hxxps://drive[.]google[.]com/file/d/1f-yUJbx1QdI5CjmTtYCnLJHU0_N_uiHD/view

Analysis

max time kernel
191s
max time network
189s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
29-08-2024 21:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1f-yUJbx1QdI5CjmTtYCnLJHU0_N_uiHD/view

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
3	drive.google.com
6	drive.google.com
7	drive.google.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133694407748678302"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
4852	chrome.exe
4852	chrome.exe
4020	msedge.exe
4020	msedge.exe
5104	msedge.exe
5104	msedge.exe
5572	identity_helper.exe
5572	identity_helper.exe
5408	msedge.exe
5408	msedge.exe
6100	msedge.exe
6100	msedge.exe
5628	identity_helper.exe
5628	identity_helper.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe
1448	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
5104	msedge.exe
5104	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe
Token: SeShutdownPrivilege	4852	chrome.exe
Token: SeCreatePagefilePrivilege	4852	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4028	7zG.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
4852	chrome.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2844	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4852 wrote to memory of 4016	4852	chrome.exe	86
PID 4852 wrote to memory of 4016	4852	chrome.exe	86
PID 4852 wrote to memory of 4940	4852	chrome.exe	87
PID 4852 wrote to memory of 4940	4852	chrome.exe	87
PID 4852 wrote to memory of 4940	4852	chrome.exe	87
PID 4852 wrote to memory of 4940	4852	chrome.exe	87
PID 4852 wrote to memory of 4940	4852	chrome.exe	87
PID 4852 wrote to memory of 4940	4852	chrome.exe	87
PID 4852 wrote to memory of 4940	4852	chrome.exe	87
PID 4852 wrote to memory of 4940	4852	chrome.exe	87
PID 4852 wrote to memory of 4940	4852	chrome.exe	87
PID 4852 wrote to memory of 4940	4852	chrome.exe	87
PID 4852 wrote to memory of 4940	4852	chrome.exe	87
PID 4852 wrote to memory of 4940	4852	chrome.exe	87
PID 4852 wrote to memory of 4940	4852	chrome.exe	87
PID 4852 wrote to memory of 4940	4852	chrome.exe	87
PID 4852 wrote to memory of 4940	4852	chrome.exe	87
PID 4852 wrote to memory of 4940	4852	chrome.exe	87
PID 4852 wrote to memory of 4940	4852	chrome.exe	87
PID 4852 wrote to memory of 4940	4852	chrome.exe	87
PID 4852 wrote to memory of 4940	4852	chrome.exe	87
PID 4852 wrote to memory of 4940	4852	chrome.exe	87
PID 4852 wrote to memory of 4940	4852	chrome.exe	87
PID 4852 wrote to memory of 4940	4852	chrome.exe	87
PID 4852 wrote to memory of 4940	4852	chrome.exe	87
PID 4852 wrote to memory of 4940	4852	chrome.exe	87
PID 4852 wrote to memory of 4940	4852	chrome.exe	87
PID 4852 wrote to memory of 4940	4852	chrome.exe	87
PID 4852 wrote to memory of 4940	4852	chrome.exe	87
PID 4852 wrote to memory of 4940	4852	chrome.exe	87
PID 4852 wrote to memory of 4940	4852	chrome.exe	87
PID 4852 wrote to memory of 4940	4852	chrome.exe	87
PID 4852 wrote to memory of 5084	4852	chrome.exe	88
PID 4852 wrote to memory of 5084	4852	chrome.exe	88
PID 4852 wrote to memory of 4672	4852	chrome.exe	89
PID 4852 wrote to memory of 4672	4852	chrome.exe	89
PID 4852 wrote to memory of 4672	4852	chrome.exe	89
PID 4852 wrote to memory of 4672	4852	chrome.exe	89
PID 4852 wrote to memory of 4672	4852	chrome.exe	89
PID 4852 wrote to memory of 4672	4852	chrome.exe	89
PID 4852 wrote to memory of 4672	4852	chrome.exe	89
PID 4852 wrote to memory of 4672	4852	chrome.exe	89
PID 4852 wrote to memory of 4672	4852	chrome.exe	89
PID 4852 wrote to memory of 4672	4852	chrome.exe	89
PID 4852 wrote to memory of 4672	4852	chrome.exe	89
PID 4852 wrote to memory of 4672	4852	chrome.exe	89
PID 4852 wrote to memory of 4672	4852	chrome.exe	89
PID 4852 wrote to memory of 4672	4852	chrome.exe	89
PID 4852 wrote to memory of 4672	4852	chrome.exe	89
PID 4852 wrote to memory of 4672	4852	chrome.exe	89
PID 4852 wrote to memory of 4672	4852	chrome.exe	89
PID 4852 wrote to memory of 4672	4852	chrome.exe	89
PID 4852 wrote to memory of 4672	4852	chrome.exe	89
PID 4852 wrote to memory of 4672	4852	chrome.exe	89
PID 4852 wrote to memory of 4672	4852	chrome.exe	89
PID 4852 wrote to memory of 4672	4852	chrome.exe	89
PID 4852 wrote to memory of 4672	4852	chrome.exe	89
PID 4852 wrote to memory of 4672	4852	chrome.exe	89
PID 4852 wrote to memory of 4672	4852	chrome.exe	89
PID 4852 wrote to memory of 4672	4852	chrome.exe	89
PID 4852 wrote to memory of 4672	4852	chrome.exe	89
PID 4852 wrote to memory of 4672	4852	chrome.exe	89
PID 4852 wrote to memory of 4672	4852	chrome.exe	89
PID 4852 wrote to memory of 4672	4852	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/file/d/1f-yUJbx1QdI5CjmTtYCnLJHU0_N_uiHD/view
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff969c2cc40,0x7ff969c2cc4c,0x7ff969c2cc58
  2⤵
  PID:4016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2020,i,10951345560627873271,12889693034367237198,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2016 /prefetch:2
  2⤵
  PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1844,i,10951345560627873271,12889693034367237198,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2196,i,10951345560627873271,12889693034367237198,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2216 /prefetch:8
  2⤵
  PID:4672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,10951345560627873271,12889693034367237198,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:2924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,10951345560627873271,12889693034367237198,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:2348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4020,i,10951345560627873271,12889693034367237198,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4072 /prefetch:1
  2⤵
  PID:3600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4796,i,10951345560627873271,12889693034367237198,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4808 /prefetch:8
  2⤵
  PID:3496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5144,i,10951345560627873271,12889693034367237198,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5156 /prefetch:8
  2⤵
  PID:1624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4944,i,10951345560627873271,12889693034367237198,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4828 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:1448

