hxxps://google[.]com

Resubmissions

14/09/2024, 22:08

240914-12jk5szbrg 3

14/09/2024, 22:04

240914-1yw23ayglm 8

14/09/2024, 22:00

240914-1w2vjayhkg 3

Analysis

max time kernel
147s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14/09/2024, 22:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://google.com

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133708249461043379"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-523280732-2327480845-3730041215-1000\{8F5B4435-1A85-4AC4-A60D-BE527170F7E0}	msedge.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
5092	msedge.exe
5092	msedge.exe
2904	msedge.exe
2904	msedge.exe
1960	identity_helper.exe
1960	identity_helper.exe
1660	chrome.exe
1660	chrome.exe
4952	msedge.exe
4952	msedge.exe
1332	msedge.exe
1332	msedge.exe
2016	msedge.exe
2016	msedge.exe
2684	msedge.exe
2684	msedge.exe
4060	identity_helper.exe
4060	identity_helper.exe
4004	msedge.exe
4004	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 27 IoCs

pid	Process
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1332	msedge.exe
1332	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe

Suspicious use of AdjustPrivilegeToken 42 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2904 wrote to memory of 2480	2904	msedge.exe	84
PID 2904 wrote to memory of 2480	2904	msedge.exe	84
PID 2904 wrote to memory of 2704	2904	msedge.exe	85
PID 2904 wrote to memory of 2704	2904	msedge.exe	85
PID 2904 wrote to memory of 2704	2904	msedge.exe	85
PID 2904 wrote to memory of 2704	2904	msedge.exe	85
PID 2904 wrote to memory of 2704	2904	msedge.exe	85
PID 2904 wrote to memory of 2704	2904	msedge.exe	85
PID 2904 wrote to memory of 2704	2904	msedge.exe	85
PID 2904 wrote to memory of 2704	2904	msedge.exe	85
PID 2904 wrote to memory of 2704	2904	msedge.exe	85
PID 2904 wrote to memory of 2704	2904	msedge.exe	85
PID 2904 wrote to memory of 2704	2904	msedge.exe	85
PID 2904 wrote to memory of 2704	2904	msedge.exe	85
PID 2904 wrote to memory of 2704	2904	msedge.exe	85
PID 2904 wrote to memory of 2704	2904	msedge.exe	85
PID 2904 wrote to memory of 2704	2904	msedge.exe	85
PID 2904 wrote to memory of 2704	2904	msedge.exe	85
PID 2904 wrote to memory of 2704	2904	msedge.exe	85
PID 2904 wrote to memory of 2704	2904	msedge.exe	85
PID 2904 wrote to memory of 2704	2904	msedge.exe	85
PID 2904 wrote to memory of 2704	2904	msedge.exe	85
PID 2904 wrote to memory of 2704	2904	msedge.exe	85
PID 2904 wrote to memory of 2704	2904	msedge.exe	85
PID 2904 wrote to memory of 2704	2904	msedge.exe	85
PID 2904 wrote to memory of 2704	2904	msedge.exe	85
PID 2904 wrote to memory of 2704	2904	msedge.exe	85
PID 2904 wrote to memory of 2704	2904	msedge.exe	85
PID 2904 wrote to memory of 2704	2904	msedge.exe	85
PID 2904 wrote to memory of 2704	2904	msedge.exe	85
PID 2904 wrote to memory of 2704	2904	msedge.exe	85
PID 2904 wrote to memory of 2704	2904	msedge.exe	85
PID 2904 wrote to memory of 2704	2904	msedge.exe	85
PID 2904 wrote to memory of 2704	2904	msedge.exe	85
PID 2904 wrote to memory of 2704	2904	msedge.exe	85
PID 2904 wrote to memory of 2704	2904	msedge.exe	85
PID 2904 wrote to memory of 2704	2904	msedge.exe	85
PID 2904 wrote to memory of 2704	2904	msedge.exe	85
PID 2904 wrote to memory of 2704	2904	msedge.exe	85
PID 2904 wrote to memory of 2704	2904	msedge.exe	85
PID 2904 wrote to memory of 2704	2904	msedge.exe	85
PID 2904 wrote to memory of 2704	2904	msedge.exe	85
PID 2904 wrote to memory of 5092	2904	msedge.exe	86
PID 2904 wrote to memory of 5092	2904	msedge.exe	86
PID 2904 wrote to memory of 1716	2904	msedge.exe	87
PID 2904 wrote to memory of 1716	2904	msedge.exe	87
PID 2904 wrote to memory of 1716	2904	msedge.exe	87
PID 2904 wrote to memory of 1716	2904	msedge.exe	87
PID 2904 wrote to memory of 1716	2904	msedge.exe	87
PID 2904 wrote to memory of 1716	2904	msedge.exe	87
PID 2904 wrote to memory of 1716	2904	msedge.exe	87
PID 2904 wrote to memory of 1716	2904	msedge.exe	87
PID 2904 wrote to memory of 1716	2904	msedge.exe	87
PID 2904 wrote to memory of 1716	2904	msedge.exe	87
PID 2904 wrote to memory of 1716	2904	msedge.exe	87
PID 2904 wrote to memory of 1716	2904	msedge.exe	87
PID 2904 wrote to memory of 1716	2904	msedge.exe	87
PID 2904 wrote to memory of 1716	2904	msedge.exe	87
PID 2904 wrote to memory of 1716	2904	msedge.exe	87
PID 2904 wrote to memory of 1716	2904	msedge.exe	87
PID 2904 wrote to memory of 1716	2904	msedge.exe	87
PID 2904 wrote to memory of 1716	2904	msedge.exe	87
PID 2904 wrote to memory of 1716	2904	msedge.exe	87
PID 2904 wrote to memory of 1716	2904	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdfad146f8,0x7ffdfad14708,0x7ffdfad14718
  2⤵
  PID:2480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,9420704432033012753,4777226276185841774,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
  2⤵
  PID:2704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,9420704432033012753,4777226276185841774,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,9420704432033012753,4777226276185841774,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
  2⤵
  PID:1716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,9420704432033012753,4777226276185841774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:1060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,9420704432033012753,4777226276185841774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:3680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,9420704432033012753,4777226276185841774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
  2⤵
  PID:2928
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,9420704432033012753,4777226276185841774,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3328 /prefetch:8
  2⤵
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,9420704432033012753,4777226276185841774,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3328 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,9420704432033012753,4777226276185841774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,9420704432033012753,4777226276185841774,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,9420704432033012753,4777226276185841774,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:1136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,9420704432033012753,4777226276185841774,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:1348

