hxxps://arkansas[.]forums[.]rivals[.]com/threads/unlock-10-000-robux-with-roblox-free-robux-generator-2024[.]132270/

Analysis

max time kernel
108s
max time network
108s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06-08-2024 22:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://arkansas.forums.rivals.com/threads/unlock-10-000-robux-with-roblox-free-robux-generator-2024.132270/

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Crashpad\metadata	setup.exe
File opened for modification	C:\Program Files\Crashpad\settings.dat	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133674562994535398"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4182098368-2521458979-3782681353-1000\{E466BD5E-5277-4209-952C-586E7E572005}	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
748	msedge.exe
748	msedge.exe
3000	msedge.exe
3000	msedge.exe
1944	identity_helper.exe
1944	identity_helper.exe
4540	msedge.exe
4540	msedge.exe
5200	chrome.exe
5200	chrome.exe
4592	msedge.exe
4592	msedge.exe
4524	msedge.exe
4524	msedge.exe
5632	identity_helper.exe
5632	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 30 IoCs

pid	Process
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5200	chrome.exe
Token: SeCreatePagefilePrivilege	5200	chrome.exe
Token: SeShutdownPrivilege	5200	chrome.exe
Token: SeCreatePagefilePrivilege	5200	chrome.exe
Token: SeShutdownPrivilege	5200	chrome.exe
Token: SeCreatePagefilePrivilege	5200	chrome.exe
Token: SeShutdownPrivilege	5200	chrome.exe
Token: SeCreatePagefilePrivilege	5200	chrome.exe
Token: SeShutdownPrivilege	5200	chrome.exe
Token: SeCreatePagefilePrivilege	5200	chrome.exe
Token: SeShutdownPrivilege	5200	chrome.exe
Token: SeCreatePagefilePrivilege	5200	chrome.exe
Token: SeShutdownPrivilege	5200	chrome.exe
Token: SeCreatePagefilePrivilege	5200	chrome.exe
Token: SeShutdownPrivilege	5200	chrome.exe
Token: SeCreatePagefilePrivilege	5200	chrome.exe
Token: SeShutdownPrivilege	5200	chrome.exe
Token: SeCreatePagefilePrivilege	5200	chrome.exe
Token: SeShutdownPrivilege	5200	chrome.exe
Token: SeCreatePagefilePrivilege	5200	chrome.exe
Token: SeShutdownPrivilege	5200	chrome.exe
Token: SeCreatePagefilePrivilege	5200	chrome.exe
Token: SeShutdownPrivilege	5200	chrome.exe
Token: SeCreatePagefilePrivilege	5200	chrome.exe
Token: SeShutdownPrivilege	5200	chrome.exe
Token: SeCreatePagefilePrivilege	5200	chrome.exe
Token: SeShutdownPrivilege	5200	chrome.exe
Token: SeCreatePagefilePrivilege	5200	chrome.exe
Token: SeShutdownPrivilege	5200	chrome.exe
Token: SeCreatePagefilePrivilege	5200	chrome.exe
Token: SeShutdownPrivilege	5200	chrome.exe
Token: SeCreatePagefilePrivilege	5200	chrome.exe
Token: SeShutdownPrivilege	5200	chrome.exe
Token: SeCreatePagefilePrivilege	5200	chrome.exe
Token: SeShutdownPrivilege	5200	chrome.exe
Token: SeCreatePagefilePrivilege	5200	chrome.exe
Token: SeShutdownPrivilege	5200	chrome.exe
Token: SeCreatePagefilePrivilege	5200	chrome.exe
Token: SeShutdownPrivilege	5200	chrome.exe
Token: SeCreatePagefilePrivilege	5200	chrome.exe
Token: SeShutdownPrivilege	5200	chrome.exe
Token: SeCreatePagefilePrivilege	5200	chrome.exe
Token: SeShutdownPrivilege	5200	chrome.exe
Token: SeCreatePagefilePrivilege	5200	chrome.exe
Token: SeShutdownPrivilege	5200	chrome.exe
Token: SeCreatePagefilePrivilege	5200	chrome.exe
Token: SeShutdownPrivilege	5200	chrome.exe
Token: SeCreatePagefilePrivilege	5200	chrome.exe
Token: SeShutdownPrivilege	5200	chrome.exe
Token: SeCreatePagefilePrivilege	5200	chrome.exe
Token: SeShutdownPrivilege	5200	chrome.exe
Token: SeCreatePagefilePrivilege	5200	chrome.exe
Token: SeShutdownPrivilege	5200	chrome.exe
Token: SeCreatePagefilePrivilege	5200	chrome.exe
Token: SeShutdownPrivilege	5200	chrome.exe
Token: SeCreatePagefilePrivilege	5200	chrome.exe
Token: SeShutdownPrivilege	5200	chrome.exe
Token: SeCreatePagefilePrivilege	5200	chrome.exe
Token: SeShutdownPrivilege	5200	chrome.exe
Token: SeCreatePagefilePrivilege	5200	chrome.exe
Token: SeShutdownPrivilege	5200	chrome.exe
Token: SeCreatePagefilePrivilege	5200	chrome.exe
Token: SeShutdownPrivilege	5200	chrome.exe
Token: SeCreatePagefilePrivilege	5200	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
5200	chrome.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3000 wrote to memory of 1344	3000	msedge.exe	83
PID 3000 wrote to memory of 1344	3000	msedge.exe	83
PID 3000 wrote to memory of 640	3000	msedge.exe	85
PID 3000 wrote to memory of 640	3000	msedge.exe	85
PID 3000 wrote to memory of 640	3000	msedge.exe	85
PID 3000 wrote to memory of 640	3000	msedge.exe	85
PID 3000 wrote to memory of 640	3000	msedge.exe	85
PID 3000 wrote to memory of 640	3000	msedge.exe	85
PID 3000 wrote to memory of 640	3000	msedge.exe	85
PID 3000 wrote to memory of 640	3000	msedge.exe	85
PID 3000 wrote to memory of 640	3000	msedge.exe	85
PID 3000 wrote to memory of 640	3000	msedge.exe	85
PID 3000 wrote to memory of 640	3000	msedge.exe	85
PID 3000 wrote to memory of 640	3000	msedge.exe	85
PID 3000 wrote to memory of 640	3000	msedge.exe	85
PID 3000 wrote to memory of 640	3000	msedge.exe	85
PID 3000 wrote to memory of 640	3000	msedge.exe	85
PID 3000 wrote to memory of 640	3000	msedge.exe	85
PID 3000 wrote to memory of 640	3000	msedge.exe	85
PID 3000 wrote to memory of 640	3000	msedge.exe	85
PID 3000 wrote to memory of 640	3000	msedge.exe	85
PID 3000 wrote to memory of 640	3000	msedge.exe	85
PID 3000 wrote to memory of 640	3000	msedge.exe	85
PID 3000 wrote to memory of 640	3000	msedge.exe	85
PID 3000 wrote to memory of 640	3000	msedge.exe	85
PID 3000 wrote to memory of 640	3000	msedge.exe	85
PID 3000 wrote to memory of 640	3000	msedge.exe	85
PID 3000 wrote to memory of 640	3000	msedge.exe	85
PID 3000 wrote to memory of 640	3000	msedge.exe	85
PID 3000 wrote to memory of 640	3000	msedge.exe	85
PID 3000 wrote to memory of 640	3000	msedge.exe	85
PID 3000 wrote to memory of 640	3000	msedge.exe	85
