4cc08389a45641ead70dd6dec8735dccd6ea139439f7d2a56778b1675ae04fa2

Resubmissions

12/08/2024, 08:07

240812-j1a4yawhlc 3

12/08/2024, 07:54

240812-jry5easanr 3

12/08/2024, 00:38

240812-azdzrs1eqh 4

Analysis

max time kernel
1791s
max time network
1702s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
12/08/2024, 00:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BETA RELEASE.rbxl
Size

10.6MB
MD5

84410f118086e1b78a2cab476b0cb1e9
SHA1

5734087068443e22446f88dec2f34e2183d2b7c2
SHA256

4cc08389a45641ead70dd6dec8735dccd6ea139439f7d2a56778b1675ae04fa2
SHA512

4f615ad2ab818f3b92c42df59ca659398067b5f5517a10e788739b894e11474766687c553d8248cddb5de17e1eb5ad5d64cb8d867e05b4e73a14659abe9c62f6
SSDEEP

196608:rkvo1Ne2LxB1/Mgx1E6DVqzq5sx0p4brsOt7P8EWt7/cgG:rkQbe2z1/JU6Dmq5y0p4bgOt7P8EW9Uz

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 9 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Panther\UnattendGC\setuperr.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setupact.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagerr.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagwrn.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setupact.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagerr.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagwrn.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setuperr.log	UserOOBEBroker.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FileCoAuth.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FileCoAuth.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133678967921227919"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Control Panel\International\TzNotification	SystemSettingsAdminFlows.exe
Set value (str)	\REGISTRY\USER\S-1-5-19\Control Panel\International\TzNotification\PreviousTzChange	SystemSettingsAdminFlows.exe

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-970747758-134341002-3585657277-1000\{9C2EE237-2841-4275-9D4F-C04A93EECE5C}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
2988	msedge.exe
2988	msedge.exe
1676	msedge.exe
1676	msedge.exe
4600	msedge.exe
4600	msedge.exe
4808	identity_helper.exe
4808	identity_helper.exe
5380	chrome.exe
5380	chrome.exe
3684	msedge.exe
3684	msedge.exe
5676	msedge.exe
5676	msedge.exe
5676	msedge.exe
5676	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1676	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 27 IoCs

pid	Process
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe

Suspicious use of AdjustPrivilegeToken 12 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5380	chrome.exe
Token: SeCreatePagefilePrivilege	5380	chrome.exe
Token: SeShutdownPrivilege	5380	chrome.exe
Token: SeCreatePagefilePrivilege	5380	chrome.exe
Token: SeShutdownPrivilege	5380	chrome.exe
Token: SeCreatePagefilePrivilege	5380	chrome.exe
Token: SeShutdownPrivilege	5380	chrome.exe
Token: SeCreatePagefilePrivilege	5380	chrome.exe
Token: SeShutdownPrivilege	5380	chrome.exe
Token: SeCreatePagefilePrivilege	5380	chrome.exe
Token: SeShutdownPrivilege	5380	chrome.exe
Token: SeCreatePagefilePrivilege	5380	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
5380	chrome.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1116	OpenWith.exe
4648	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1676 wrote to memory of 3276	1676	msedge.exe	88
PID 1676 wrote to memory of 3276	1676	msedge.exe	88
PID 1676 wrote to memory of 3464	1676	msedge.exe	89
PID 1676 wrote to memory of 3464	1676	msedge.exe	89
PID 1676 wrote to memory of 3464	1676	msedge.exe	89
PID 1676 wrote to memory of 3464	1676	msedge.exe	89
PID 1676 wrote to memory of 3464	1676	msedge.exe	89
PID 1676 wrote to memory of 3464	1676	msedge.exe	89
PID 1676 wrote to memory of 3464	1676	msedge.exe	89
PID 1676 wrote to memory of 3464	1676	msedge.exe	89
PID 1676 wrote to memory of 3464	1676	msedge.exe	89
PID 1676 wrote to memory of 3464	1676	msedge.exe	89
PID 1676 wrote to memory of 3464	1676	msedge.exe	89
PID 1676 wrote to memory of 3464	1676	msedge.exe	89
PID 1676 wrote to memory of 3464	1676	msedge.exe	89
PID 1676 wrote to memory of 3464	1676	msedge.exe	89
PID 1676 wrote to memory of 3464	1676	msedge.exe	89
PID 1676 wrote to memory of 3464	1676	msedge.exe	89
PID 1676 wrote to memory of 3464	1676	msedge.exe	89
PID 1676 wrote to memory of 3464	1676	msedge.exe	89
PID 1676 wrote to memory of 3464	1676	msedge.exe	89
PID 1676 wrote to memory of 3464	1676	msedge.exe	89
PID 1676 wrote to memory of 3464	1676	msedge.exe	89
PID 1676 wrote to memory of 3464	1676	msedge.exe	89
PID 1676 wrote to memory of 3464	1676	msedge.exe	89
PID 1676 wrote to memory of 3464	1676	msedge.exe	89
PID 1676 wrote to memory of 3464	1676	msedge.exe	89
PID 1676 wrote to memory of 3464	1676	msedge.exe	89
PID 1676 wrote to memory of 3464	1676	msedge.exe	89
PID 1676 wrote to memory of 3464	1676	msedge.exe	89
PID 1676 wrote to memory of 3464	1676	msedge.exe	89
PID 1676 wrote to memory of 3464	1676	msedge.exe	89
PID 1676 wrote to memory of 3464	1676	msedge.exe	89
PID 1676 wrote to memory of 3464	1676	msedge.exe	89
PID 1676 wrote to memory of 3464	1676	msedge.exe	89
PID 1676 wrote to memory of 3464	1676	msedge.exe	89
PID 1676 wrote to memory of 3464	1676	msedge.exe	89
PID 1676 wrote to memory of 3464	1676	msedge.exe	89
PID 1676 wrote to memory of 3464	1676	msedge.exe	89
PID 1676 wrote to memory of 3464	1676	msedge.exe	89
PID 1676 wrote to memory of 3464	1676	msedge.exe	89
PID 1676 wrote to memory of 3464	1676	msedge.exe	89
PID 1676 wrote to memory of 2988	1676	msedge.exe	90
PID 1676 wrote to memory of 2988	1676	msedge.exe	90
PID 1676 wrote to memory of 660	1676	msedge.exe	91
PID 1676 wrote to memory of 660	1676	msedge.exe	91
PID 1676 wrote to memory of 660	1676	msedge.exe	91
PID 1676 wrote to memory of 660	1676	msedge.exe	91
PID 1676 wrote to memory of 660	1676	msedge.exe	91
PID 1676 wrote to memory of 660	1676	msedge.exe	91
PID 1676 wrote to memory of 660	1676	msedge.exe	91
PID 1676 wrote to memory of 660	1676	msedge.exe	91
PID 1676 wrote to memory of 660	1676	msedge.exe	91
PID 1676 wrote to memory of 660	1676	msedge.exe	91
PID 1676 wrote to memory of 660	1676	msedge.exe	91
PID 1676 wrote to memory of 660	1676	msedge.exe	91
PID 1676 wrote to memory of 660	1676	msedge.exe	91
PID 1676 wrote to memory of 660	1676	msedge.exe	91
PID 1676 wrote to memory of 660	1676	msedge.exe	91
PID 1676 wrote to memory of 660	1676	msedge.exe	91
PID 1676 wrote to memory of 660	1676	msedge.exe	91
PID 1676 wrote to memory of 660	1676	msedge.exe	91
PID 1676 wrote to memory of 660	1676	msedge.exe	91
PID 1676 wrote to memory of 660	1676	msedge.exe	91