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3256

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4868

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffdebf1cc40,0x7ffdebf1cc4c,0x7ffdebf1cc58
  2⤵
  PID:3172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2072,i,10713593409008996889,675816488617768403,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2068 /prefetch:2
  2⤵
  PID:732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1884,i,10713593409008996889,675816488617768403,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  PID:4292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2356,i,10713593409008996889,675816488617768403,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2332 /prefetch:8
  2⤵
  PID:628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3140,i,10713593409008996889,675816488617768403,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3292,i,10713593409008996889,675816488617768403,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:3312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3704,i,10713593409008996889,675816488617768403,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3712 /prefetch:1
  2⤵
  PID:3772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4744,i,10713593409008996889,675816488617768403,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4872 /prefetch:8
  2⤵
  PID:3208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4976,i,10713593409008996889,675816488617768403,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5004 /prefetch:8
  2⤵
  PID:1788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4016,i,10713593409008996889,675816488617768403,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:2068

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4060

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4184

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\FindExpand.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdfad146f8,0x7ffdfad14708,0x7ffdfad14718
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,6546757197847733135,12453545911025365082,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2024 /prefetch:2
  2⤵
  PID:1412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,6546757197847733135,12453545911025365082,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2524 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2016,6546757197847733135,12453545911025365082,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:8
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,6546757197847733135,12453545911025365082,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:1748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,6546757197847733135,12453545911025365082,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:1572

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3216

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3120

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:2684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdfad146f8,0x7ffdfad14708,0x7ffdfad14718
  2⤵
  PID:936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,6137507505891259640,12087528830438850715,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,6137507505891259640,12087528830438850715,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,6137507505891259640,12087528830438850715,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
  2⤵
  PID:844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6137507505891259640,12087528830438850715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:4256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6137507505891259640,12087528830438850715,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:4032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6137507505891259640,12087528830438850715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6137507505891259640,12087528830438850715,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:4048
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,6137507505891259640,12087528830438850715,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5412 /prefetch:8
  2⤵
  PID:1468
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,6137507505891259640,12087528830438850715,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5412 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6137507505891259640,12087528830438850715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:2072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6137507505891259640,12087528830438850715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
  2⤵
  PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2124,6137507505891259640,12087528830438850715,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5460 /prefetch:8
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2124,6137507505891259640,12087528830438850715,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3576 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6137507505891259640,12087528830438850715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6137507505891259640,12087528830438850715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6137507505891259640,12087528830438850715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
  2⤵
  PID:1736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6137507505891259640,12087528830438850715,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:1244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6137507505891259640,12087528830438850715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:3752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6137507505891259640,12087528830438850715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
  2⤵
  PID:4052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6137507505891259640,12087528830438850715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4076 /prefetch:1
  2⤵
  PID:4048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,6137507505891259640,12087528830438850715,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:1
  2⤵
  PID:2692

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3120

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3636

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
da7d46415fef260cb5cef5b49f0ff597

SHA1
a3015868a6fbd2ad0c8324e1ad004be40f9ddd81

SHA256
981aea8035d29ca7a2aa89a6e03e7608d35371b3bee1f918e9b5bbb7339163be

SHA512
29480029fec889d07120877d3b826139d689e1e23e77b2ebd5e6d2c318a62a2d759e33b5bbe2d9d499121c2ecfcf0ca6944e04171ec6a8df77bf9ad8f6d935ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
ad89685935989c052fa5cfc69c7c089c

SHA1
87cdf7f1597435ac792d7562bbb81c48f78027c7

SHA256
f2a1e9af24e05628ee032e43a7633657c10cab3603f5c4e7dccd124e4c7f51a3

SHA512
8e6165af8f60b5bb6865374301438ca364a750f21e902e86705cc064e6e8bc4120b5ea4083ed9c09558f8c131cd4f387f731afc23a14cbeb97b7d975751ccab2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
98d0da08e1d530eafe195b6498bfb8f7

