01ad655395dde41b0efc6e

SHA256
cdba836efd9cfc5a08d2051321e51cd9cb002dcb4750ed7e0459b1e0e4ebf61f

SHA512
4dcb60a5f85f40da01cac84fc11bf6fe357499cf6a849f653765f613fa5547c8bc26159e584edc652e560085d071ee0db4ccaa970e50dab2f9208a6210bc3ef2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
750B

MD5
1b51aa29e819282775b82a311488fd5e

SHA1
1f7d1f244291b76a957825e4ec6638b8fefd7ce3

SHA256
703820a5664b7adfbf00ae186264a3cc96ab00d0f1385cb77aa9e81d503b56c9

SHA512
719ff0a22a98f9d9b6fbc93aaba730e32244c2d192cce1d75999336d78055cbf3a81e095251f018b29e3419ed559194e3974c7140c0c73be62d44387e6b687c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
11994ff133e99d440040f06727c6d8ab

SHA1
ea431f2c4cbe07fd202c3d475c02c3b9e6a0f4f4

SHA256
2597d676b751025d1ea573db253b8502d8ccad136eeb01fa7d84b228cf116714

SHA512
0e29c5a2ca650e472a7d319b1d7a6b3ab6d0c7c9c06420d2e87e3e30b8ef18def4a805a002b3ae48af053d357006410144dfd23a2b2d5ba2dd4288b42d243ec0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13367337417257761

Filesize
10KB

MD5
fc941329b834291364650da9eb4e7624

SHA1
4ae36d55ddbdb1c1997a1d4717eebd198869f55e

SHA256
5bcdbe82d88d05f048396d2812536821b3d1354763018e561875ff5e7511d34d

SHA512
b34e10b3b2135751226736e77f3546a86217d49a7a681e5de08e9f320c5bd264fdf498683df5bd90687bfccac03543c3f90dc8d9bb313bd96f713689cbdc6605

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
9b368a90957605b5c3e0575a369fab2f

SHA1
6a77331aad2a9070aea2f06906f05a2ef5f7f1fd

SHA256
49c522e24aed657fdee236703a89a29b38b346d11101dbcc88e50a2ce196027c

SHA512
6e16dab41ca30091a4ce79baab16c4861b804175a77a1e1d5e92e699b976a303b0bdb4b98ac4e291eebad8d40d58ed8f12a4a098fba4416a3aaa22ecb09711c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
3afd573fd917f327b346ed3410082875

SHA1
bdfc2282a9389ee2b06ec4478be1dd3d6e2f6175

SHA256
ff838df901b36d4c095483d5c334e65f7427951c3bb56257e07167c1510fb7dd

SHA512
4075c5392895dc832b4c7861e4e8b732fdc849ac5084e1d47ecf115398a23bf1a6817269fb2eec20a8fc4c388b0fbf0d1216c8b2c2880f20a623c21161944f8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
e238ed2bedaa071cf72bce9fa11f9617

SHA1
7e1a6546076e87caada65ad8881e578a94b6efe9

SHA256
cb94014554ba51d23a52739630c1ba7876eb39ccf3ea8cdc6d4da862e7badc89

SHA512
9c9e1730afa93fd44c7a693c6f5a559763c506e4b851f71e1ad093e5dd4fd26bfe1f378a061821c2e3d0f2ffa8b6a3d984868fe08919ab1a31e37238ad358594

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
a83d3f3445aaf30893ad534f12e0d8fe

SHA1
da8f463034eb1623c4ad3f3e937ac64048013405

SHA256
8c90dcc2e7a2e24e9341d6aa432227e7c55af65eae1432daba6687aa709cb6cf

SHA512
e43280a96b0fd0660aa04926351105e7831931cf9bd4a9a857b56d22bdbf7644dd07c385be0f6e5bc7537bd8f7f49d2c68692328788401a03c45bc9522db41c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
0457c96f7141735e9d70958becf80547

SHA1
82d218631f759e2dea597def4d0481372e09b714

SHA256
2cc5fe9aba552ab6e35f5fb68739548d06efdb87de5dcc4dc42457884d1aa6dd

SHA512
b7f46f4c1980c8a44698d047a7ab17f7c8e746e72edf3686c1e387463f89ef1e2d0fda27b6e65725d540f6026d1542bd48c9eeb88f02323532828d7eeb354fae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
b5805eea0bdf3ecbad0a656b61ff4369

SHA1
c7c93c7e9c3c372594e535f927cabc377c81a5c7

SHA256
45262432076bff97ee7b39ab3031bc484b2e3f579f1b0fd1d012a30650006d35

SHA512
9787d7893cc0d38aa36951489d7a72abf227c9d65079047d1c75bde8bec579db0825347507ed99991e6924e965e2f3b652e25a9a3e56b4d25ac86e83c464a6bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58339e.TMP

Filesize
2KB

MD5
6f20791f06713bd0d4b938d9dd2c4248

SHA1
5269f8a0ce24a3efe1c588778122815d90aabb55

SHA256
43cacaff7dcc93508e2e7870bd4489a278fd0cba524782b7628e8915d6239c0e

SHA512
d351a2b9e393efc5c3a2987b927a790442006e9f9af5684524b6a211cd6102c5582bbb0200977e41076e41d111bed4b16caaa4fbb77de16286df2e1ad71e4159

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
c096bb30d3172d215129559b7fee7f65

SHA1
bb68a0fc1cb40c0f12b245413ea04930ed85e969

SHA256
91b656a48b205b68644cd496b58b87f5d9ac69f920b76895cff779e4b1b71cd3

SHA512
63a29c4c3bb9e8f5087fbe9fe9e9d5eb72e65ebd90a03a57c357e59d00541b3f1e7639e351508d90c5894ab6ff06b2afed41bb34f12e8d84c22b157f0d87c0e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