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4836

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4740

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2844

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4396

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Tin 12 - F - website\" -spe -an -ai#7zMap22990:102:7zEvent11853
1⤵
- Suspicious use of FindShellTrayWindow
PID:4028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Downloads\Tin 12 - F - website\Tin 12 - F - website\test html\test.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xfc,0x128,0x7ff9562b46f8,0x7ff9562b4708,0x7ff9562b4718
  2⤵
  PID:3904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,6571515569098698486,5480400668348260698,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,6571515569098698486,5480400668348260698,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,6571515569098698486,5480400668348260698,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6571515569098698486,5480400668348260698,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:1496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,6571515569098698486,5480400668348260698,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:2684
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,6571515569098698486,5480400668348260698,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:8
  2⤵
  PID:5556
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,6571515569098698486,5480400668348260698,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5572

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5068

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5156

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Downloads\Tin 12 - F - website\Tin 12 - F - website\F1\portfolio.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:6100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ff9562b46f8,0x7ff9562b4708,0x7ff9562b4718
  2⤵
  PID:6112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,6137271026608730901,7149355511891525214,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2
  2⤵
  PID:5440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,6137271026608730901,7149355511891525214,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2192,6137271026608730901,7149355511891525214,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
  2⤵
  PID:5656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,6137271026608730901,7149355511891525214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:5724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,6137271026608730901,7149355511891525214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:5748
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,6137271026608730901,7149355511891525214,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:8
  2⤵
  PID:6036
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,6137271026608730901,7149355511891525214,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,6137271026608730901,7149355511891525214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4172 /prefetch:1
  2⤵
  PID:2188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,6137271026608730901,7149355511891525214,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4044 /prefetch:1
  2⤵
  PID:5144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,6137271026608730901,7149355511891525214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,6137271026608730901,7149355511891525214,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1
  2⤵
  PID:3552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,6137271026608730901,7149355511891525214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2692 /prefetch:1
  2⤵
  PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,6137271026608730901,7149355511891525214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:5876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,6137271026608730901,7149355511891525214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4208 /prefetch:1
  2⤵
  PID:5344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,6137271026608730901,7149355511891525214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
  2⤵
  PID:5796

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5932

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3152

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Downloads\Tin 12 - F - website\Tin 12 - F - website\F4\video.html
1⤵
PID:5556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9562b46f8,0x7ff9562b4708,0x7ff9562b4718
  2⤵
  PID:5460

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Downloads\Tin 12 - F - website\Tin 12 - F - website\F11\bocucminhhoa.html
1⤵
PID:5736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x74,0x108,0x7ff9562b46f8,0x7ff9562b4708,0x7ff9562b4718
  2⤵
  PID:5292

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Downloads\Tin 12 - F - website\dự án\index.html
1⤵
PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ff9562b46f8,0x7ff9562b4708,0x7ff9562b4718
  2⤵
  PID:5116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Downloads\Tin 12 - F - website\Tin 12 - F - website\F10\index.html
1⤵
PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9562b46f8,0x7ff9562b4708,0x7ff9562b4718
  2⤵
  PID:3492

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
98658b155609569c6bdb0627a722f878

SHA1
ffcd57ad786f58a3e8443b3ac11f24eaecf806f3

SHA256
0b847432d991ee82a59da98bccd1f0df0d535f84538b7a9eeb182214b59c54ae

SHA512
311f88049e220a59c73034a29339c7d87258a168654ffe4f627e5028097f29e0bdec5fe76da079bb3ecc12dccc6b0bf3a185737c317746c7d2abadc2db9503ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
41KB

MD5
0d17932e0626482afe8b6f310e47cb24

SHA1
78dd115cea950e82c6428486836b1975b6630573

SHA256
1f5b32a1afcdf9092cf1f0bb84eae0a6be1c8b4ddeb4d2fc4d271d1314aab252

SHA512
75e51a80add7329ddf91df268fe15a827931325283f15212b55a2dc41b76c1050863b0c0eecc4e7f20c069c0b8cf0c5b4e666ec9dca843c37a8e25867785edb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
352bca482342fa8092cc1a2b1b11adba

SHA1
7fc51cacf8b1e1bda7a24ffc9a42d49520ab5d68

SHA256
b89000bed330e02bd39ce3f7bf1e78350c88cd747bbc91657ba7f78f6c1f5faf

SHA512
fc5f8bae4814156edbcd453ffde4f615d28475ca9c7b9025fdb8418632768b59a6a586324e6259733b4e30c9a06d2f38ad76d9cf260ab6cefad964a35a828f7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
92d090e401fc3571650b836474622809