SHA1
aa608b59a1975b434fd52d168be7ebe40e02fcad

SHA256
8e59f43ada97f7fbc5a2bc62e8ac8a7b1626e89333053176d6b2f1b7a86ae6c6

SHA512
4462b49e34d40f803fc976a56f41f47d31d9bc1e7a57b5e0d472b5125098b9f0812e44782464ef43d4e8394e6f551bd048548a97b584c78d4be07286d92cdba5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
e804fdbb79c299315949be78fefdc057

SHA1
432c0340a33ef3f3cfd44c5d8ce03ef045797299

SHA256
f6d9c7fc3fbd3506895dfde787bd79a362d01a4612020be8965fe2ee584baa4e

SHA512
b0ea04edd9d6c927b6b66936f17f143b8a345bc0ec82791d561b25175b138629dc4c5f421b2d5d8b00ac3decb8c7d3acdca42358b60a61d1c32cd73662aae1b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
97225bfc887ee864f88d85462ad71716

SHA1
5459e736922d8114b420d3457d55ab18263ab25f

SHA256
76bc39f5b515e709cc5934a55342ef023235179aada1831772d92574de70fa0d

SHA512
97da5813051c56a6af5d2947d3b21af76d640a00215556f1094ab22cc72e51a6a3c407abfd96649a8c8f4c3cb59ec6cdbfca34a06cbac5340ed0cbc86ea908cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b827d106d4cdc42802b85167ac00ec96

SHA1
e1492620c26ac5d66c9780d82e2640e48b1a65c2

SHA256
debc6cf7f75baca87aad34fb8cc9e01b3dcf1a770c7b5457394bfb77cffe1db0

SHA512
08a2756a5753cb0e6bb47872119cc6fc7343a7c81d4324a3b8a0a3ae593783d0b102c80f6acb9e001210d3e4f1774f77d4ba46a03ec077ef507dbce66263360f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
ac1f0b2b65504ad30db12b0c59f1de92

SHA1
711eba46db217ac19f62d0d39d80adce3a970d7f

SHA256
a95a32f0ddc727d3e4c8874b343074401a5b37509548ad48b4d5b940b5fe62f7

SHA512
3e591754f4561beede16a2bc77a441e2e4184e539e139d7911fcc2921eb0ae16792ad428de0868c457fd0d3b71fa0d04de92f218547956554581cc334474390d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
208KB

MD5
32a3c6d1d1493637c078621f4cf5a7d2

SHA1
99e68b528de7379c69eb4b916b6e40f7d90b0f69

SHA256
fdad059b0a1ab1c756ea20ed1bfe10f7e9e7c3df7565baff32e846116020a384

SHA512
1fd62e6b4e8bf93702e2f0aa06d72fdcded2c28a7da9a124a1d6171eeeb6dddcaa7f60ab97d65c5a3330ca077e5314547c52517e483e1ba89332e597cce6b559

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
208KB

MD5
7bba8890c2cf8f0b03ca4ee2a5092e9a

SHA1
c47e2beef5e6122b0986a2302fd241d48f6e36c3

SHA256
7ab23791d56ae93f7651612eae86c20459f798bed20126ab3ef5e4532f650ce3

SHA512
51485063a930253f1b6cad3caf34b12b0f61a56df7226ba27d9e8d523598e4db3aaf79eb9d486c014a999dbd2e4303713d18a73fbd725a83bc31de47977f750c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7234b4da9a9087ff7ce05416efa88dd4

SHA1
bbeb721223d51232f47a52a3da5691a90ec6ec96

SHA256
61fa7fcac76ea5749563d2a854cb3e16735829b7d17cb9a370da136c5e41a647

SHA512
e004ab8c57b1b7379bcc33baf1f855a8abc730166ecf5cc1aae5112fc487d1b28284691773f333e00f8556c094bb931988aef18d15248325142a9a9bef55d2e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3787611b11f4f93f11b0f776c727d51a

SHA1
9a3bbb1379b8e2115edc7562dac5fce473650499

SHA256
f48aef3c03b12681b5cfcc4fa765affcb6d7899841b4160fd2c9cc33ae642935

SHA512
c7cbb44dad616f0de5297a907dbfb6ec17e105c2e57242e65ee6a3e5b322304b4045d39a0a1339d6abcff2cb3dccbb4fa8d1b48931dc52d76697ac2df1e2d55f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1f0bdb31956596a6cef7103fad956a21

SHA1
f68147cfe447e2c623cf4aa97887dad06387f740

SHA256
ed63550ddf1bedb647813363dce4fd6158347ea1c42824ecfcd60ae2af4a0734

SHA512
521b31367b1a97ea248e456a46aea94c170e86f46cb0fda86b8a8aebd710194defb6467d82ed78cdf3535af826a6d625833eb83f1d7e39b95f747de84d9324d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
212KB