PID 3000 wrote to memory of 640	3000	msedge.exe	85
PID 3000 wrote to memory of 640	3000	msedge.exe	85
PID 3000 wrote to memory of 640	3000	msedge.exe	85
PID 3000 wrote to memory of 640	3000	msedge.exe	85
PID 3000 wrote to memory of 640	3000	msedge.exe	85
PID 3000 wrote to memory of 640	3000	msedge.exe	85
PID 3000 wrote to memory of 640	3000	msedge.exe	85
PID 3000 wrote to memory of 640	3000	msedge.exe	85
PID 3000 wrote to memory of 640	3000	msedge.exe	85
PID 3000 wrote to memory of 640	3000	msedge.exe	85
PID 3000 wrote to memory of 748	3000	msedge.exe	86
PID 3000 wrote to memory of 748	3000	msedge.exe	86
PID 3000 wrote to memory of 804	3000	msedge.exe	87
PID 3000 wrote to memory of 804	3000	msedge.exe	87
PID 3000 wrote to memory of 804	3000	msedge.exe	87
PID 3000 wrote to memory of 804	3000	msedge.exe	87
PID 3000 wrote to memory of 804	3000	msedge.exe	87
PID 3000 wrote to memory of 804	3000	msedge.exe	87
PID 3000 wrote to memory of 804	3000	msedge.exe	87
PID 3000 wrote to memory of 804	3000	msedge.exe	87
PID 3000 wrote to memory of 804	3000	msedge.exe	87
PID 3000 wrote to memory of 804	3000	msedge.exe	87
PID 3000 wrote to memory of 804	3000	msedge.exe	87
PID 3000 wrote to memory of 804	3000	msedge.exe	87
PID 3000 wrote to memory of 804	3000	msedge.exe	87
PID 3000 wrote to memory of 804	3000	msedge.exe	87
PID 3000 wrote to memory of 804	3000	msedge.exe	87
PID 3000 wrote to memory of 804	3000	msedge.exe	87
PID 3000 wrote to memory of 804	3000	msedge.exe	87
PID 3000 wrote to memory of 804	3000	msedge.exe	87
PID 3000 wrote to memory of 804	3000	msedge.exe	87
PID 3000 wrote to memory of 804	3000	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://arkansas.forums.rivals.com/threads/unlock-10-000-robux-with-roblox-free-robux-generator-2024.132270/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff91f3746f8,0x7ff91f374708,0x7ff91f374718
  2⤵
  PID:1344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,17581788533894181267,1494289259536360044,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
  2⤵
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,17581788533894181267,1494289259536360044,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,17581788533894181267,1494289259536360044,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
  2⤵
  PID:804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17581788533894181267,1494289259536360044,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:3552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17581788533894181267,1494289259536360044,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17581788533894181267,1494289259536360044,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:1468
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,17581788533894181267,1494289259536360044,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5080 /prefetch:8
  2⤵
  PID:2520
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,17581788533894181267,1494289259536360044,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5080 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17581788533894181267,1494289259536360044,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1
  2⤵
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17581788533894181267,1494289259536360044,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:2896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17581788533894181267,1494289259536360044,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:3728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17581788533894181267,1494289259536360044,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3664 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17581788533894181267,1494289259536360044,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:2000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17581788533894181267,1494289259536360044,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
  2⤵
  PID:2520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17581788533894181267,1494289259536360044,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17581788533894181267,1494289259536360044,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17581788533894181267,1494289259536360044,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17581788533894181267,1494289259536360044,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:2104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2152,17581788533894181267,1494289259536360044,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5272 /prefetch:8
  2⤵
  PID:3688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2152,17581788533894181267,1494289259536360044,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4016 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17581788533894181267,1494289259536360044,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:2248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17581788533894181267,1494289259536360044,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:2028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17581788533894181267,1494289259536360044,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3648 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17581788533894181267,1494289259536360044,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17581788533894181267,1494289259536360044,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:1
  2⤵
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17581788533894181267,1494289259536360044,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6680 /prefetch:1
  2⤵
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,17581788533894181267,1494289259536360044,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6904 /prefetch:1
  2⤵
  PID:1012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2088