SHA1
ada2dc7e1abe37ce0fed9966595757b7eb52b5c8

SHA256
40bce5fcd4ad0f301d9566feaba196d6db470a4a65fa1d02427e9277b608c27e

SHA512
f537953282ec3e58dca4820f40dccb0335a95e21f3c3025343702e097632bb2181d59d6e3fd013bae74baf253b2f88abb2dc634224848d38cb527ced294aea77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
3c6885acb3b5e8fc006a3cb6f5bf2f14

SHA1
6d5e2397112491348d23d5c8e4cb78eebbdbbeec

SHA256
a70fcbf92959200d7fdd304a0cbbd8d8044feb56f2c47efbe15e86366193584f

SHA512
f4be86620bd4bee6eb6ba40be35c1fdabe5a81e8f0a6a9096af6652149a267cac7e30b8ac2429735017e648f3f7125f6e845f420055b7e166844be78ec62b946

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
17c5d3372e37d2ae5571e016fbc0854b

SHA1
2fb52e758dc478a999596ed93d074b3ce9d2a5e1

SHA256
900699f514b67a6ff2b23eeee7e5521533d3385e121c90ecd593846388a93cc2

SHA512
82882f920420fb4dd935ee5e7ca92acf8b3fdb09e881b779c08ee31a1ffce161c1c6361d4580c4dbe570ad92bb55d402b493ba6dfef32ca96dec4b646fa851fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
942ef869deb2f2e5b8b18d9b4d36bb81

SHA1
6de53131480a1db0d0724409f576a89c04a06b35

SHA256
983ae888a1398dd93f4a9669e7d9ff8e467b38e3a2ddfb7b2f74d0b0633f34df

SHA512
c6643890288650e4b0fb51d9c9500c13ff417d4c96724f1d5a928fd39580ba19f664a08654f1cc9f9c16f36d82d9a4c177e771a4adfe7bbbe560c25635d0ca4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a571f72ece6a03be4b0cd6ebc9f5c41b

SHA1
1437eaefcd1b2e664a2a8d595311b05be8faf66d

SHA256
9972014cf46725f0fba70ed93bb017fd475c5d0847fd9e351e50f69d98465fb2

SHA512
942029a26a666f22173e4bf7f4e573e8919aacc709f252dd7d2ff66401f3ac15f26d0c3a73ae69391d5710034802f84a7d6dcf6b675ec89992e475d4c3ac3ae0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5663a38e30eb057df189e000ab9216f0

SHA1
6f0f4aa545a0a2cf41e36e999e2f4c9e20192f9c

SHA256
f17294d4cc1ef00ca13a43d11d23aa3ac7569c7a8f93f8845d974d58b12ca56c

SHA512
a25ae053312e335c3a28b3565517bd2db45a13d86c4998b36cc786ae6d399e85d879b2a6d345c1a2733a1eac9a13c04009468f6d1fe285614d989d3fa10f7380

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b0465289e3b72229f0e37cd985e6d6d1

SHA1
f99e7d2b92784c7345459253abfa03eb4cf17641

SHA256
3b607f4d42489e6e7adef03eba79fde5ae5774d3ec24c9deb5a862be088cb2e0

SHA512
002f16d99c4885e118d1c610d1320523d895eed0bb9d84fae6b8d0d0c4c2ec4ce5d19af1b249b99256097c794aa9f01bd6a6b354edafaecf5ff5cc6cc9bd5597

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1257d023fe888df958c85eaa7987e674

SHA1
02b4c1121c84804d6b8ac1c545159880c91cc5d2

SHA256
40ab2200cbe54a0a62475c8d79c758894fc7f255a86c124dd9c1e5bac3a4910f

SHA512
015ac29aa02f1cce10dd2102a3179ba3e77742b64f5ed1d5cc9273e4fd4525c2435705386ef56cd58ce9d21192d171ff8c4a758ca150a774dd501ccf0362484a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ce9e87c6ee7ed06aacbab2141c2af009

SHA1
a68e68801f404d9e76243c73a499bfc1f475b07b

SHA256
eb5f96c0ba7b1b0a473b523b50dcdbf2bd218687f5e2fea79cd33caec28ee0ca

SHA512
bff49e5e436cf5bb28818faafa196fe8252837237ac1782105a52506ccf10e50d95b40c0ccecf416fcf103b2a4d57c3dcac53d23138e62b8c62bb6271afc74b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0533dd6e3a3c200f164f5f4d503befd2

SHA1
9e8e6319ea008caac27bfb6d026d56a3090d3a42

SHA256
060856b94facd2cdcd6dac3c80c841d110a0bdd28ccecec5f775f9dcc6e9ceb8

SHA512
d3968752143ff4f50ae09f3f9d0457d1ffac11e86cadfc8637ec001cd74b7af31f3d8f99f5e18b62a7faca0b8e863193361ec4c8214adaea474c526248d144c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3e0541f846ba9e759277398a0732960a

SHA1
64385323a4d50ecdde44a9aae405ba54c5b83f61

SHA256
18e914e3ff7bb3a9336543f6d1e4ba25663bf325a61948ec9f1dce1e4be6e12f

SHA512
45fdd2a5c8ebf02a463a713d10e30e43da55c99584840d116e945af21c0de58b6e4c08634ab938bc97a23c2e9c1ea3e4c9a177643971ee33f372466564e34879

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bcff174507534f97f4e594a3928d7a21