MD5
08ec57068db9971e917b9046f90d0e49

SHA1
28b80d73a861f88735d89e301fa98f2ae502e94b

SHA256
7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

SHA512
b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
67KB

MD5
929b1f88aa0b766609e4ca5b9770dc24

SHA1
c1f16f77e4f4aecc80dadd25ea15ed10936cc901

SHA256
965eaf004d31e79f7849b404d0b8827323f9fe75b05fe73b1226ccc4deea4074

SHA512
fe8d6b94d537ee9cae30de946886bf7893d3755c37dd1662baf1f61e04f47fa66e070210c990c4a956bde70380b7ce11c05ad39f9cbd3ea55b129bb1f573fa07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
41KB

MD5
58756d99d2376dcfbede6057dd25a745

SHA1
76f81b96664cd8863210bb03cc75012eaae96320

SHA256
f5d0da7b010b28a7fe2c314724a966c44068a8c8fa7e9a495e1284aa501067fa

SHA512
476e35c3da0cf223e773c2d26403c12f8c8d034273cca9e3c4cba9359f8506159c2a5267793c8bd9982b636191ddda62e9119593f5599053894c7027a58acc10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
1.3MB

MD5
af79d4fc626118fef6de11536494fa93

SHA1
fc93dd671ef898efed28b91979d53796dd4d0570

SHA256
f49a2c6412b03ca7b938015269cb915e199f9a46fe64a0a8844124b19b3e3a5e

SHA512
265f2f13b01cb0692ddf93997c51361304c6cecd9955bc19cd49c562cfd81bc92f856b87f0c8164f035c62cb1507154eb2848d4ac82d429fbb35f3bb843ab207

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
c84f23d815177fb1e29dd9da2247ddb6

SHA1
7dac09c6dfbe4048cb7fae8726822aaf32a47913

SHA256
dcb116272d87d4b83c72484cbc86e9f0b666a6d0e99a9f2aef94a2030769d819

SHA512
abc5e3e5544fdf8fe7d196b5d45f090f8aa2f91cf7972536fa715cd602af9818c12d31dcfd187e86f8819a33ef999cb08ecc0c4f46034c393a7683f146391d35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
f3afa766a5a58c581bea4a2e702669c2

SHA1
fc0795e25675a303c00f06a694f6c4deb645cf38

SHA256
1b7ed02d5bdaa18d66b1d817b264d9bf412de1c4459a85a21dabcb171a4e5f43

SHA512
c2a7e68f5251802bf80d68b2803554b9b365fdb160f0cf6b1742b11b8f4f2e9464f0bf60f9da4427905ff1aa5e683ece184211f2733c7d7d470c4874421aec59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
e76087d8631ad8d76a216ce961331ee2

SHA1
10a50957b027113964cf8a629f370a8ac37c57c6

SHA256
fd664521e459fea74b4869d9fa8181bada74cdead283bdd8c38bdfd9aefbd703

SHA512
50fc5b1ee1bda75de5235d1c30b6c3ac42bacb77c8180d8bd312123f93351644ba174ed6518ea8ba976de532226b91b21aadaf87bb09786f86d724f8285f0da5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
e4ae06bf9051b022ace8f73539eec629

SHA1
7ec1d8b6bcf81c5aa481f58b36b6acc27cbf3324

SHA256
2c798d270287f16ff960fec14d6f74280aa80b3dcbefe20999ba2ba298b4e296

SHA512
56732685db0e1fd925561b35bbaadc742085e817973522a246810f9b226616a3c2eb5b49137b722b681151b2405a4dee8b41c6ea23323f004ffee20f2df39b3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
322B

MD5
dfb82b5643b6a923390088f9a5648efe

SHA1
756e5a8b822968da353bd83f41c606c51e12c2db

SHA256
9c6d72512c95428c8a2146cbade3947d94392b1aaa2307d8ddc2c4e8e3f4652a

SHA512
b6c6287fb1ac96b04a9ba21fcbe6cb7a5d76c2f4219b0f1e3449e7bd27bb77a94b4884de3ef34d083479aef75282f0d30f5720f05186b90a02ecac5e01deff34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
403d79c7a12b1778599bff3932260e16

SHA1
f616fd1a4e5f55124195a43cfa7e0b823d3bb61e

SHA256
c686a0dc7f24297fc2160e8dde98c435c44d4b9d89376f5de596e10ff2ed0c45

SHA512
b910d6df2ec2372f951a30c4b9bfd8436c6543492e1ca296eb1dfefa06c90e83e87209e41c228bc04599f19181e61f2e1e1ea3f8f063cd5c006e90b3b4f275bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
4a2ca9b1ac03c54c2229e1f5c43f137c

SHA1
aa8b80651f268c1184d2d510d5247c869f83fac4

SHA256
2dfae4bb7791ab54bc6369aa85e638eeebd658ab3d30e5a570a4632907afc481

SHA512
a8b1433f6ebc7e0b2180415f761b56eca50cdabdc1a0c1e39814bca1f6dd92c21adfc8fc03519fec85854af66a6d8c6e6b3281f5e32177366497461c9c4383bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
d5f4e1092d586d5898d5a81f4785a158

SHA1
bd0bbf16709fdde066162c377ef925103e62a181

SHA256
1d6c05661df9323eb7061acf012bff739bff4a1ec138c6abce80726708cb37d8

SHA512
6ce661c1e52b51ada43b7a4f19aed1e22de62ec2894975a5b7f7272c4a69a386757433ec74cccc0df7cfe6104ddc52f889eb3a9c49bc4c4aff2aa148bb5d8095