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\BETA RELEASE.rbxl"
1⤵
- Modifies registry class
PID:920

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xe0,0x10c,0x7ffb1c1a3cb8,0x7ffb1c1a3cc8,0x7ffb1c1a3cd8
  2⤵
  PID:3276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1700,9829852824366640146,9438756539075882260,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1936 /prefetch:2
  2⤵
  PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1700,9829852824366640146,9438756539075882260,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1700,9829852824366640146,9438756539075882260,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2528 /prefetch:8
  2⤵
  PID:660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,9829852824366640146,9438756539075882260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:4660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,9829852824366640146,9438756539075882260,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,9829852824366640146,9438756539075882260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
  2⤵
  PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,9829852824366640146,9438756539075882260,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:1
  2⤵
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1700,9829852824366640146,9438756539075882260,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3788 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1700,9829852824366640146,9438756539075882260,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3676 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,9829852824366640146,9438756539075882260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1680 /prefetch:1
  2⤵
  PID:5160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,9829852824366640146,9438756539075882260,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1240 /prefetch:1
  2⤵
  PID:5188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,9829852824366640146,9438756539075882260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4568 /prefetch:1
  2⤵
  PID:2824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,9829852824366640146,9438756539075882260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,9829852824366640146,9438756539075882260,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1680 /prefetch:1
  2⤵
  PID:5972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,9829852824366640146,9438756539075882260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2952 /prefetch:1
  2⤵
  PID:5652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,9829852824366640146,9438756539075882260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:1052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,9829852824366640146,9438756539075882260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1700,9829852824366640146,9438756539075882260,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2948 /prefetch:8
  2⤵
  PID:6060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1700,9829852824366640146,9438756539075882260,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5844 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,9829852824366640146,9438756539075882260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
  2⤵
  PID:5644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1700,9829852824366640146,9438756539075882260,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4732 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,9829852824366640146,9438756539075882260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,9829852824366640146,9438756539075882260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
  2⤵
  PID:5596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,9829852824366640146,9438756539075882260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:3288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,9829852824366640146,9438756539075882260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
  2⤵
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,9829852824366640146,9438756539075882260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6700 /prefetch:1
  2⤵
  PID:5208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,9829852824366640146,9438756539075882260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6508 /prefetch:1
  2⤵
  PID:5136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,9829852824366640146,9438756539075882260,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6588 /prefetch:1
  2⤵
  PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,9829852824366640146,9438756539075882260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1700,9829852824366640146,9438756539075882260,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6656 /prefetch:8
  2⤵
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,9829852824366640146,9438756539075882260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6880 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,9829852824366640146,9438756539075882260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6620 /prefetch:1
  2⤵
  PID:5832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,9829852824366640146,9438756539075882260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7496 /prefetch:1
  2⤵
  PID:3816

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2728

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2384

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:4644

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:2568

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb1a06cc40,0x7ffb1a06cc4c,0x7ffb1a06cc58
  2⤵
  PID:5396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2032,i,6581511892729086606,14886567272550638402,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2028 /prefetch:2
  2⤵
  PID:5564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1396,i,6581511892729086606,14886567272550638402,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2068 /prefetch:3
  2⤵
  PID:5572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2200,i,6581511892729086606,14886567272550638402,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2224 /prefetch:8
  2⤵
  PID:5612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,6581511892729086606,14886567272550638402,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3096 /prefetch:1
  2⤵
  PID:5780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3104,i,6581511892729086606,14886567272550638402,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:5792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1.25 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4408,i,6581511892729086606,14886567272550638402,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4388 /prefetch:1
  2⤵
  PID:6076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4696,i,6581511892729086606,14886567272550638402,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4784 /prefetch:8
  2⤵
  PID:5328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4916,i,6581511892729086606,14886567272550638402,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4920 /prefetch:8
  2⤵
  PID:5000