SHA1
1db11c1700913b33610355cecea3a606c8a32eed

SHA256
50a07d7ad7ace40ae41c58ad7058e63a7303b95048ad7600ec23d8ec40553ee3

SHA512
822adbba5ad08bc0071da3aebbe22668e81965efa563b1552e6d270e12fc49b9065ffa574a21a54aa83d299160b8b6053fd82efb00d1b2e8274cc0d089395372

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9719c73a0c93aba9a3b9e0cb89f1e86f

SHA1
bd511657607852c62c2cfe26c62403b358a25673

SHA256
11d037d720f0bc8b500119cfc9aff68b9750ed07408a6dcdb525cd5e2298d1b5

SHA512
4c0baa8dc5aa05372fbb3928d76ed90689338435adf29dea74d16b576468158039fd2a668d49cad9bed65322165f5aad5639fb452bbb6952369abcca294dfa5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ffc44235c3217cda10c8ffffee523646

SHA1
b102ddd229350adacbd1a82d38dc495bd000fc80

SHA256
9839ce6009e3407441eed23aed9e7e5bb9d197d9c32198b91066526759f0f650

SHA512
bdf11f386805b3ab8e34dbe58ce4563f16f347d5d06ac01d289fbbe96e8110074043f63cecc6257689117ca48b8356a9f94e509f9646ce58563e31d80fbdff09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3591c1126e89750d587d6f475dd27225

SHA1
de3b9deee3c9045d7dcdc950987bfddca0fea514

SHA256
2b0798d8ec284d1de5a03876e4dd216657ac216ba76c1b18b4e0bbb19ecd6848

SHA512
527422df45b97e9ea1a9fa668ba66f44af58f42503c88ec70d1b5364cd0e755c03c670bd6038bcf6e15e2d51ac0406c13f0fa32d2ea30a9d9627f7f6e4c70612

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
88cd2c42c1b7774f33cb00a73cafe94f

SHA1
fd499a30e860f16d7a9d941abe7d0ca4449d20cf

SHA256
3edc7e19e830ce98e2e4df82e74d51a94d30f9a26b9e7869ce12b7abb18f70d4

SHA512
74cdf763baa6c74bf0e8e2bc7f15199daf9dfd307a6160642c6bd85b3031bf79159a28fc08c837eebc85566f641570f088a6b730699e15dba6170f5faad0ddcb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d492b4e6c341422716520c6ae78e46e2

SHA1
7a6772fd4896a49d0a73e49d3a590999559cc397

SHA256
64564008787f011833924c3e22f2fa6d8b630ef8ab81401fc699af1f14aeb618

SHA512
edd6ee27789e3dc7d9c7678e311e8f02143d72aaa1fbfbb96d1a6f0f6e2572c29792ebe0d7efdba0febd75d883430042faa404bfc18330a36c90bc4b25dfd843

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4c788563bed685ef08fab0929e07b330

SHA1
c67182e03af82c95e75eeb9146032560c8282e80

SHA256
e170f09cce5211bcc9f954cc17d045e426078134195fbd89d52b251570c48edf

SHA512
38655162f67625f7462117425e09342dc3750f0a77e7b796c0d6e6754c3f73268dac9f8c6817bf6492a155b8e3080f331326a065196d983422ec97ea3fd87352

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
065c3dfb7b0880fa96b675f56bac445f

SHA1
830496dfcd1a217a6a729ebab8313586fc14dd9c

SHA256
df3b560d627a62dad2afc8909a60b15dfc332564aa390f5278513148032c6607

SHA512
b5246357e3f95b0d3a9c5739ec63021b24bc708463aa2edb862a59c86ee986320ee728d7a07fa9a86a59bf1286e14d61827cfc8e83c6ae1183bf782c307f97a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
a6cd8036c0627d465bb290131d39210e

SHA1
ec7c2847f6f3f56baeab37018473b244f3ae507f

SHA256
11804c1dee146525b27ba9e44e61a24f55f1ebe804c6d7bf63f823fe6a1b8e1d

SHA512
9d1850a9f9e970d86b56e83f749f6dfde0c71c7c86c593419fbf4ab5e06d7fc84f4945c7e889e1427fb73a55a53043c8daabca21f7d9e442fd8c266b6d61a723

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
9ec5d42b5e8bb5da8e6b327ba74d3be5

SHA1
3551c59eb76c52a7ebbebbb83ec76641921e925b

SHA256
ef9be1e624af31697fcd2a19b4435da14f95683b8bb836ad623674a32b644526

SHA512
3e6a4b9221766b2e98c9086dfb4a868945875336ba53a1d034ca94e8ea4ea0408395adfc548749c75669ca8a2c01a9aa5385494618e4d72a1274ce2b7e34859d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3c1b453bc9de8817bf45c099dd3021c0

SHA1
a0d38559d08d8f57d9335f26a6f37135e9c073d2

SHA256
9da1fedaa64c0c2b9faac7bbfe46efa74e1af3dbfef9fec3a28b3d094209ed72

SHA512
cd888a805ab470942f221b885aa019a519e40848d3779302bd1cfbfcb7ade90ae9ce2f41d2cd18f50478ced508f82f7ed303bcf2e6166f772cb7490eb9e76b29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
620c82eda9bdcd2ad19c4f1fa2557446

SHA1
d6291739c3327840f34b8d3864fd36e5ed93fe69

SHA256
db49df29940184640c17913d393f9d0d45b0290d0ec1d66e238436ddb3b12165

SHA512
6d8c1fa5e357264ebc5811edf920ffdf1e454cbad5691a8e516dcdce07ec38562e72c5e1667c488bf506e0eb799d95e3f10f6ab65eccade242d078243d4dbabb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
5f51f857dcbe655f5005b4aa6493913f