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
28KB

MD5
db3fca40b926a64127b4f60ef8c945c4

SHA1
ac414a1faab405cc96184bbbe96591ee2a1c9453

SHA256
71f14e14f4a9cc36cb53c560b0b83fd7b7b8fc4fdedec0d1765ba3ae5d24ce39

SHA512
3401dab4f9473b70a49cf92cf129f8c4c88ab5d5b6e1511462a76c18213118402fa9ed295ea25885523901ad8552541299605fdf76300511960d6484a311c701

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
278B

MD5
a8a67c577722192fc78bb9ce246b5083

SHA1
ac64fd6386807e09ee354f2025f70323a88bdcdc

SHA256
d22bf7101c3492d0b7b3dd1ff08fda10bf1ada885a6c6f66aed467e44e2913b6

SHA512
aba1e301aed5d943c97a5a4b0ddaa16eb18c579564c926b3a7aa9a68d7c3b4c58cb9e5b08082d43ee3c9eeee4b40d11593f3d6c418364bed93d1d20b647dd233

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
334B

MD5
3f3b5f388aa7a647446ec0c92af5ae11

SHA1
8b5a811305ec8532dc2ca9e786ff04330b4d6e14

SHA256
b746be76fcdf4ea23a0ef6da85fe9211ef8b67823b7dd996f17832156177cc35

SHA512
92423fad0bd2eddc03718712396f1948eeabbe6aab272184e5197b9eeacb5b5ccf82ffdd2a4ed025b7cba7004f1d81f765b983f684ea8547961fb64b43c69fdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
d5f5c2fddc5a409abfc12a4dea871630

SHA1
4ac2e1cb6c908088d50e140a3eeefe2aa131f9d5

SHA256
a0bea5595af813801d39e2a39320e5b9d5ba93939b6cae3648006b665891bce7

SHA512
986204c624971b9f77f9e145346685fceec7af41f0876fad669fc9c145ea632359f1b8d9aeaa5d5ebe9e930204ba3b227198facd0d16c2c9f75edcc3e5a1988a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
295a8cde088d4667532e76a36a2ac627

SHA1
e3d5036c50019ddb1a7c782c99b6a00343fb3fad

SHA256
1d84ef3d92fe751a9ffa000f426e7c9bee71f6f1d87639aa183396c5a0d9bca9

SHA512
34e51937f71670a7eb430b86c251940e7a3d1f25dbfc42f997de47ae97becbe1bfc05b13679cfd5205308603a4761ab19a126a28653bed0d0144827a07d1dc67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
0c9dc29bca6aedbce6975106b00bf980

SHA1
ed1b646caa1d282d7f4cef18c2594633423ac0a8

SHA256
b1456e43272f8e1dab4553f4ffc52b56af1296130862959286b132af42eb6e3e

SHA512
e50acce83e06d981f2cd9513580978b7289b2f6c16cc6193f88012ac546718526c735caf0fc29665aec7d04e10c3a49821858bc8b68e09a58c475d8113467987

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d45984f4a87d911acc8cdf6f4a8fcc29

SHA1
76c8567a65c087c49d734ed333375be189055c39

SHA256
14ceffc93f41bf1293390e9d1539bea0ad14b85dffa1276f509c96e303766720

SHA512
595733a57503bd14a8c51d888745bdb02183ed17bcd3c305bbbc284340d3057d19bc55d67a46513597d52beb7f2d3d8a8c23e98fc01af688fd910f3a029e75f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ae0eb3cbe41fe761910b1b2f2f6b21d2

SHA1
f14e70bfae469e20eb1f86ca2e928d0822c332bb

SHA256
f55f581fa252c82a19bbc11776cec8edb2922f488e2c99d074bb577a52d38bcf

SHA512
770f342db4b753502f880962e770184278c915c840b44a83df7092ac4529970d537a3a8d5374d04909b65f87b13ccd23b2eee4e6a74c9cc123b363e7b43163ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1fead3578981ac2143114fc3f292dae5

SHA1
a8e01bb2e1d27d89fb4b8404c1da99e9deb9a7ed

SHA256
361dc3dab848fc61fee0b395438d73ebb5e79b357a165ddcfe31d5348b0c2afe

SHA512
043c6e6193ef22309aefa922d7505ebe95dffc5af0cdea0fd8293546e4096d93005cec89179185c3a0930bbe09d9c32e7389a53c652b373837ca9076a68a1fe9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
f6ae0d637432f81e35ab45c180c445b9

SHA1
1b2363e59818a8ccb9a0384667c5a401ee3040fc

SHA256
09a1931f2e96c9a860ac02705c9589c0d6f8d3c90a64c84705305d98b1fda4a8

SHA512
602f86daa18fcdcbc4c41e6bdfc912bc053df025b855325e2b35e70e64d6f2b8818e2da475c3bd5359afb0584829c9a3894cff9f42380b86f35f3131d576872a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2b20425ed46a78e4380196622cd1c4bf