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3260

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1748

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5176

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff91007cc40,0x7ff91007cc4c,0x7ff91007cc58
  2⤵
  PID:5276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1732,i,16083329899505408981,10549010795359386715,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1764 /prefetch:2
  2⤵
  PID:4656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2024,i,16083329899505408981,10549010795359386715,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1868 /prefetch:3
  2⤵
  PID:3304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2268,i,16083329899505408981,10549010795359386715,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2460 /prefetch:8
  2⤵
  PID:5376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3160,i,16083329899505408981,10549010795359386715,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:1472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3256,i,16083329899505408981,10549010795359386715,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:4792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4528,i,16083329899505408981,10549010795359386715,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3872 /prefetch:1
  2⤵
  PID:5548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4680,i,16083329899505408981,10549010795359386715,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4912 /prefetch:8
  2⤵
  PID:5808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5036,i,16083329899505408981,10549010795359386715,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5040 /prefetch:8
  2⤵
  PID:1684
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Program Files directory
  PID:5848
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x284,0x288,0x28c,0x260,0x290,0x7ff6ae0b4698,0x7ff6ae0b46a4,0x7ff6ae0b46b0
    3⤵
    - Drops file in Program Files directory
    PID:5876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5312,i,16083329899505408981,10549010795359386715,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:2724

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5592

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:964

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff91f3746f8,0x7ff91f374708,0x7ff91f374718
  2⤵
  PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,12706113760892657641,7276585086845300066,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1940 /prefetch:2
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,12706113760892657641,7276585086845300066,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2468 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,12706113760892657641,7276585086845300066,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
  2⤵
  PID:6088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,12706113760892657641,7276585086845300066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:5260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,12706113760892657641,7276585086845300066,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:2616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,12706113760892657641,7276585086845300066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,12706113760892657641,7276585086845300066,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:1640
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,12706113760892657641,7276585086845300066,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4012 /prefetch:8
  2⤵
  PID:5488
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,12706113760892657641,7276585086845300066,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4012 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,12706113760892657641,7276585086845300066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:6020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,12706113760892657641,7276585086845300066,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:2296

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2696

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5812

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
3cc36250ad52d5ca64138e7f7782fd5d