SHA1
fcab45e27ac5629b6361088f456c5031e8ce5f3d

SHA256
c5959ec26c6e9828752b37e94bbfe1a66816842a991432f66cb74f0e5d094652

SHA512
be2e68be952083789dc2405ba9f3f762cfa24a6029ebbc09f44dc929af62a074299849a13df44e31f813ed7792094438dadb633aa719be3cface455e2bab71c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
5ffd54aec737595d80ac25ffabdd6d00

SHA1
8a5e7d2e47771d6467954d4e131ff620ebc63909

SHA256
b10fab253af20261a7adf618499d69471e9bbf7d63666b306247198e29edda57

SHA512
6d24893bd2e431795b9b878a63d1d06e09b5474b170959ef5a248210b59f477bd3eba4232f417df155117028d943fd855a9a06af612ceeec5fff7c8dcbb6f098

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
322B

MD5
69221fe649acab7a1aa238ba8b945c02

SHA1
cf0e9c16eaa10af91b9111d8a5f92f05f298f7bd

SHA256
38b9169676ddb28ca5ce041e75c6809c27c3f4df8ccc8f4b45adbb8cb87f635d

SHA512
e61917c3848ae7401ab2c929429a7b1008af2aeec21e51028314f01573661fda12df6284bc30144553b02a039d7d9517ce3c2bf6ab6f0770a8965edadc9ca3bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
bc75a0dfe0d29570fb6f116b868e3714

SHA1
6e1d323070acd8e6a495f1c86786a556f1d94569

SHA256
06e378c1e7fe10c37bd6a8f181301691ba5b22d64eef429f63f99c7a0e0e987e

SHA512
d1aa5f0042e995fbcf7492857fb7940bfc90b5a393ca8dccb047aa22a850f69fc97e347138d937e90fead108469bb2e6b6c383105e8544af8e6f545d0a5ba5c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
751B

MD5
613154b9732b30a08991efc79a407edd

SHA1
bb1bae70a940ae8e1b7f1c049584978a646a5afd

SHA256
3ddc69d44f59413837a5925675abf537591258eb62c18a727313dabe17e39d6d

SHA512
330c097375f82014f3851e579b45892ce589739e0d07799b9961f45e5402d4731e709bc8e357d7df967db7721f3a991d311891b73b48628949210f2893f21ca2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
28KB

MD5
005364e5cbeb680f2c31fb3615bb8c9d

SHA1
84d7f98cdbb6c84abd971611335cbdb7c5b5a021

SHA256
fe2c70dddd2b07a9b611e00876bf58473586f59e6303c5b52c5c3ae063f8fb30

SHA512
407311457377df4e18311b9175a0bc99700f088a893b5e7dfb9134857651bc8e74bc758d407b1dde3d71ccbaf9c79b36c03da2a3e511382708a470d2479ebbe4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
fefdf512e2cacaf353021cda6861de55

SHA1
d23045574815625e1a543590bc55792a8fa9648f

SHA256
f4761e3da52dfcc55afc32665b84aa3edd19e2ff744c777161e037a79d2eecf6

SHA512
5f0ed1ab756fb82ba5895ccb5b872bb3f8aee2f4c0153fe2e8a7d04e1221863eb1046e2d56d99c55906e99afba0dad55da4e4ffa2b397133aa9b9bb96031cd94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
191B

MD5
f46d339db1ed7ebe7dcd28ed22ca7cae

SHA1
6aa0d3faebce51134884ba810968273d18d3e8b4

SHA256
1f3fa9b366a4152e6c40ca226d7f2827db453c22316566ec29bf62b6fa714d61

SHA512
1c8d7e6588f8a7cd33f0a1ee947146ff2b0dcda35cab0fd53c6232951dd93a3a7e08c590a81c6e2d74714398be8b9de5c9fc666cc9ae2b315f7eab136e1e9540

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0ba422c4bba6eb32cb63bdff3cc07e98

SHA1
7a21aaeaf46e26de30fe3e64bcf8b11c69997e1e

SHA256
34a0a72c57abe4a6682946f521921ba2f465929aec31ee5b59c01a2986e72143

SHA512
a3e5fc34e0f8ac14384a2cabfd7a940e127d697c28269a3ed469977ed57c7bff3deee9467dd4cc0a4364f3ca972fb6888f8bcdabe82eb898f60eff344fd0a602

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
93a96eff9b99bc392c93759803d0d029

SHA1
8e0a03aa944ee0b5e3e4a22e597449097ddf20c2

SHA256
e02c29214f7670905a2c06ad294e73b7a1ef3f4d8daa4899a98a21ac05eda61c

SHA512
35afb4cfa7fbcd1d795aa9ab9e468150cc495cae09659b97694839ec3f6b4839da3f39992b096656f39db98f0bed8244fab3dc470ababfe62cde5233f2f4b171

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
63be94557b818a1cb34419f8939df175

SHA1
90826e78454dd6e0bf9383b79d40c250daa705cd

SHA256
e7700ae11012df7d134c89c02a37dd214009f67082bfa88b0a2c047449e22511

SHA512
40e4c613a5b2ec6fb28b935a2846404a4f9d1d537d721becbb7cb6c2b0dbe4b472baf173a07a52ffc46b63dabd36d334552510192d161b490decb42cea427bd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4f5fcc682eab0d3dc63ff25223af79b9

SHA1
f3b1cadfc94837bc20236830accea90f7acb4916

SHA256
3a19e6ce6e2ee104f64fd0e5cbc22d4c835d2317cb0432441a0bfea63248c68a

SHA512
584c8bd58adc66ddaf07bb98b6bb023b0edb28a96e18a89ddc6ba15069897b78dd0608c86223b3cd04b69ac5daef2639891471c4ac7c3a85ce69498ab93965fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
adbe7c6187b0b5da70bd18f5cf95f708