SHA1
919540b72daf8a0257b632a7a7ac7dbd31f7d382

SHA256
98eac1c80b0fc9d6cd5bcf03cd23ab22bcaae4c0496857ee49233163a8c3a251

SHA512
21a4e201d024167f9b9dae82a6cff628d79b12882a1cd11151569eaab1870857c4c4acf966e8370396f94c1515c5567c11c781f1e3d083f80e11c1cc6830734b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e28a0f4862fc9dd7e236bd3d50bca8fc

SHA1
b18202223d6a2836a7f9a009005720cce1ee6156

SHA256
8659651bacea9347288d3037066ae5f8229516dbb07aa7121df300b5766cd2c7

SHA512
eb6ddb24e120dfcb33ff926a4b8b09228e1a6c5777d87f56e77c5cde8da9e1bfbdf90fac0152289c9652f0cb179df9c24517dea91b4361dc03c6ef41b3db6134

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4e97c559e76cfe4cc7db9da63cd6ea24

SHA1
4fe952178be04d1defd6167e2c0c45e9ac08cd16

SHA256
e787e2b228429cb13494ba7862e434a688168dd748c6efa2d8f954427f8ac119

SHA512
4371da1ef1bc838742879cdbdd4452dc8df9b750ca993e81f1188b000da71401946bf138e3e77cfc181da8008322bdf7f2a607cf6315f4f565f301e0d25e7e3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9becc0f8657ada89f055c71e7d62d5d3

SHA1
4b67e6e4a2e6ac210c0176951b1c27eee3254e3b

SHA256
915fb082bb505b012e3ffb09feda9d62c0798dafd8d07e0c3a91e08a83bf776d

SHA512
94464844015c95aa64970213ba735bf02a386cd3072378b66b727fcc78e20169684c7b41dab0715cb52d4f7901df87a60c7f3179832a33fda0a142629dc67171

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0ee430a8f944734b812035e943cb4c55

SHA1
f43ebeaf2d0f479b899305d4f88c664993b034e9

SHA256
aa55a2fc7830f488e5e5cb2c11c16ebc0d0ea6ee9ae0e03e8fe509ecc5e5fd33

SHA512
531d18e8a5fe8b80d43f7e1cd1a2814f6c9a35ec313f6b07771a1f8d2ac45ae4d8974bf465f31b99fa82fafb92b8ea9bb0c31f255b180200ef5b6b446f818c63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
79991a1d16976811bbeca23bfd19cad0

SHA1
321c8d2a1e81af816daaa92471a8750b309102d8

SHA256
999c15979fec13b0329938ce6099a319491c46f06de9f5a2b119a35be3d8f82a

SHA512
21d705c62039f6baa55921b8de9852e60d13030041e5fd43738ffdd322941b646a746884f69e4b2f50e7ffb7e1648999d9817f233f644f7092c4e34a7e2d8906

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
1KB

MD5
537c009caf05391499afb00129a85a98

SHA1
4ee1d688fb7d7897d5ab53320e825716795277d2

SHA256
d7299cb8c6a58689e3061dd6902fc958976c13c3d1ead96c0c695f8885a76820

SHA512
b1bb1fb1ca11ab936ff88ce20731bb922d26e352840efd0487c7fd3bc260d5a791025d1141e2247f9fbf184c533f7becfea55d324acac9b1093642b7b625198a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
322B

MD5
742fd599ba9cb668d7f21ca6b4ef3858

SHA1
4a563490a65bbf2b494a9f81f9a86c4ac4ca1760

SHA256
31398e23995b9e449396bb4948f7349ba7c474beba1052b3e658a9429eebefe7

SHA512
d2807f5af4a68b37cc1436f47dda2b1acf783867d0aaec822d6695fbe0102e48b28c69a24941ce5c847b84224f384fe8fe77d50b36bb7ae24c9248521243a127

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13370824873200118

Filesize
6KB

MD5
a460e9bed609df839e772a2b5ffd3b4f

SHA1
4ae5e9426b0655bbd96c50c2047146df36893765

SHA256
ad81a19539afe02dcfcd802ac465f3fae4871e2047de77dfa4c5c3fade674972

SHA512
2fc313060d5cd7c762795ce3f5e1a65aa7e7f881bdcaacb57af5c412d2c1189b41e293d9e535cfbaab9f2e82952fe59f7bd22bf0f268fed0789a21298bc30383

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13370824873398118

Filesize
2KB

MD5
a9a1a8bc4a1ddc82203c81f643ad8b61

SHA1
55faeeb299befa941d5eb649711b0ca492451117

SHA256
51c06f709a3be4e0e4678085b10468ea79120be671a6170a6731cd052c6efea1

SHA512
3c641566e4b635f37380aa3d7b2fd544ffd6cf2244dc1c34a87646817e499c240e08650ae3f18b8279db3abf2107f891d85262817bdd085ff2d67dd19ccb2a9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
60f24518fbc725d596304c67475a4ddf

SHA1
83689e31917083e2ddbe9104b40c39dc3d600b3b

SHA256
0a91a5d6f3f3656def4a847e90b3cb576eacb62199e39cc70106d82ac4e5d9d2

SHA512
a5cfaef06f3398a21c6946fbacadda738d65c73f1ea3f3e5e023eee21d2159188788ca85226e33d0f1b2de9a9466ed20e86c50d28b682eeadc2c5e22a45b50ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
21008661e0f02b69fb5cc3ff2cc463b2