Filesize
2.2MB

MD5
36e04728577f5b5af0460d6ed8be2a53

SHA1
810c33e7fab274bafd442832404a17460898fea9

SHA256
5ea23664ea547b1820697d06fdebdfb63a025f48c24233c7d49446b4cc63825c

SHA512
907e5f58bd4ff0a088fe568c40483f6ca0aed185ab28610304e21bd4f5629dc224996a332d2db5156a6b217182ab3d656ddd28b4df2e5b851a676f0bf1982d33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
2KB

MD5
facb3d37eb90e05f614ec668f28619f2

SHA1
5dae4b90ad0757384d38bdc7cfe74363e84ec7f6

SHA256
9b10e7a5ea45e56ea8e67cb1effd747d9f3bc4696bf0d3d9bf5396799f86f9db

SHA512
d2245531a1102e4460a8790f78ff32ace2593d77bfaba5f32063a2e2ce02731659bce2f664d3feb1031725643c3b4011ea4c14f39c0a5d2568d7ca8aa885809d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
322B

MD5
5dd7fe532186ae2394ba3262ab54d642

SHA1
53c3ef94b0e9aef19761adb31080599dedb9d596

SHA256
afd4e7f64cad167451a9eb3a0689006af519d8394e32ac6f9883f68f92a7da5b

SHA512
36ca062848cbb92737b52fd7297d345853cc3fc0487f7e63f5eefe8cdb1efdb2afe0673557da2cd63d7575eb80cf0b8c435b7667968cf7361a519ea7359593d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
340B

MD5
bd2bd7233e82af3a5349a0b3950a5ad6

SHA1
d18d82b42671fa2416445d327d26a201ac574289

SHA256
a7fdcc8ed04b4e711cd4e5db8681a5623131af8694455607db5b68d5b33b593c

SHA512
c3fa84bd5ce4f677bf0e2cb20add6c84d5f57adf987f72b3f57a6bd250078659a5cdccccffa9cc6e97083e82f76a19792f1859fa4dfa74501ce3fc310c65a4dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
fddba3519a38a34d33cd04a3c325a068

SHA1
ad3c2ea311682bd438dfa6c59b2a7c7830e06e13

SHA256
480ad768bc8f64d410a9718834a5fae61129a828667e87d87ceca6f2b41fc987

SHA512
74dbb6ef9727d9eba133d2a738a6e9e7af08326698cf79e8be429efdfc69276551088c5615e0bc9a3827e5fbea7add3057d96769b33783d05e2841cfe51b4c38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
d0400f5a972e5ccaf6aecdaee2968d19

SHA1
f0cc4aacc95d2b4b0e3ee419b4b1b36e0943b82a

SHA256
9fe27fc6da07cfc499aae91b6d55e2f565e705c2d5a9b5ef788a3f5c0c41362e

SHA512
f8bfae6e04174edc60c6e18ba704fdfef6d723bd322c382fdf18c24626eaaf0c02980c259450689ddecb20fda4b287a90b83d8444a926b5ad6fc54dcad953a27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
6c9976985875ddcec844c1b0d0f6f572

SHA1
404e903c9b5527fc72c8bbb8477f7761b4e034ad

SHA256
7935631f6f5506fa6af3f7b45606baf10be630ebb7d2ce78ba5b2480212839fd

SHA512
c5840e61bff500f2675e29b1f7abe20ab7503aee1c2e459f4a742ddc05d5999e1a2d11acbaea91ee02facc6a6d9541e2ce697ea8679d8d2435b80c4b9c6c6d2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
16KB

MD5
d72dba7bc33e905d5979910b9971099e

SHA1
54862ebfa393dae8fba4a89303f675b602c22920

SHA256
7e991b2c29b40c056019a61dd1e0a022f13d29bcd2aaf176ee96bcd772f9ba41

SHA512
3c1c1b57ece8dc1c7933cddce1cdd59364d3b97033c10a3dad392cc867f6cc9c1a2dfec2fa798399a0a4022b6697380b91ab841e047c163585f2a6c58b5f64db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
55de265d6c14f5c5c1bb9d248ed36163

SHA1
e9780d6ba426ca15799e7dede4991934cfcd5f10

SHA256
9ce5c1fc664a929c691bf8cea0d334894ec49bfe136c9fbe77ca496a588e1e6a

SHA512
ab690a99031654351e7ea021d67a86eaf8ad003cc1f0782cda09bfae3a10009725bfb6c9d86c3fda106c07d5bcb2690e6a8cd838916c8822eb24c2ffce7841de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1a990ce8853a274e38e1021b3a5e485e

SHA1
2e05fd7d5cc2b60eaadb8c92b558c80f67774dc6

SHA256
d3a02c429bfa0e24f5e46d5bc093fe977b0dc03b7d74b989ed7e6aa52ae5c6c7

SHA512
a560fc71f5c54be0efd1c6dd44c9979d4f2bf9bda2ff11bd4c4028806b29149775e1a5d148e86e1d4f2dd6bcf07a51e58548640114b42ccea5a99e19f11ad140

Download Submit
C:\Users\Admin\Downloads\PowerPoint.zip:Zone.Identifier

Filesize
152B

MD5
3db72965db98294646318fc10a2b3a02

SHA1
849810991908fb45912cc91352bcb27757909d4f

SHA256
4f9eda27998ed6766bab2cc4b08221f32b2badbf76be2fc00605c6e2140bea75

SHA512
543e0f64cef9b64c64601fd4e5bff15c728b3726da6a0f7d910e77f28c94865c64b8a7d1f41dde16d79d292bf3550f4cde467ac4d842163b8ff9fe00330cfb26

Download Submit