SHA1
886685fee3e9d203c5247de19cc1e4f3dfd7556c

SHA256
8558062b59671e5294ef5b7e11ad013c58067ce588f7a7efb572b6159d4ceb40

SHA512
3902813cca41edd534e921b8fee168741cff175a65263e0302c0ac0b177c3f244a626cdbcef3504b03fd4798ffabeaf26542d53517dfce4f3bbec36b338ca7b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
436ba4261c5597a3c40336a9492ec60b

SHA1
3b0e225e9ce77327c62fd9d04693b336237e12dd

SHA256
7f27abde4c5dd4661274716b623d274db532beca03150b04ab8fbe483061deda

SHA512
b0f4b48a027ea47f361ad802401e64cc801ef76c70b0cfb64148b9b30851e78c88097be3920d4447c21a7026871d9a859f2cc7a69286be0cc4d21803075f9856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
137B

MD5
a62d3a19ae8455b16223d3ead5300936

SHA1
c0c3083c7f5f7a6b41f440244a8226f96b300343

SHA256
c72428d5b415719c73b6a102e60aaa6ad94bdc9273ca9950e637a91b3106514e

SHA512
f3fc16fc45c8559c34ceba61739edd3facbbf25d114fecc57f61ec31072b233245fabae042cf6276e61c76e938e0826a0a17ae95710cfb21c2da13e18edbf99f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
664ae2598661dc2b8e84ec34d3222636

SHA1
1e8873a2a7c5ed0e880ca518a33e85a9fe6aff78

SHA256
ca7cf176b45d4a6316539e98594aedf5c3ba8a46b99d4d27a9e9f4d8eeae114d

SHA512
4322839495201d846c1e4d933242fb652fe323d0c3bbe48350ed3998d25730cba2b968ef1b69694f9b27b17711d2e461f3bcc2c28ae111b756c68a186a3edc0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13369440840568510

Filesize
1KB

MD5
4c2048f6481cceb0fb4110b24655d0a0

SHA1
35277eba02a0d0d53f639fa0bb92c5572ad78cc7

SHA256
948707dc9a7796e8a7464d14cb6ce5d8811621a091bb47191905b395bc409115

SHA512
09f5dd13866466b71143dd7811b3b1f8f9c17647b12fe982295456cc5dfec23fd272d4f0d974478a8ebdd9b8349f2bd8f5b2ba4920e5744304ceda3bc8777a32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13369440840740510

Filesize
2KB

MD5
07caa104e54a132095857630f08e1b46

SHA1
90adb45faca7c9f6d7770871ced8ed5ec1b8f531

SHA256
b7ad80edd7cb1455b1e40f583100b15e2431fee27989d48e4ddf6e249477665a

SHA512
b8b8580d3218a01e5bd06cc2e638eeb0be20c55152b64497156c453ff2b7ecc785d7b21e0c3f9f6567606542da3f99ed772fa1a8e702e063cc35e046c9a9f030

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
bb655c7694157b868ecf11436dbe844f

SHA1
6d565f96656dc5f1d9aa2e2af1a35496c7bc2368

SHA256
af0a5b9b1b5197d20eed497e2425b201fb4b797188c4216ee6ab984921f781a0

SHA512
90eea602a06939ae5b05e9c145db0ffae2dd48e4214d9f615c53b74474b6dc0076173ee12870495deb0c09512d9508908c26e530fcdaec46ccf8c554ab242881

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
2098ebdb7cbbd0fa5b4448c1c724217a

SHA1
5cc4f5454bd19c2b59e1ec0b28435cb0c25ebff9

SHA256
8a8107520c789249894f5d5920a1e5587c1161ab7f504e74b739da511f7ec6c7

SHA512
60fb710e4ac7c1dc4c93556dd8d493099a1aadfc2a6c1ed909f6881f07aaf23cedaae9c61090de0b23f76265c7efd260505053f9a6be8de20a4c395a19aac242

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
1425264530c3a1ef1d22a4fcf045b7c6

SHA1
37548f426797e84ce19c8cdcb7fb89c02695a4d6

SHA256
a29832a2df7614943d59929d23d4736f2877524cc671ebfaf26bda6c3aa1089a

SHA512
fb178bb5d83ebd5b948387b643355600fbc60d585a2f732ed022bd42431d37cf12909f585d654d26e4f289894476b6c49d0c2bf0ba009357c4792a462273ab62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b80138f1-e31e-4dab-96d2-924bcf35b150.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG

Filesize
136B

MD5
255901ce5bca0d6781f7641d2c52345f

SHA1
e0feffa1b75b62c1d050ae1976567b8456e1183a

SHA256
de04b8df351dccf55b5743db2ece7159d08333f875a61e3753ada70787d3d08d

SHA512
d94832029fd53645a4d33707bf2cd44768e8c5c66ae4017dd852793199bc94e03dee970ab41ab5d877db78b02d1bd464fb78a9d57f1abbc64c9ecff9fb2fddc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004

Filesize
50B

MD5
031d6d1e28fe41a9bdcbd8a21da92df1

SHA1
38cee81cb035a60a23d6e045e5d72116f2a58683

SHA256
b51bc53f3c43a5b800a723623c4e56a836367d6e2787c57d71184df5d24151da

SHA512
e994cd3a8ee3e3cf6304c33df5b7d6cc8207e0c08d568925afa9d46d42f6f1a5bdd7261f0fd1fcdf4df1a173ef4e159ee1de8125e54efee488a1220ce85af904