SHA1
f2b343504ca4580509df1ff1377a618d9f7f7653

SHA256
1856ebd25578a71efae77d4c16afd42afdf3832c5b479e0eb8809fe1407cb62b

SHA512
a749312c59ce0dd72579a971490b31cfc4e608b02d8c29f60dcb92b148251e3be23d957dd038c897fcdee0062ff6a82bfb98ca246237de3836f4969833635a91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
52d122b27c5653cdf4ca425dc45fca14

SHA1
543f7aacd3e675194df3cca38c38276245fdd4c1

SHA256
e9f200649dae934ff687cde532d6c5ba7287dfcec0c971e6ed3df07bdd9f2de0

SHA512
800dd4392d512681b4aa7c7830b57b2cb54c13c48e1e75846d866baf277ac73cd4ca99d502cdf7321f8f9c8b4ca6e30b54351b2abbcac0779d298597409bf5f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
30eec7a168ccf89b68a8de4269ed0b6b

SHA1
67d38dc8feffeb756ca7cd433af53ce4cf39b9f1

SHA256
c33290b8842e0f0796b358f3b81d9f74ff2988ee6896910cb27d9da703d8e1c0

SHA512
3175c453fb2b93f5f29245b504abe94a17f8657a9bdff1d06e0edcd64f299ea19c25b9117e915c6829a4fa331c95084b03d4fe1eaee44054c4a84cfd04437135

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
7b11ae64c935645b7d2481542d125b9c

SHA1
01b77e5ff47910967b51c989be722b210c708cf8

SHA256
e2ca4d0c668b0898508bc17b24e009e5e82c6a9577df462419fa88eb2d07a29c

SHA512
db65c1dde7ba49c941c422df2411365c2b32f1ddae4dd2006936b2364548114d0842e94036b1ce91be785cb946ebd2a3e5a45ffecdcd11f0d059c2f3ba01883d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
179ae388693b689d4a17f79a75609640

SHA1
90f2f4d75d30b81ecd1e0feab14b3a4edc59e947

SHA256
e664f4cf406598cc2910fcdb530ab6de7e27bc564293af24efeb7376fa11646c

SHA512
ad5148efefaa10350218dc122a345117e750e00e358af26786a8d7e3765d45575b6b5785e6f827663f26f4b0359fbdca51fd52fa060cfacc88d95c01a8a8d830

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\ca8d42ae-985d-4912-bc30-b41ff7793459.tmp

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
ce4321c541f6ae37c6f9535884d85810

SHA1
07e5fa70b902f458b2b314cd34c560aedc50cb40

SHA256
ea7a08c53ecac824992a28664d1619daf20886ca8ef2f8b77faac3378b8c5595

SHA512
0530f03243f50de05f0ef57b254dd0fd25adfcdb86ac618db6ab57c4f7f4b39e84048a12ba36c73f4661f7e426f74dd7efd7453164359cff1087875b980a7fbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6f8eaf5f1f2116684606447cb1a143e4

SHA1
bf7c3e35b2345cb96784ca6ad0c95dc50e113243

SHA256
bd6dc896744d897094bca7123383a8fc331baf5323a442ffa61abcc6e3c9fb3f

SHA512
2b6b3e52d8f63ecc915f9ef08d2dc8809902a96927767dbe32d7e2ba4ab63dc269e3acbecdd92544a15ed073e2ce16f96a6a22528ad6295b0e380436ae0d4d82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
e5fbfd382f3dff385ba2c106b667f1b3

SHA1
0c78896373308ab2fa739cb052a5668a7697c96e

SHA256
708128b3108425ba4dd253219b9167b60883eb382c77b6bad7c73614e82862dd

SHA512
778d8f1060aed60ff08c3002e9581463f7d856479a48be026f6ed60ac2c63997ff8b90dc6d81aad6760caf55649539376882c53994cb1f12ccfa1cdab4689df6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\d3beb36d-44cc-4ccf-b58f-2059d872838b.tmp

Filesize
8KB

MD5
cf4f542338060a1a2edc08cb8e29e350

SHA1
5e6fb348e5e740ae987b8cf13b1526f0277d3a8a

SHA256
f409a9b0e8a6f006b47371b2e06d5b97f2bb53ad412eb90130a03d57dd965b39

SHA512
825cb2272acd0a26ebf91eecc1aa1901c68f0e8643ad608753698b25b033c8dda3e9e3c4e770d7aef25677b36588c0f80c9e33e765846772436c03a136ac8b9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
194KB

MD5
29e80aa480fd5a86b74a82626641fd28

SHA1
475bec5714838f32a4f069c0e072e53b977209f0

SHA256
7261b8af1fe41131cc8c72b71ff5f0856fd7df213ddf52cabefcebc2ee360e38

SHA512
c291b5b7c3efbb6f18d772d842f018c02825a85f1623d8c752370d97e15a7e08ad7e86564cfc17f8e89f01f8fb5fb59a1cbfb68bcf61929d2453634b1706b9cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
194KB