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5852

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1504

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4996

C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
1⤵
- Drops file in Windows directory
PID:6080

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
- System Location Discovery: System Language Discovery
PID:4452

C:\Windows\system32\SystemSettingsAdminFlows.exe
"C:\Windows\system32\SystemSettingsAdminFlows.exe" SetTimeZoneAutoUpdate 0
1⤵
- Modifies data under HKEY_USERS
PID:2164

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4648

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
- Modifies registry class
PID:1908
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Windows\system32\slmgr.vbs" /ipk W269N-WFGWX-YVC9B-4J6C9-T83GX
  2⤵
  PID:5648
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Windows\system32\slmgr.vbs" /skms kms8.msguides.com
  2⤵
  PID:4824
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Windows\system32\slmgr.vbs" /ato
  2⤵
  PID:5436

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6028

C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
1⤵
- Drops file in Windows directory
PID:4980

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
- System Location Discovery: System Language Discovery
PID:5320

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
a7cf6344723959430ff8104ee5395296

SHA1
b06e8d5a0e792b756ab3e23218466ff804e17de5

SHA256
63e78e6fa5cf47c85a51d68f8509596d357f7958e2b5a62dbdf91869b220ad42

SHA512
8a82ca63be1547f2341ffaaa4e55fa83d6b117d8190a6646f6158a09b2924f504526cd9545ea38f16d7d97027393efff03d04ffeb1cfb2762824e2103a8aecb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\91321e39-4456-49d9-8d7c-e9053c9edb53.tmp

Filesize
356B

MD5
b087895ff68d07c24f0147a6026eb479

SHA1
874edc2729177028c72de2f144b2e36a82f96c6a

SHA256
af8dc9e67d1e810869ea2058eaed06f4ef9cdffc93847faeb2f66e7926c8d4c3

SHA512
3f486844f2317756f29dfc8a3c7990dac82bf072322db7be6dbd73ef946a35fac7bea7466869e198a20991f97dbef111cc815cc12af1dbce01a5f86a543bf2b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
a7a5425aec4cbb776d27e6250601c13a

SHA1
bcb7dd549bfec0ea04ce001a6c6c0f6bb65fbdd6

SHA256
a6c1dfe5c210428aa61e41769adb9c1644335152bf18bdb082e6a2a7ec385de5

SHA512
46b6354306fe362e9df018a3f0070477e422cb55dadb0b91038003c5bc978324ff4bff2659b7a391b6775081488d03b3a85ad89d80bbd72b3f1709e50f324238

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
874bae56d27d14e432bee9cb1ddd0ca4

SHA1
8d811cfb588cc506d9f23fd712c85d5d4ea2969f

SHA256
fdb4200441f613c089dc91c7e9b9291924c5f62f0e87027d155df979a8313fd1

SHA512
2a6d862b83baaf08de32b067a31261db18a1d2713163108c87725ef3439d6992e177bff8f5b21ef508dfc834b5ca797475c6eaee74a17729b8d0ad168f6d5a96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
3a9ebcef0b1fd7323ac58bd3820be3b9

SHA1
e9cd2cdf0f972eba760ab6e90865428f7836f583

SHA256
e50717093275598ffc01d7064814bce44f300860f670e7c290ded3f8ef8d9926

SHA512
c499bf6a66ab6c2d5396529795f5c9f4a95e2a0891fcb15ad557afc0665552dc9dc4a65181ce58d413a5cd9a570da77f6e7921482dfa1f4e8b89b4c2b04d7985

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
101KB

MD5
819ad8951d6ecaececed7c0c2b81e244

SHA1
902825f4b3c6094f080ed1043929657d3b8395dc

SHA256
757440c792dceab72bbfb10cbc12092aa0da17aa740fd2e22dc8dc42fbd0727a

SHA512
df223d93a660effce96f085d48e58da6b1d087f0cfb0b78d0c99b3efd17faf90becc32e61c978167a1dfe35b8a613b8a9dd4664dae49f19e26d329bf6fe5e66b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
196KB

MD5
4491a935da62aa526d56c1248695bddf

SHA1
c796e03eea5eb60382d4d76c80c513a28536484a

SHA256
1c17ea7c060a0de8aee84ae9d64dbdb36d5b187447d3380aed9238111527980e

SHA512
7da3f4f5b94fba4a35134498369c314eadfe8d6d08b240396ed7fbe27cbf5403da7a3cca51ba1396d95a3c2efe0bbcca4e2cff6503694bb7cec4df69bdfbfe7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8276eab0f8f0c0bb325b5b8c329f64f

SHA1
8ce681e4056936ca8ccd6f487e7cd7cccbae538b

SHA256
847f60e288d327496b72dbe1e7aa1470a99bf27c0a07548b6a386a6188cd72da

SHA512
42f91bf90e92220d0731fa4279cc5773d5e9057a9587f311bee0b3f7f266ddceca367bd0ee7f1438c3606598553a2372316258c05e506315e4e11760c8f13918

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
058032c530b52781582253cb245aa731

SHA1
7ca26280e1bfefe40e53e64345a0d795b5303fab

SHA256
1c3a7192c514ef0d2a8cf9115cfb44137ca98ec6daa4f68595e2be695c7ed67e

SHA512
77fa3cdcd53255e7213bb99980049e11d6a2160f8130c84bd16b35ba9e821a4e51716371526ec799a5b4927234af99e0958283d78c0799777ab4dfda031f874f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\061a0091-d871-4d0c-a258-bef6ecd1683f.tmp