SHA1
66a10772658ef918cf01376701c98978a8dc08c7

SHA256
8cad7885179f38662edc4181b688c50501fe2f0988a15a81622b19acde89ea04

SHA512
e2991b3e89111e063da25c963174ec738d596d85ef6c0b867facd265db54d9b994f49983dbcb1a529d0b5dd4823bcc83a704f35fd77b6ca9f9a5d1ed30d8f125

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
9aaae5cd2a6f60fc2574cff883149db4

SHA1
bf691a06726103a4e2b966e9cd03f8e92e02346b

SHA256
bf0a48e9130e8428dd73afffba3eb74913a603fdb7b94fee3cb46cc7ae0ba500

SHA512
fd18295ace7fb456445991344c7d8e06a1d3476f3aa4d56290597bc611cc9035dde867f032060c0892a97069255bb62573686472d355408c391201e11d6f5c14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
790f59a91e71440d7618ef9a65877b76

SHA1
630688b0b05aebe85c5878e50b6bde4fa9417e52

SHA256
2e9cd9631cf5c7b99c32bb4f72ce0a98b963bee79c959ab304d20e48603d85a6

SHA512
9cc790b82c5fdca6859a7b1a91b706a1f0aa132e756fd37bce01cb078e3e00caa759295be7548f0b5a174728f9619d192bf4542b2a0e7cf73d2e4d44e3e2c24e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
732e9a0d7d280bbc02ecfd4d8b3f20bc

SHA1
7cf847ddf62d5df3a70d1211a4e1cc4f30b7d4c1

SHA256
972c22fd21caa5b336158a9d396a4bf04599feabf00464a2a7b8c8257e8ebfff

SHA512
dd786bfd1ca31613ec434c7b996893973bef4faf38aa50f3df712163991426eab6c065e58fe9c33eb318fc772df54df4f7cc18ae9fa7e05602ef7d5658204447

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe598c67.TMP

Filesize
705B

MD5
51fff706aeee26d1e74d7708d21f4490

SHA1
e61e188a6f8c9dc5f81bda03935281e562d1cd2c

SHA256
32ef56178fe24451987aecc84320becca54f635e311c8cd3fa89161c7aecb7f4

SHA512
9f704ee10907f7136d9cf693b109a79a14718339c9ead7b12524b84e33d48af1822c495316214d01ad06b413b0cca3de4a093d31a6248010d73643305b714d9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
3abb678e2e619afb8677330c515a1c28

SHA1
cc8f57f6622ef7287811d8bcbb05932f599202bc

SHA256
da0e213bacdb444c37e07746ddedceb0de2d5829868c91b840cdc13f3c6a5821

SHA512
388219da7fe915e7d0add888cf305add002f38228fa055f9b161418851f145fd26c1faa5bf4784ed8fd2cd3d12af61bbc6f0703f6d24e0d1d88d53183c3f0a21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\eebf3e9f-e357-407f-b6b6-3d7341b0a1b2.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
617a6abdee46c50d9d59f3edb6ef9d44

SHA1
12ecb493bfed1d5c10022f7e7f8fc41bb7250388

SHA256
456dc92954651487e3f378f8308e20e1e2a11a5f2069dd008cb33a0e5b25da21

SHA512
1b4304ce88cb047adb9de3947cb2ae545bc217a359b57ffcd18c773d0e054c48b4e0b94d84f2a5a5f8acc1c4c17c294285aaecf08d31ef83588b85b53d65e1a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
187B

MD5
0dbc6118faad56bb6c051421878ff188

SHA1
16fbaac78335030906dacd6ae76f23796b7a1530

SHA256
785a3ecf6e5b50966564ff53765c0563ddd1681b18bdc067cb27d17c1456361c

SHA512
760529995d4be17e093c9645e07f54d371c5d78424551c5a6c7b8183ef4857017ad0d07a992ccb25de84c692aaafed7641ebbb4132b2be6b65d2cb61cce2f234

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
322B

MD5
cc4e6e14a7b8a53a3cb7840f11b46e83

SHA1
61a631d394febb800aaeecc340e9a676612d61f8

SHA256
069d23fecec3b9a94a507c95cf43c8b946cdf161264d46864be9f629f8556019

SHA512
7bfc99876fd3c61ac520e83520af927fdc753b5a4c3026aa91b6ef1894ecf80b10600d799f39b8519b7ca3a5b3f637d546fcdf751e67beab5100add0d8f78502

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
594B

MD5
8a37d1979dda3785cab1e0491f8fb9f8

SHA1
670e660c9958de4cec5bfd66438227611f8c8123

SHA256
5dea4e98484ceb7cb920f07f48c252a6967d3dd907d40ca5de7cb8328862dbe6

SHA512
5a563002ecc3da85555e58de6870fd5f8b57e5a21f17a356554fc756a9a130aeba1093ea9028d044f3ab9743c110e2dab8865b55dcc8495c0b08e913306e754c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
340B