MD5
a668deb983fd7494864e7d3fc2b3bce7

SHA1
76dbe6a27d9ff93d9b17d5d17236e0af14369ad8

SHA256
eb2d20de9bca1dcb570df7c4975502b7658d94c95286d95867fd5e1f80d9ebb5

SHA512
d2dcfee78b570ad01c275b91a8d739806590fb721dcb217b14e481f7e5124dc8680982ebffdf7fdda52a5a48ca4f111d4ec470cb6e85c43e45c11823705e07e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
793d5df67dd2bdac5b13002fe6a56feb

SHA1
d7c7e4fc13101e854103ae0d372f6920eb1e6da7

SHA256
b89c6850b95a11456edd863216a85ff4f7d1b62941fb1f57ac975f821e7623e7

SHA512
0dec6027427b4980f58d5f5c15b2bbc8a3de5b1b65335ddea7656d0511d022e031f61d11dd18cb0abd2e22e8accec6433e6faaa00f4d7720a8d0e7b003baf8c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f86c4100387bf2641538dedb9e0d5b07

SHA1
549e86ba24375ee618183f4323bcb73672052cb5

SHA256
98b713daa29148ab8a183cba3772776e671b1a25b49be95f25b111cb97f24eef

SHA512
d9aaaf619d3cf2715858c3d7299b59fc9603693cc71faa4477bd9c05aa628361e40bcb1106aeab44ca812d4f983cbf50a7af8bc2a5b67a851f8f08b94efa26a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000041

Filesize
210KB

MD5
48d2860dd3168b6f06a4f27c6791bcaa

SHA1
f5f803efed91cd45a36c3d6acdffaaf0e863bf8c

SHA256
04d7bf7a6586ef00516bdb3f7b96c65e0b9c6b940f4b145121ed00f6116bbb77

SHA512
172da615b5b97a0c17f80ddd8d7406e278cd26afd1eb45a052cde0cb55b92febe49773b1e02cf9e9adca2f34abbaa6d7b83eaad4e08c828ef4bf26f23b95584e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
23928cdf0dabef5793f7fe0530172726

SHA1
e4540563101f3c93e750a00f06330421bbc79c5e

SHA256
aa15f39259636d535a53e6641c2ea411fb72579c5269d80278133cb0ed5f8c57

SHA512
90b518f52cdf0ee0e0a4080ab3b92bc3fb2e0a3b11c670a4b8eb8ee91ccb398f35ad0ce9a81a492b6f420ca04e1a0561c7ab6a625863fb360f83334f94a0e548

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
32KB

MD5
1dd2eeda2385ed5455d23ae6ae35f26f

SHA1
12fe7fba27e21500af5b6b7c6b88c0602c9af3ed

SHA256
df09b8be4c9209b6155f7f356b1e3e421d2da2c87c5e571c62879259314a216b

SHA512
5ff1b183a83cfed11c2f69f6946260b742f1bc0909fe81d150c59c347504ade09ca246a6d7abb01ddfb260998c2e14b170a3b68a40c18cfc1b3f451d5dd30816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
c152c4def9b68cf66f50f5efbaea4517

SHA1
16fd26542e86aeb6b11bfe1902dad4cb75b18c31

SHA256
5042d0d2eeb97c046546d60b0ccc93500dd21cdb3bc67d3dc75afd8c315e8f68

SHA512
2de81699085db8f19c3fb0541973a51574a9baa60913dc66a52d3daa8010cc5aaeb8b0189df021da55a6c0fab6b69b77c889bb70070ef8c79bdf3436bd6015f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
f9f8fa4a6d5151773821be853f01309b

SHA1
45ca53d15f6f2983ac5759841619675e1b0454b6

SHA256
ddf30bc362c867b100861ed61da89b0652d237e45eb70f963c5b11db773c4474

SHA512
f5ed76f2369454945d0effe274dd8d41d558db242938247755df5ee62e33730bd1c2315c302be1267ae98028be7e1f4baae3cf899d49dd5a4c1e17853751330d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
4KB

MD5
90cc98df512f47df55a7343d66c5cde1

SHA1
17387c1525ef3acf8c06f89204283f85c410f40a

SHA256
582a75e15c8e184167725888cd7c56994ebae9864f712dc3409d6b8e815b0412

SHA512
f098e5ab9ed8b4f0198d8c8afd2dc816a1e17485ae2b5a5bbfb10cd7e58626851b2d6fc3b1bc086f1fab004f98e101fc33d19b999db1de45350a0964b2097f82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
8KB