Filesize
6KB

MD5
64830888fca8205c15cb25f59b63d671

SHA1
6264464044c474e2edca426aa8c2be2cfba7e707

SHA256
206562374475e0382f56d786a50f2aa5ac22aa0741ce7d69d34b68a25460481b

SHA512
e718c67e3098edd8d83b2d5ed2f6b76417b980b755b9ead4a3a5ccdba4967ad3f25dc03f6a53268e6223ee6b5531e3d949d0703fac6cc795c5549c0478f31185

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
67KB

MD5
a074f116c725add93a8a828fbdbbd56c

SHA1
88ca00a085140baeae0fd3072635afe3f841d88f

SHA256
4cdcda7d8363be5bc824064259780779e7c046d56399c8a191106f55ce2ed8a6

SHA512
43ed55cda35bde93fc93c408908ab126e512c45611a994d7f4e5c85d4f2d90d573066082cb7b8dffce6a24a1f96cd534586646719b214ac7874132163faa5f28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
41KB

MD5
a7ee007fb008c17e73216d0d69e254e8

SHA1
160d970e6a8271b0907c50268146a28b5918c05e

SHA256
414024b478738b35312a098bc7f911300b14396d34718f78886b5942d9afe346

SHA512
669bec67d3fc1932a921dd683e6acfdf462b9063e1726770bae8740d83503a799c2e30030f2aca7ec96df0bfd6d8b7f999f8296ee156533302161eb7c9747602

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
1.2MB

MD5
9f8f80ca4d9435d66dd761fbb0753642

SHA1
5f187d02303fd9044b9e7c74e0c02fe8e6a646b7

SHA256
ab481b8b19b3336deda1b9ad4680cce4958152c9f9daa60c7bd8eb6786887359

SHA512
9c0de8e5bf16f096bf781189d813eeb52c3c8ec73fc791de10a8781e9942de06ed30ff5021ab7385c98686330049e3e610adc3e484e12ef807eec58607cfae63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
43KB

MD5
209af4da7e0c3b2a6471a968ba1fc992

SHA1
2240c2da3eba4f30b0c3ef2205ce7848ecff9e3f

SHA256
ecc145203f1c562cae7b733a807e9333c51d75726905a3af898154f3cefc9403

SHA512
09201e377e80a3d03616ff394d836c85712f39b65a3138924d62a1f3ede3eac192f1345761c012b0045393c501d48b5a774aeda7ab5d687e1d7971440dc1fc35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
73KB

MD5
cf604c923aae437f0acb62820b25d0fd

SHA1
84db753fe8494a397246ccd18b3bb47a6830bc98

SHA256
e2b4325bb9a706cbfba8f39cca5bde9dae935cbb1d6c8a562c62e740f2208ab4

SHA512
754219b05f2d81d11f0b54e5c7dd687bd82aa59a357a3074bca60fefd3a88102577db8ae60a11eb25cc9538af1da39d25fa6f38997bdc8184924d0c5920e89c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
27KB

MD5
c3bd38af3c74a1efb0a240bf69a7c700

SHA1
7e4b80264179518c362bef5aa3d3a0eab00edccd

SHA256
1151160e75f88cbc8fe3ada9125cc2822abc1386c0eab7a1d5465cfd004522c8

SHA512
41a2852c8a38700cf4b38697f3a6cde3216c50b7ed23d80e16dea7f5700e074f08a52a10ba48d17111bb164c0a613732548fe65648658b52db882cacb87b9e8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
210KB

MD5
48d2860dd3168b6f06a4f27c6791bcaa

SHA1
f5f803efed91cd45a36c3d6acdffaaf0e863bf8c

SHA256
04d7bf7a6586ef00516bdb3f7b96c65e0b9c6b940f4b145121ed00f6116bbb77

SHA512
172da615b5b97a0c17f80ddd8d7406e278cd26afd1eb45a052cde0cb55b92febe49773b1e02cf9e9adca2f34abbaa6d7b83eaad4e08c828ef4bf26f23b95584e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

Filesize
63KB

MD5
67e59a06ec50dcd4aebe11bb4a7e99a5

SHA1
5d073dbe75e1a8b4ff9c3120df0084f373768dae

SHA256
14be8f816315d26d4bc7f78088d502eff79dee045f9e6b239493a707758107fe

SHA512
6364515e92ed455f837dcc021cc5d7bbab8eac2a61140de17ff6a67dfdbbd8fbdded5ce739d001a0ba555b6693dafdb6af83424d6643ff6efddc46d391b21d95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000045

Filesize
20KB

MD5
0c4e029571dc182bfb39161f25531f06

SHA1
77b38d4a247b63881e7b9be324979c203987ae4e

SHA256
fa5e2241e03bf7f6357dbff6a4716e4fee8b612fcb241ce68411552ba643cee1

SHA512
51501b8f4caadf0975eb5d1b3e193c3215c3b0706f7203d9173c8bbd3149526e9134b8b87ebcb0de6f1ed44e9f735ea3871201ac476f99e463380fbdd39ec7db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0b7e567e0c9c5984_0

Filesize
54KB

MD5
e0609260213f1cc1c237bcce407bd2d8

SHA1
760e5617e70941980055dfe1372855dd31edf91f

SHA256
16304df92bb7abd385848aa83b60374abc6aef31ce96e98413a777883562805d

SHA512
d45c834fc08ded8ae07f8d51434c6aaf45e1bbfededd596dfe48d7ed75cd1920dc5969fac41bcc76c32fb01e2e413e26c22ff5ed5cd54857dcec00378fe73067

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\21a2e465990f6344_0

Filesize
30KB

MD5
65de99e7c42d1ad5ca244681eb0babdb

SHA1
fb2a0039f2b269f6adca139fc2382b3b4ec94da8

SHA256
267c2e180ffd4b5b40574e6aa1afbf9fd15ab59d82abc63fc4998d728d433942

SHA512
86ce277c1900cc892901ab74c11a008ab8ba99ce268bdb08912d9cd52498462a1299ea3bb9c7c1aa141fdb9047fb2155d8b39c87ca9562276cc0c068622324a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\21a2e465990f6344_0