MD5
40aece3bc6cd76a4710d35858007b4ba

SHA1
466cff37199f1cd26f9582a36343f1b7cd68701d

SHA256
77c5c6c93296a3cef4169e1cddcb82bf45bef9b78d4ecc24ef09d0ec48defd6b

SHA512
e3c93bb2629d1270d4dc169a78b91bcdb8c099ce2f2dcb2d855ea27b6a548f5c9d6d90fc937589267a988011fe14d9e2b589e71293e996c40329d60de67e7375

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
342d3392c208dee7f24426a1559f9d0f

SHA1
baa5dc4bea795acb2f1f01a065382a06711ebcd8

SHA256
b17a3d10d7d0ddb327eb0be52e4ae85e63cbef37e7d03c137b508c57dac744b2

SHA512
8757ed158f309c45a8b7079cb34b0b6340a574fd67954ae61a73a1fdf1cb5030d609f3a1feae8322327046098e54aec92a7a10fbb039cd66bc7dd94c77571485

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
7649b3397e1d4eb9b1a58bf08c4fbef3

SHA1
d8eac7672a3d1a37f79339bace9c0e5e36e572c1

SHA256
5fcff88a07915e6aa40fcf66eff81b8bc8d102b932a9f1efb3d91ee22383a86f

SHA512
8ee281864552c065461825e26c29671a2dc58ba62fc4cf065954fdd9ae6a81e17df6df04943271f4e27a4c1e26241ace8a54889e52d95521a0b67e3adbc24bf1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
68ec79d8824f17d4f8a16674e1e92940

SHA1
6ef759e941bf45eb7beca9a12876fb9efd963b24

SHA256
7147b399760d9bda88abb50228a3244119d4da82a0a21969e04aa5a0105c9768

SHA512
d0d1ccd4b1a99eabbf8413ad6ae4615cf9f0894a2c6069534846cb0e45bdf2f4701bc0d5b9ca19c0b73e1d687c2fe07ad265fa6436620f0f91d092f97f63aef1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
17a544eebd721b2dd89a9b8d43531672

SHA1
158fc7336cb9b17930207e5ea46c3c1c297a5d66

SHA256
de5a7139ac9e1a220dd84cdfd3682b0d9e89320454e07a6b5ec47efae7bfef59

SHA512
fe5d7f4e48125aa3db4acecce77eb67a04f923e2827454dbd431b2339686d46405d539ca86379e7f4901c166349954a6709419eb43296c56afaac76818cb86e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c0771e118cd01201bf897e120e1b7132

SHA1
cbf2c64608260ea7d16538fed0934340b35d4ce5

SHA256
40b365565f5c9160c24ab76a4026c86d5dd4a22d642db5f65255abdd66638a04

SHA512
0251cb4a749151297d06ac1ed11a03415f11d3344b0a75284152c7210a3e682bed954929ff50dd5afd400fad09d636344077eba4267033182ede0a591e48551b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a2933d2169b4895916ff8daf852c5010

SHA1
3bb877a55f2bf1c8da01a10179fb4df054c3976e

SHA256
cfb9b7890659e04870e818062341cd5e93054fa0a440862b5c105937676b9399

SHA512
a118b7d43395efe3a86ef46a41337bc337c0413339ee1bd18f1f8ab675582007a23d39bb86486b0665e94ffcb8a2e2dc7dc22a97abf77ccb50523b39ba9b9fe8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a0c543603d229fdcc54f5577c0974b51

SHA1
6644c93bcb0cb1705dfa4d9751201a6d6977ff79

SHA256
ba859462ed4c9b86832cd9c50976762394eb9e17c4d63ae68049e718ea255a2f

SHA512
a9f60fb188ec1d8f46186b9b8027d1024476a101315575a3a836cb976b7497f5d5b228b6710411e17c71b8a062a52b1f6ae3469df3a054da3d09fcfea8c20a15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f68f8a5dd94072dbf06a5499b090822c

SHA1
1a0404fe16f2cad79d07ac5eeb36ca81d76441d3

SHA256
eda05587b67baf63cb6689933321e3b3ae855d93c4298b6184fc48f3e35f573d

SHA512
7a47b283c782936174152a03288962279e3edf0f020a4ff9ac3a892b3432587db1f6ceb1bd39eabb7f1035d371ac15c0cd7623637e09109614e3e80ebec7cae8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
4B

MD5
196c38a8bef338ac67282dd066f81023

SHA1
fa2b488079d4f943dcdb118d30f60fd93917a6b5

SHA256
9d492402de3c70876afb253c7e832dea027f5ad12d3af6c498305793251d723b

SHA512
e549ac147135f5724b121f460d999cd3f854c93d3862ca70286a7e8bc24b96ef44d4679ec899294f1fbcdf7ea3e1c27db900ecb0a61488b35d9cdc3d07e683a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
9cc42fdda56494ca82574391160fb9ae

SHA1
fca22714c3795ac07615892e38bdd9e3074380a9

SHA256
e10224ed10ba951a34856f1354cd0fde18f71d58be440d773fafbd48b4c8c292

SHA512
65c59104ad06f6ed0a6fd9a773b183ee1174ee68576a7046d7d50729ea8b111966c0a336a2bfe4240796419d75f2dcfd593422f4c8a2942a015ab61de520d284

Download Submit