MD5
cf1b56090f9a97fc18bd46e5cb98892c

SHA1
0ebb291687d2d589a887763700ee6c1d61073fe8

SHA256
96ae6a8e253c7087c56b450b7544117bb72e98ec9fcb96a9196ea1ce2a109c03

SHA512
23a8d696ddbaa88eb19b82ef488202b4e1dcb2036e22f66c3482e5ce81833e720f7634bb3c876dc42517ef451098ea75c2911de520c7295470022a83736f5b1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
813a47486e8feaa7b4bdebe6b0b9006e

SHA1
e1c66d66fa5b7914293969c6f39078e8acccbc27

SHA256
1be36683d1c703dd2b266240d3682a0102e348d2608a96260bf3adb58176bf95

SHA512
58a1ac72f9c86d91bd9987c458b8838e089fcdc6e294c4881941d459e14cb95ccc15fd3c54ae6afa6d3ed47fe0d9f420c8c1196edbf89aef98a6e724b2143fab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
f40d619b3dd719c9c52bd323d130b1eb

SHA1
3da448a942e6bdedc350e7752d36e6f464a7a4e2

SHA256
3945a0f60e3c8656642127ba32a83ab466778700e5d416721be0b92dfca0e501

SHA512
484f5b36b3d1b1465a744bede397bc3ba540684616f61e28a86bc54f4337ed5e592284e7d2fd0da469d5d382eb2133b3020176317352abffed291854705b3fd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2ecec4a231892b89040eba0e317d5256

SHA1
f37db5de2795112096a4ee04c7bb837679a955b8

SHA256
1ed798ec41b1c7a80dfc594f33271a6070efd5b379159a8453fbd887869c997e

SHA512
de9822465ecac3117a5abd6757ad7eb0a0107fc2b1f55640db2688f70b53e95ba1e1e38cad7b7285fbaab77591b4a738ee35cd9a6c823b09822e0479e69ef772

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7edbb46e2fa6eee2615054c61583736a

SHA1
1c0223e776a2dc99449e569836bc67516625e08c

SHA256
5a8fdb00d4d74e0d71912ab2dcbd1994461364eb25ba7d9342230cde848ab22c

SHA512
1c0d18a74d70b3767824f002dc86aed0978f5e9dc12b28f093e7cdf14e8a0c7384f8cdf10a07c8576514f565d312e97e416f977ad6213cda521702880ae8b820

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
99c1f33951522359edaa6fb7d0fe8bef

SHA1
1cc957c5ea64981b391f69a301644757b863c491

SHA256
2e92885fa425a7d4d127850285dbd3c484e9b266fa4db8d9909ccad43e97df8a

SHA512
a66203c7b7253b07c618551538e672d3d261c9dd6065333cdf9ea05dd7b22ccf6d8a24717906fd496a9ab71fdeae6e5a44965453e5d654eade6eafbef8fc42e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
d0a13c8c28a7e94153bae783e47aa999

SHA1
163c5cf976c21a8210bf31c388e84c50b624bfdf

SHA256
a3ff7e9a311af3ac438c86fb23427274cb1684fe08742f1227bdee8d65d4e4b1

SHA512
8bcccc0dd3b44da2003af56232bc54bdcb0910db53c548a7f0702123adc362d04bee3f8f8a4bb70b64cd3bfbe421fb95a1760a66cd539d357f6f58cf6e4934d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
b5357e70bc5041e295c26d4d68e98404

SHA1
d2a9a3b36b6e5ac3ef8d1dc4f0d37fd1cd12c00f

SHA256
11a0ad741d3ed9e11708c943faab663cc3a80e560c85ca3b599650137317a0be

SHA512
51a781208b74813993d25a101a8824c7634fcc5ac871d882c7e7ba8b54519b0d4179619edaa451609fd6111b7538c4831ce7ab84437825a4f3af81fdd99c8df9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
1d15698e1efa49cdd25ab3022503ee48

SHA1
00b2c3d6b3750b9320a899b60652e701c775c934

SHA256
e9c0d78f1e3141de8f1a28762e8bdb43462e9ec438f198126e456d31767ad182

SHA512
b817edee731c7787cd031477d14d6f376da7ef6443302a1e09f51df896b22665785c1845e1d0b87b7627cdb11fa042d786e6f7852a7e6f3a14d846c8d1d233c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
483B