Filesize
262B

MD5
a1a1333441a2ab3e591938fd746baae3

SHA1
b23364abde648e2d7ade4fc887a5ad25804ee6e7

SHA256
a8ec6297db638eac4427dd7935b09ec7892fa01166063bcfb340c38559ff3116

SHA512
ee8c155c900687961f7120a959262024176d1301137acb245ad3be58dfa461717038cd084f926c4cbea472e47f2e8150848ce5a46b75bc6e8e1f5ddda9cad145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d96bd3b61b9f2877_0

Filesize
32KB

MD5
7089d426e02a2926a4c1b9075ab66b8b

SHA1
67eb774d290739205458e594362bdb8e9672d345

SHA256
31f25bc0d60202b677c3d4193a4417055f0f95c207980eef97da9dff6ea8b405

SHA512
f72b253038d7488964dc57049d8248217a38a79d1ba90999149600d566d02e7cd451105ff22a9c7264cf7b161e86d2e10ee3c0d2a86a2415c0b3ddc054ca862a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d96bd3b61b9f2877_0

Filesize
32KB

MD5
2bd6917c679b28a4535715a0ac54fdfc

SHA1
a5884acbc8b58406c4948c68d7c842b2ba204754

SHA256
bd3a3a967b1e75de9767de61e0aae5efb7379f942ea7419d79e0c53192c990a8

SHA512
9dc9ccf511428d526c0c15d75b238112f5215157deaf5d078616a92a620055df5c5d4a8d8733280ecca41c67aee8d64070ea9e87c82c14f8de57a7496db3a647

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\df53bad28ea1e322_0

Filesize
255B

MD5
ff57f2ef953440ffa90a9423988f1185

SHA1
ae7e617ba7e54366f8eba5802468113d7adcf1da

SHA256
13be448438f5958152d0b595d932e64c840fac3826e38f063b6b5730365650a8

SHA512
cc2d2cff1e697b411176ed08c8d1289129ed0ca4f1a0cde9f8e9984e7cce4470c6f35a85ae6fee7ce8be56b932a1457e27bcfd4a94f1119872cdb9b8f3fc8177

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fb2a3eee4aae17d8_0

Filesize
3KB

MD5
2d75fd5ccd8fa6dfaa0c6b100f37a639

SHA1
7d41a5f3f10c781bfed7ada85818e8da2f7e43ff

SHA256
692ffba6ed1564854672f405066463e56c1757497603704ebcebd545a29622b3

SHA512
680e6a7e8901f878584a2b7c8daffe9a976fc686bed0eadd0a085ca4090fb3a3c01c57ae4a0cdcb19ab8de1b3f01f6bd229ab1b58c291490674565ded7211047

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fb2a3eee4aae17d8_0

Filesize
255B

MD5
19a7891e765292e4c12af9fe78bc7d24

SHA1
556bc9bada484f31e7895aa5a6a2a8326415fa8c

SHA256
d9d4e490ef11008131649308c4c13d74aaa3d834332e6ce98d8cefe637dcf7d6

SHA512
f57f8352bdfd199d458179542764fe23f63ece63cc7dc32b2b51eb52f4e376aac1b5e27a3444f3c4d02607fc4561582c9d2f82ca0f5aabb6640603eca1d1810c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
8f638006980f5737e0d43e3578a95889

SHA1
b8177288a330d7e6bfd52f6fb5cea110fb9f248c

SHA256
9969ca7e0fb86d54d03d87ee3b04c55c17c389357a78cc4e0fecce54a464c0e0

SHA512
c684dc4526d18ad9bfeb1b0b37c30155848c40c1841164f0d817b30f5bb2b0cfe0283ed63de9eeb7bd05dfb1c82502c062da2022971cc7c3a18fcea121e466ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
7964634aa19b3e1f37e6f77ccf14a767

SHA1
5f5087d18114afa684466bb0a8d101248b93ea02

SHA256
8466042e97272b74cb8e7dab6ef51b699c0583c3f5c8bc5c90477c5d4d680c75

SHA512
8fe56765f3f30ebc1d2f17f155cb54a959085ae64838a0b52687bf614f6f147d1245371cfdafb0f27c504c3b38fc249c03bdcc1512c4f9a9a09ba0bdca703d87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
68e96adb48802c6850081f098f3ee216

SHA1
ea7734f2f62758d8886265e12992f09a65b01879

SHA256
4a2e62a0e7766b1b2ab6a6fc8fec698a426bf91bde1e6a92ca0b5594a40d3202

SHA512
498f148a2e698c59c88421fb832b244a12a2619ee82d4b871de5b0c8d656cf6768c29f57af213abb662c65975110e56e5e6ffb16e8ea39b3d0edab15395f3f2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
f69b78b985340deee26b1deb65d90f35

SHA1
c6ab8a4200c465fd1ebbfe2323bc795202e880dc

SHA256
3aa864e879c6489f5cb4ca89a4235a78c8c967cb28994e3946e2d892b915d363

SHA512
89c1f36a52d8d24edfac1cf834de7482bbac58e70fb0f02af4af2de8202776bb73a1bde4d88f6def06d0ea7db751afeb48fd03c6c3065f250bf998737a7043ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
c4fbfd5e7e3d2e43f210585afef7f155

SHA1
9a7e945fcbb30d85681cc1fd1bead07d14a45d58

SHA256
64bd72bcf999388f5562f5796b64668a6c53e3450522e8d6ca6039fdaf24852c

SHA512
8247345d0c3bc315a1b594cb8404115847c848fc5f39d4ccba3dcafb7f0f87986cbb63adaeab11a0de9f722c9ad53c7c7d9a892f56561282f5cef4dd42030285