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
e8535f29588e2dc057e7ddbf2069e586

SHA1
6efc019e7f444835752ef329635c40a2d0c74ca3

SHA256
5a3cfc6dd22af2c9e7acd355d72f23a84120f761281696e2293e1160a787a644

SHA512
be222c43b1d3741cde487d546ef8be9a5456bb6082e371a55c0d0c5d8f2194a457b82b8a9ad869cfec0d81b5d6e7607836a06a4f23ee3df84ffcfa11ac129664

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
187B

MD5
0a5de7f2de3106185ba84804ca9d2bbd

SHA1
816faa2e123e6baa9b12261ed9c0120ae071442c

SHA256
67c0113a4dad1b9d2032bd74270272e9c07358855e07c24ab465933afebe68a7

SHA512
8f51a1ce14b17a4ee6ca97a36848bdf3bb0cf8d865638d24e7dbad0845013869b748504d04ae7ff105ad78f3528d523f23d38330abe7d045dee65a56180d8023

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
322B

MD5
04812c11c0ab0a49bd9dd24b7e406b5d

SHA1
d2e9e31068abe34648d8b736d4adbd8ecfeb2450

SHA256
5836f3a74bf34effc98b5ae54c214ec592866b1f96ea4ed2dcd094587c5ff675

SHA512
b622a13e3671dbdde8ef0bd540b8a935edd670cf7f5f9e6a0c4b0d34fc19bf11bef32d3c972ea7bbe6b182af546f3ca0e2ce2bc2fbe4261af2972c53d92f959f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
565B

MD5
d75eafa86c05f2f9da0ab0a9c8649b6e

SHA1
570b5271e17be607337673dd25ecc10326692928

SHA256
639e01f6d87ff5c2a0d31455675c40db13d2b50c742f664aa8a9538f86fbb8d8

SHA512
cf68aff59c68060c9e57dffe371eaf438b9d8fc5dce1ed6ac85165b3fb76cf1c8e1c49a38832618099696b2fed6379d5d55fcfc824519983816fbb5852ad13eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
340B

MD5
39a3c135bd0d3d647b3aedf9eb601f52

SHA1
556f3e1e824ce9e78432b60922474dc2ba8d3dfb

SHA256
08eca2cd41c03069066cf30192c2afddec68c965ae45f6a2dddbd3239f5917e8

SHA512
00161f9dc663b2ddaedfd82999452f12d962cfd16f0a1dded553dc8a18c0c6444d71016b29d78cf9b23e38e25d198a3ed36d9b6b08791334b608a7912a2f71be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
f62bf4be08f770c810175e43488f989f

SHA1
ec07607080a0bce9723334fe25b998b7bfca16e7

SHA256
224a99bec7514d2e9d7c734ee0f628222e318adf5d17c00b90be7dd22607b438

SHA512
9445395488e6911f6d41ae24f442f37c63ed5d01afa9d90f4e3dbb8b74e38d7d9bd69fb8f31b0a9752b900c721b69481ab9df414f95013d88c157bc33fae698e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
b8dd332b3c7726fb9d9611c166cfc2a3

SHA1
a37764fe482d025833ba6f76bcd7617e96aaf384

SHA256
c57192f10057a46001b8ae4490507e574a45c0d1df689e882ce269637d1d9a62

SHA512
3f325a6849701bac5affd93258c13840fc2486d75789d4a261e5e523f0c6bba6d6bf5524bc4e1f9bf290d54c9c2086a7616fa3c2ff8b7afcb0de3b245287e92f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
906bbb84d4398ad4b350015c7b55460f

SHA1
836827431642753f3629033c1742fa1a681f4163

SHA256
e261a87c543b04c97661e98abfb4b436cbee20a1ea8f3e89a489b7fa9482fc20

SHA512
49ed5ff345e56f524f3411811e0b1f6428244e51d858758c9ca1987d9b9ec36cd6970c7cf9ca5404bbc02be32047035c893c64c15dcef7d23837569216969405

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser

Filesize
120B

MD5
a397e5983d4a1619e36143b4d804b870

SHA1
aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4

SHA256
9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4

SHA512
4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ecc0f0b261266a28a802c3fe3992ad5a

SHA1
1b1d0d108a5ca26d7de216b25ebf9102fc028ee4

SHA256
17157bb7bbb78968f422d8ed319342c377db74fdd0006ee56fbd2122fc47d9aa

SHA512
eb21bee973fbc39b4539c576091b43c2b99e68551c30281ec906c294fb9527c256eb9cbe6e247674626096ecb242d0fea25799b91dbcb29f0740b3f8684d3674

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
88c804800150ae843bf4cf9f276792f0

SHA1
dac6c6d6c54e914223d22cda88169913aadd6046

SHA256
96c5549b5cb16b48d4d588de24278fb874e8ef756ca3ac19a1bc58ba2dde5738

SHA512
692d22a7b9473066de0baf2945c243e5adc1fa10879b391e080d60e95d175e84e8bb5ce3f3cff0231cd57d5d9aab2bc1b533b2de5525b959af4a75c9c84d9f55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
add459362c4404184ea6a0b34c81b280

SHA1
38f6ec579f31d450912eca254be1c7e0d154386e

SHA256
f65b9094a7be34238e39b27cf10f3e588feffe2ca32bbe46e22d83573d93f6a8

SHA512
deb2ddd77e6772c7f708bcf344abe43c4524ac69cb9acc46f68566212a4d5f58ec2fd617deb55999b452f780a1c9926bb4361d0d2cd11bb15bd2ccdefb4555ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d3fa0556e0b7e36382bac9942a69451b