MD5
be3ab9709319e7a9d9bb2b514a30926c

SHA1
ff94d9314c6d68b9d5036534ec7b74d517986a3f

SHA256
979d8a93df805b083ef2b52cca91f5b7be6b79f215552ee9767210f201a990da

SHA512
e4b02e7a30e39fbbddc8f606ba8b9eb463336ab0cd3bca16fca819b20d62f83e9fd5a0caad8e8bf36286078285eaf0f347262b2647385a2ae8ab54f8bba709ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001

Filesize
107B

MD5
f5ef5502f065216ebe592fc8e57a91fe

SHA1
d4db43cd5f7512fe798b4bbdd3f87f30836e4a69

SHA256
e0aa9021b3831e7fb439e99cce20e7b399966cff18cc8890086ab6c717a99f30

SHA512
2ad9929ce99f8b8845da14fc785d5a67ba972cbbacca0558c35cfd134066c8cb37851aaf9c258e0c5c612aa23caff8ebfa8f16fc3cc08f4ff7f87eca210dce85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13367456241323611

Filesize
51KB

MD5
8d6516fdb200d165c85a61641b074e25

SHA1
9f5c82d226f2be10a0c01d9dbd40d55688abc8b1

SHA256
1b46eb5298db05a371b2fd0fee5dccd4d949a547fe6012e5a5ad459055cbfe25

SHA512
973a3c509ecfc2d7227a8defc1206fd9a2a11a74249edf36e64dc16854a1338569a1ee97fa52a241f3bd70e567b9aa5157640d395d5c84b39a76359370a4a775

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
316B

MD5
77e1d5bbdb64e0f4802aef59cc56ca68

SHA1
a5dde0715317059e3e99792390cb41286883f565

SHA256
ff621494823aab12a90ed08719e4f9df87194aaa588f219b27b6921f8a16c690

SHA512
d422afe6972c35f3bc2691a433f5a0f99bc50fcee5800cab5d608dab36c941b1adb56446c280b5f989bb8466a978bc90fedab2a80f411b78607a136e25fc3f29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
1093494082485a9e4b07179c36da9155

SHA1
0a661ff029ca50b109a7b01080b526b8eba9dda6

SHA256
9cde265c4bfaad93ca0c67f004b208492f700e364fe487c1105a3975c30e56a8

SHA512
3c164eb0d630b8ae43b308a6d1768b791f71dfde1b0e06de03ff0317acc0c8878a93f7df757751a0ba58fefe4a2edc101acf6ff6fe37deee89c7b60d8f01b78f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
3404418aa2bb266dc22e7e4ccc8be112

SHA1
61c68b0f639725587fb6e1807ef23c48bfcd6440

SHA256
665d1aa25191035b99087b859d0eb73a46d6f9fb2a61e267d9aa9f0441df03e6

SHA512
b995759bc8ed1602f71e607e01a047e9b14fbcfdde207eb7957a3739a0fd3e1083f22b9167dace307304e4c8aeb5c9fa73656d6d9055a2d99ba054d82ddf3306

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
472f8bf3c4815f07d143678afc434ee3

SHA1
e945f7da0ace4df28d416e6bfb4ff08a0988aef0

SHA256
51814bb2fbd2b6141a186a6b64ff91c51f258bb25ed8b60a63d6951f712707d2

SHA512
02abb7e5ea0737e1f0d475d07f2ed12f97d0a23657b9a05465a14d9c6244a60f16130f6fb35d13e630aa72d6454de2172a74780d48bd820485154bba55445b32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
fcf8dd042bb04353a911c5fab2bdeb81

SHA1
8424b301dbd218f2cbe2cb0a5a8a14f388c61f37

SHA256
b8a3fb14e2ae7120691518aae6e00fdc95a5eb44e7fee770fc677d4bbfbcee23

SHA512
244484a59c05b9e9b324b6d61f5f43c7f2e37c9706a6e7c155b8e751f170b6b97343ca2bfd9b3aca92b9c6e144fb93d65a9e8931059b9993d3a150ca6c016f24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5813d1.TMP

Filesize
1KB

MD5
6d1a87fefadf24c55822973867a5656a

SHA1
1d904d33f23e86b3b85ca79265625870d1ad84c7

SHA256
3e444eab6317890981f4f8adb280f2c9c0acf347cc8fce054bbacb42f5fcab8f

SHA512
3ea24640b64ca1dd69cae80b00dde97a5b47523c56d5f97ef6a5233d3c52b0ad7c00244f87b0d5b904f98a4e417fbb9d51b4c91babd5635ff65d624fe92e1cd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
be0d239658cbcec6f1c64f74658eef5b

SHA1
b3c5559122d2dd460a14f1b071ef95de6fbb30a3

SHA256
c7f9c8280b0174d3e2e55ce57f9f22230d8be150da27a91b7708f53fb1b56683

SHA512
ae523878e3510e845205b11d15a6d4301fc4402c9b089511f2e3e77003a3bdf3846e8992a59e00faf77f76460e0db6c3b40f873f337236ba8017e31d7e78e614