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
2e3e7443f78ba14de7919763aa90fb37

SHA1
e835f8749fbdb6decab8f788654110afb310031d

SHA256
a379dda38bcabcc3943dd1fbd80e5789175a4002e23c5eb3972dbc86ce485d04

SHA512
23da441431e516687621e30b2860c2b716734f41c9d726ea49d2af853b24cb5e0a38fe5df497ead1ad661dd232c6b2d7720cf426da4a0b5e6aa8743df0928f28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
619ed639ca3136127b327795b568d245

SHA1
a6151569aca7fe8fb2b14661abbdf45515e0c9dc

SHA256
c3b12262c994d7e309b0ed10387ae5dfeddb92c7856e04870e7400980991facf

SHA512
115cb803009e83318dbcefacc6800d5638b4e79c558f4c1b0e419f6199d66ef17b716215c7bf8dc1a2031df33775a68a13c7d84f9e5781db136279c3ac2cf588

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
a5dfb654fa300f69c59b758cc348703c

SHA1
d43f89686094bb678ab249ff868ef2b50dd0358c

SHA256
e4f36cd78fd5b4617bf2c48d2087720de3d0c9e4e20b6443f4d642a2adba815f

SHA512
4deb4df98e8584fe03adbc0bfabd34a07567e88f415b4dc162179c2d9b66b8449ea1452c2065bfffff9602f517aafd3577a5d4fc8bf24d3aae3176266519895b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
f3e122117ab98a28384a5f9b43dd0563

SHA1
fef17f1e1700488cf8c8d68ec0c1fcb0bcd2fede

SHA256
07fe54336a5d947de9b94620376ce0b87dd7b7746f73905b56ecc832f72e2b85

SHA512
d0c99304ef447e041bd2f030ce929ce6cfe5ed9523bc72f0687c11b098bb98c82fa24d0fa9234601cc7a10b99a4372235b3a81c8419aae338c4e13333591fd90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
b6eabed35d092daaed55761d9556171d

SHA1
a4245d9842526d327e506061b4255038c9abc5ea

SHA256
bb405c259332e4591233517a8f39338da6af4ef6d56689edf7f72d9e6756d140

SHA512
e20b00f1fed3975cb5316d32d7ad9ebc2a77d8093ae431bf88a9c85b91f4e1e36483a3d9d76818f22b750564ad44dc266a059f324e9404b7a49aef7b4044bd24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
327B

MD5
3eed05f4a75513ca7a782424edffca98

SHA1
04bb3a6e62176801ef3244b17e4fbc43a2ce7dd6

SHA256
f6a6f6776e8e9da571fd4185225f14f6467be4f0b29b237b3a685954e563abcb

SHA512
46a8f8eaa27160591bc4516db0c15198c8dd860b21bc01d03a8a252b0d30a63d2e7d7166172f8833b2e1b349dd2a081442e41d648769159ee46dbc610091b5dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
5b4200c49f2951e27fac47f08f196064

SHA1
c89d0fbff2278d56857d3bf79e874c1498a2a4fb

SHA256
5a7daad5045ede027616eb355beb1cd34fcff809fd0d5db68b4a5d58ee732781

SHA512
2b18e3e4df3a55498187a7ab47df96f29ae4327b183b79457626f4876bfef93e9461d7789ed5f6d121502a26946c143bc3168f67478c8a62ddf4f7ca625eabb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ef2ac20cda38dae9e380f5e26525f6ac

SHA1
fee5dd43628268f44cc2010f8384b8e5861b32d5

SHA256
8ae8cb64b4fa58e11a33339c4d9b412cf6d9953210983c9eb5088d6564d4551d

SHA512
e0a4c17f21d635734a415f222a541812c3cebcddf9259e26c77490a8c9f77f5fc79fa6a724f3f628497cb6a2d0cb5918c6b81a92b1af2bbfa42131891f94455b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fece1cf4ee6d888de07d25b2171e0480

SHA1
d1acb9b3f19dd6ccfcfaa62b48dc7f50cdb7e5be

SHA256
198b938f63b0be6369039dd85d23f2a8cdf0796cafd084038c9e0d8703cb9179

SHA512
f6c3fc3295bc70403819cb02445f1e536def9c5b8da1abaa748226e08b2dd7417214b7b85484abc0f0e55dfae7c7ee638764a2ff8692b005df110a16e59666ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
af0382293996b860c5c9d68fbcd85156

SHA1
beff7bc474b7887275858a1f3a8821d80ec1a67a

SHA256
9a7f2bb7a60f47eff23216a6d061ab9cf32d244acac0e042c4d9342a385b6472

SHA512
0ec484311f30220c77a40e24b285b46ab95c986bc5595b3b597248e17e45f757c8f95f37850a5723c26c42c56e8c7b83955cb34286ee62e741f2cfc0214c2e7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
073e487aca303539829b4ea4f48d0550

SHA1
cd3bba4d6932f3ec5a0388d1bcf8e181f2129988

SHA256
4bd19a29d4f5c292ee21a45fd30faf2a4654da6057c6fffb2124153513317b79

SHA512
5dc8786c02c9f2dd341cb64dd18db5eba7d9406aa1857aec432f79859f8b37b514c439a85667cbc86b65a2fcc669e8c1b3400fe339e37b2ff477e3997f7ab424

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
80587ccb68465014e7a96a8362bd66cd