SHA1
7904da1daae3663a7703102b9ebba47967365ced

SHA256
318f9ed86c8fb174a5e859145962e24842488d83ee8af3b9811a91944193c646

SHA512
2e983335a733a99fa0f7de3b7076b68d223345f91d3387e1c5ab04396611906b4709819a66d053bb287a246928215f09632f9bb66d176804bcbc31be6cdb2e6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4770c240727ce566cfbaa78d0c74e662

SHA1
c79faf8ca526e867ef35874dd1fb4cd729924000

SHA256
91a9c2f2f0bce406e2bad05825ffe4aeb98da7125141514d62ebd426539c4e60

SHA512
dec6d3bde9196eea4c7bca03c9b0696d33cd6691296e1931e305aceb72df7a16b5c4d51305df99f44ab9a709b333c91ae2f337cf0ac20d8726681c1e10c9a07a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
82c0d29f6293874063318871ad71ccbc

SHA1
90c6947123030bd300ce835eaf742bd526b16261

SHA256
11c0c93bc6f347544be7f06b5c843395dc80ca6b0552f92229dcd6a2fd0d9fa5

SHA512
1d68b2fb365cce7266dc38cff3767ae0171b3368ff9f92f8dcc2bc57c861a7cd6ed35f756f19ec824d90356de1d2311e97b3af70c9286a234e797fd1a4e35a95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
4B

MD5
826bd86811b90391374726f839a66c49

SHA1
9050909dea2609cb625a5fb34644a4ba632967c6

SHA256
b1793c0dedd5de1459e3be49f82081ec862a19da4b8f46f85d9b3c43ce8ac4c0

SHA512
6911e5817662d20cfd8a907b92db3389d99a4ba7e4587bc2f6d084663ccc0f3ce003d2ccb64b26e8e3955c43e556fd9a0ff41d7dc4a6057b675df0ac50195a82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
6b0b4eeb61c5abe2aa066d377cf704bc

SHA1
bd2e0e4d1393dd15c71a0d49d05d8afedc4c7b93

SHA256
ca0bcc9ea5ae8693ff9ec68a1bc77cb4a923e033697d3d0ae703672b078cd1d0

SHA512
2785e1de96c7e9ec17783f1cc36740674685fdeaf051b2cceefeee093d525ab65cba0b2a3d456998d6275287511a4f5601b60000117ee888641a329d268d14b1

Download Submit
C:\Users\Admin\Downloads\Tin 12 - F - website.rar

Filesize
1.6MB

MD5
1048b4501167ebff21f917b9178c8c56

SHA1
0c56a37e5a4469ef6c9ca276ca761474c33f72d0

SHA256
c4a6fdd2de6dac672797e855b6ee303bee9153f0955bde66fc21f571a322a431

SHA512
b139a763e0fb2751e543b9a36dfc38b2dc67aa4dd41067cdd2442fa65dee79da399f291af26b3f26853faf5214dd71904994ec85561e200bf177677a74040035

Download Submit
C:\Users\Admin\Downloads\Tin 12 - F - website\Tin 12 - F - website\F1\portfolio.html

Filesize
514B

MD5
78cf0d68a6c644aa8aaa1815edbf08d8

SHA1
4ad0015c86ecc5fa2ac50e96d4e7c2b10cee3710

SHA256
b9b7c8ba5877666e6e57aa514039d48deae30ca566afca8125fe6b9246fa089c

SHA512
50aede102a471904184b5a453773d549b75ca1abe808fd0561b9ddc2d954fd54ae363162b2b480752d83fa1872056dc33e8c3ec745f675966ee39ff087e9aead

Download Submit
C:\Users\Admin\Downloads\Tin 12 - F - website\Tin 12 - F - website\F6\thanhvien\03.html

Filesize
1KB

MD5
7a8f3e692e69922ca4df4a2ff6440003

SHA1
0414396769966698fb889c86ab8c0026ce22c31b

SHA256
80ee1d6f4de981189704c1d2c63313de62b231ad2b18b47414d75b76d235f93b

SHA512
4c19cae027060dbbe6213cb77c123b9b91473b47c6b3e52f9eb91a3166dcf0db0a188c9b5c85901341facdb8a2e31efa36b2b23f1dbc72bc0839f3dee8239075

Download Submit
C:\Users\Admin\Downloads\Tin 12 - F - website\Tin 12 - F - website\test html\test.html

Filesize
842B

MD5
f0d8f6912b93004f8ad68dcdaff81d4c

SHA1
fb3087356bceb78bda54a3528d0ce0357a20d5dc

SHA256
1904bdf48c634487f39b6821a73d783c6fb9583c3aba79d290d6d66a784dc5b1

SHA512
3ceb65b0ee51e2e1c3172f869a76aeff2e5bdbebd0205c40e573bcbc5ef0fb69b3aeab39f74181a19b6134f3731a98016293dfd9bbbc5c58c54d31fec99a3626

Download Submit
C:\Users\Admin\Downloads\Tin 12 - F - website\dự án\thanhvien\06.html

Filesize
2KB

MD5
b2e6feec7ddf84866f0954282c20b7b1

SHA1
bbaa3670a8038ad58439afd4ad2a07fda9732254

SHA256
b1c1f99f0808fd1c18fd7b592f8b00d2c4eb667c7c83512278739c0a2d89e4f6

SHA512
831ca827533c84789216a9d312905fa840fb7fd5a89d57e02bf3fcd318be77b33b6ef6c37879ac141bacc2ef5b336313532d3d1db207c07294bc836a124acf82

Download Submit