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
116KB

MD5
addf69de60f71d6907992520583f821d

SHA1
7f888f2c27bad140442232361c565a5d2d322eef

SHA256
ddedd8c35796d61197a82cad80a6096fb999acb393669fb9a0761d9fa74c6064

SHA512
3587885855f181f2edaa2db9499f4c80bc0f448843a970b2abb99070ece0fabbfb99606731af734bb4e99d11867667af5f8bad857bebf970b240a7dba4ce5809

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e501b1ef-3c6c-4e60-ad01-5b245602e63c.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

Filesize
2.3MB

MD5
4fce50399d3320fe451483455b47b6b1

SHA1
055ea3f65d7f8fc3124480a32728db1874662c55

SHA256
05b4aadaf0a5031de0adde4ab27991351cc2d177ba06a992b0cab9455266e78d

SHA512
27890d38a81f1e43e1894ba720b8bea29ed987ec9368f1a95af00aed2ee81785e454bbf67c8e8801de29a3cd0512fb96c3dff26b7d69ac483c0f9fb9dd2eb303

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
187B

MD5
59e2d68c2537df22dcbdf44a2dcfeaf3

SHA1
848cf5a030100f4b38c850a65538dd70ec2c7ebd

SHA256
72e594d16c95ba6b38ac0d8a3ca41d0f5cc8698ebe38608562648373276f9361

SHA512
c53412e1ee191899b17c6d1bd749ae3ffe2fa2da8b4c127064f784f0c9c1aef2af35bad553615dec17dfbf143d0ee5ce8feabcc6810033bb19accfa32194a37b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
1afbd66a2dd0d557cf9931833934d2af

SHA1
c2a2d74e919b5360fbe4743d88844926c5db41e3

SHA256
20d3bea56a7bcb46300239eea35bc41f3d13716a0da34c5d93a188d2e9577db0

SHA512
a41b949e10996b1363b2809e5b3776bb24f9a55206495eed1e8f2ef04fa6729f51a80430df09d23462c3c944255ebc57af88e2709224a4baf1602530205fe3fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
594B

MD5
26d1c6380d60581c060f895b11ccd5f2

SHA1
961baf205a567c5553d9fd5c8d228fbc56ed5684

SHA256
b89693edc0db44d39a770c7b85746ed30e8a58ea2bbef32ddf2e9b767f5e6e4c

SHA512
c840d4917e15674bdf650092594e220ac18cbbc49e36e56bcde8b943fe185da6463197a798049b1daf9b0ab047de5eae15ab51e0edf15306f474dd05394ef180

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
cef591e7f69f05dba1d845b7a4113b86

SHA1
01fae30b83d558aa3247a211ab7f1705e4b39787

SHA256
2ee8d48577e3045a55531dd0d842f6cb029ad20308811bc2f2e17c652c7a9bbb

SHA512
9bcd7deb46caa10738b7b8f915b0be85e5661c69d7ca5366ad985f9c68fbcbd6d37513283e8c4fa494a62377747424562233618c79818e0801c42c71b4463e13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
990d1ebbc6cec24c8871604a2a96d671

SHA1
e73130dde4a8b027919fff5f2ed4b93f898531ce

SHA256
0e07404fe5af58f8dad363e25eae09fb95930d3ad5c3202faf9e269faa00bf48

SHA512
5e4a5235578f9f0b8facba11b63ab4f1a3bafe9661989f34ca422e4d2181dde43a5e425808aa8cc5d5b41038215a0c3ebff3ba3eff5561a6cd3106848d0913e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4e6e6e154582c34308dbc9c2d6960a50

SHA1
9be051657509399326b85051be3b92ba090b3ac9

SHA256
98fd1559794da18664ced4c8cb5e9c00ccd41401a4a37716af9797d98b856198

SHA512
4a334824f4d5d21e9b01c5ccf72992307db60abee809875da4480d3c6e82efddce01b4fde1a954c76546622d85d84700d8fed9e0cb068c762ae5f282a4d76c09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
5155604f6eda6d4f305f423132e83d03

SHA1
7f4f3d81e4f82f6194a42a3128c2abfc958badef

SHA256
5c0d181501202f8f072cc2e0cc1198df5bf3fe20bffd5801b67f27610eb25d60

SHA512
ae5bd23ceae1840be8da88fd407ef274f81ed781cecd06f0fc7ef824310b4e58fc448d33a3df43f8b7cd9b97708641867f350bc137e23e8814bc47f2b7eb72fa

Download Submit