SHA1
0efb64ff6c66e7c04af95a6912c3aa41f67b5362

SHA256
f083372ed41ebb4afef000acdacbc23f22c0ff536e48bbb65abc008e8c6a4557

SHA512
c43cce5bad25e3bc56bdab537ef3a87fb74ed1b6eb1707ecbc17e407d608e54dee3fac80845ac320e0cbd743e12845a964749b3f2862252b583c8c42aca7a8eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ea240f657e3fe213044dcfb3e07c78b8

SHA1
3853ac96fe8fc86d167399aca9c7658c6b99ac50

SHA256
b23f9eb498e1450de1c4f775866b7b3fff40ac44ce54f6ad6b2bf2041aeb1b88

SHA512
5ede0bfb6e5d8cecf21e46d2460e3d4ae09746298e8411af913b5e12cb2de5023f0a672323d4752dbb746cb81f58ba37abf1dc486e3ccd17bafb245ac187ad0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
654131a048f9c55cb3bafbeac798aadc

SHA1
5831e4e0493cfc38095caece0ef1dd086e36e5eb

SHA256
036630cbebfcf84e9b081e32d316c84eca681282426fd031273552d794f02015

SHA512
8e435f2c8671caf238897bc87076715bb575a028ae23792dbd540f0a05e297ccf49f39ef9f095ac75c6a6d9d34029c1e0cfa84ff9fe27fadc993aeb7bcbddb78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5bd23ac437e728a5c89ab6d96315a8f7

SHA1
8ab8b7e65aa35b896cdaf8fc3e890293d958ea07

SHA256
cb51e90019e1ebfa8c882b16e12ee9b96ef79343a3e9f432309a4bde4284bc87

SHA512
3460150bb8c32a96fa03a53db4aa818165186aa867f1546a695150a6fb6b80590e1572247dba3062e6f3c24daa46855c53a0f71f54cd65218bfee791f5da3ba8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
04217f821ebd2927bb25eee4466b5e5b

SHA1
479bdcfb65fff7fdc5afe0bff63200fcc28573ba

SHA256
b41e571119abf013ba4341dd7b0a8fa6828a414c1cd2d60c7fce51d75fe67472

SHA512
6ea84096c84ce1ea97b1ed97c1e1dc7095f090097a07288a5644e49165d38ee6681a089b91fb093c2bcae2b060c22bfb0c4316ca858c49972ba45a4ff864a170

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
305f9a8fb7dd9908171ce7ea6a572df7

SHA1
8b9abefaf4681617b685acd3e2cfd73e77016f94

SHA256
df17e4bd3d3b62301e242f5a45e6819edba73fa9c77d944cd2fd2b2cc5882767

SHA512
12adf7fbccf3f72527933102f98c7a93d38f6d0551ccdd6cbc6d282bedeec2ac77f9c67a41e824d41e7ab28281d7d6242954a9d18932d718ff9bf5053d74deda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
37307d71ef6bfb01e57cea46ce0f7145

SHA1
ba13a294705360c194540e283c8bdcf9fa3d74cf

SHA256
8f73b2ba919302414c1d54528a3a971d8fb65790702ea662dc31e095217b3725

SHA512
aa6d67ec52d20f8ce7ad6bf7682af1642907113848cbbbe5478c5dfa7d92dc809071dfd07bb4bda034f4acf6e5619592295679109e24562a6bc441a9832c7bdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8c3de68c3e5c202aa15476c4263ef94e

SHA1
0388ee535d7d7ad6a5099cd5935f4efa10163a24

SHA256
722428dea4e3ae0eb7160fb437447328279fff396fe56920e3273f2940329201

SHA512
5e3b5d4826a27ca1a4c93c848d2098fbffd49c5a878dc481022b218213d548feeb2022442fda8a93e5bf9a57a18877de3d5e134d1a8a1523840c12cbe4ca7885

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
05ccc695f84cb330750e6d112c1793ff

SHA1
f9f141988c2c9f5601db1cc1ff062b0f5108cf2a

SHA256
e2512be9614847bd02faff8ba1106db579f745a40c89453ab8d993188b8c2bd8

SHA512
2bb6a9025fafb93251b85895b15b551b306c442ee70870f52c6ea58eb9d1111cf2be7e86b51e6c572d0c854142c0447ce716e805162ac1040a551f7181c6edf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d84f11c6f264bf0161fc50a1078f4128

SHA1
451647c82239d6ca8deded95aee2d4894628eeff

SHA256
a80ecdb68d644aabe407d8baab46c27188f44862a9882909afbda529457b0713

SHA512
b7ab5e52c7a44783abccf706c04cbe7cfd58738d1c45c217f8a6d269138f206e9841f6ab463e956cb3b9762b0efda1bf59aa5f6d6bbb9499a177820fd1ee3ad9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
63add823110d608c6e24e3cbf8dfcd2e

SHA1
27c3c942fc3a750907d5f9477b55557a2f7f30ba

SHA256
e9973416e17b423f331dcfe1c5a8ad568e9837f30f7eb9fde6f7f0dc7630f698

SHA512
13cbaedbc96a32ea4fd8fc06ceea19b077eeaa36d9d738c243e701c6cc71da613e2109284410df35c31941d8e8052b83819d7ddd2f06367efa3a69958e2dd3dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
998b11392ad9bd6a0503c30d899febcb

SHA1
ae6ee730604477a60b9397835d82a1d7f5faad92

SHA256
98ef03ff41ac9ad1ebae382d0b21be0df468993b3a91ec2bfaea854e0868b8df

SHA512
24efb5b6bf1b208b8db00cf822acabedf4dcc64937e007b49281ab58e259f5cbee3e46fe8eae810b26b9cd21e6cdad496cf1ee4bc9a91b8361221968b9d85574

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5cd9ae.TMP

Filesize
538B

MD5
68bab2a81e4a0434dbe3272cd17b4b0b

SHA1
844990cfa1aca69fca206daa393d582264a00503

SHA256
ac9c365123b6076c73830f52a81cec4dbfb60757d8425c43cc052ae024f05043

SHA512
76262ca7ea46d848bdd4a3f53a98e16ed1785586c39f1d22c55f734e45eba8a89759704df566fcb52a87df599f2118a185dea6c826ad4c2bb7bb25a9b06fcd81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d678ec3b0e911755a6c0465c81536bab

SHA1
6cb583dbb960f997d07b9c35570af250a9076dea

SHA256
8d394d377c593bd7d80df9793fadb3bfffa4ae435ddb536fb3fc50c8f890b2a3

SHA512
265e3a7eead1e0a129ffd549210a05987875bd1d0d595affcb3ad25b0103c149e5c351f4b14b26558e1107ea8f0d4bb6899b9b6b4e8d1030788759657751c5b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
626a4be03941bcf4fbd0aec31d9cf5b5

SHA1
9f4e4ef327c0a2ebe685f498367719dbabd9776d

SHA256
aa49295dc3db30c35011fb8aadb53de8e0acc4c898e88fa7ea7d4a78d6786644

SHA512
54dd547f5beff92f6d6825b0c0b5dd3a59dbae41adf3fec6b053620b527e970657d4fde7bf87cb78e93bbe1f18108e74300f39b223a8f6e762f8d56e3d6c3af6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
378cb23d92d002a8fe0c56accae052f6

SHA1
89f2cbc8d6c3e4ea03f07048e323ffdbff5bbfff

SHA256
f4566fe31e8380ae43e510164f835b4b219aa16309e9c7e0007b48c73e50c217

SHA512
639a1c808a2050aee3ede20b197accfe46953ac95ab78b4552dd4ebcd3f6c277402817593af65f3362276421fc1b19e3b5916f9434ad363cb917f840fb3e5812

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
dc968014d528d4f9ec47ab32135ab5d1

SHA1
b2fd3c7d453f3035f9c9205958c230c0dee74ecc

SHA256
bf5e8ff6bec79ac78b3e2ea0f11379327f02fb68f7b47efcdac667a2a1d893b3

SHA512
0f357175c5e3950e77ea1b38185b5f90cba7d72376d586ee17253e88bd47de9b0dc7099f126c4677d4e8e4f16d91a808deae3d2214f806acb83973adb6f7499a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bd17219689406376e0144ef01a834532

SHA1
7bd8e9a060b713eb064eccb0a0747d111da8cb1f

SHA256
6fd5b9977ce72f24aea984b364165f69e018118eb5d79601eda93dd3909cfdf2

SHA512
6bb359977d8eb0cde5368e5dd202fb78a9b174e8eb138fc1e9a958214c71e675fc99cd959bcedb9d42e63e250dec503a10aac8fbec6e5ce5815853527975f6e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4b7c2d10c917d818ab0ccb73e133de9f

SHA1
d047fc2c6f9fd1e131de303601be76fdfa767b56

SHA256
3c342192b7fb998814c9f0cf39c3b0bb143c2d91dd198d9d623a6ed241c54880

SHA512
4b1e0c06225e5e1ce3b34626d79a9d421f926c69f6b0d50996f18ebcc05d82b7dd5538873b0574827ca97cd8f560d3d1b20a8e3b1adc9b9242e86243a0553f5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
181a06901c8a0e1f23c7f6644397c304

SHA1
a552f37a7aa24d833249ba6b03c9f352e8d571ef

SHA256
5f5fc0a3f6b30ca303a45749aeafadbc83fd25a9f3ad98d92ee44a95b672db13

SHA512
6e79cb2e306d410263e561b931204126680e325b966e8258f31084ded59084766e8817fe1bc9a34e2592112fb3e78aff15a98611b67e5991aca606c12e9f8161

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f482ce21e71549e5a1e85a78d80a2392

SHA1
12c92c1cbc1141f8612bed877562cce5306e9797

SHA256
9ae3db3e96f3e0a769bdd88a995c8751c54663f44781f3563c3df9de8b9342c8

SHA512
024267863a18c4985f54d5e35db3392c4617a2a492aa8d5de3d8bf7a3599d7ec6c9471265afca0d6fb8cc9231c5901571b80250eb0bf0805db67b784600c1faf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b00db0bfd3ce278766db7eec4ff607e5

SHA1
c9c240719e92f769040c519a6311294cad2afef7

SHA256
fc3d8a0f7ee83593a28857f219f9714fd510ec0fcbcb9faa5117652b524c4187

SHA512
add4a796fa3223b1a2dd0aef1ef2c1270c18f6c58c148b25f699e9211fb89b97a50eb8719ccfb735f72ea4926f982070ad4776e73073025d60bd5854fcf25c9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7862e4fb875d4f49c9a45d30d24288aa

SHA1
d7da2c564e20d0223bc6aa215d3a0d07064cf461

SHA256
7ed5031a6da03c9590d50bb4c128c370fb99180db5d15cef6574449ebe1eb2ac

SHA512
56799fa6091f5b4f664778acae894f5af897359ebc08d369b7c7674d839bbf789d6e1a115ba7234036562335cbd73c5903393db06f5154fc7825589c73db6de3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2024-8-12.042.4452.1.odl

Filesize
706B

MD5
72f5cc328b82cae246649581ecfcc42a

SHA1
c831ecdf551feb55facd0adeae487bf3edb7cf34

SHA256
ce08a5860499d86f8c36f949c429ad071c4b86f9dbc1a49c4e4604474946250c

SHA512
27dbe8c2e4fcc117f8b9e7bfddfd3f32eb64476e1459d025d97f34dbb0dd5b61fc50712e93ebab117ec9691511ffd5da3e9d65018e5cfd72b01fbf4678b2bd36

Download Submit