hxxps://fairuseandunderpenaltyorperjuryiamacooldude[.]myshopify[.]com/products/vanta-fortnite

Analysis

max time kernel
182s
max time network
184s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
28-09-2024 15:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://fairuseandunderpenaltyorperjuryiamacooldude.myshopify.com/products/vanta-fortnite

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
57	discord.com
56	discord.com

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Crashpad\metadata	setup.exe
File opened for modification	C:\Program Files\Crashpad\settings.dat	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133720126689296003"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2718105630-359604950-2820636825-1000\{6A7CF74C-36CA-4CEA-94C7-F74A0ED61FAE}	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
5028	msedge.exe
5028	msedge.exe
232	msedge.exe
232	msedge.exe
1108	identity_helper.exe
1108	identity_helper.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
1592	msedge.exe
2372	msedge.exe
2372	msedge.exe
3024	chrome.exe
3024	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 29 IoCs

pid	Process
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
232	msedge.exe
3024	chrome.exe
3024	chrome.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe
Token: SeShutdownPrivilege	3024	chrome.exe
Token: SeCreatePagefilePrivilege	3024	chrome.exe

Suspicious use of FindShellTrayWindow 53 IoCs

pid	Process
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe

Suspicious use of SendNotifyMessage 50 IoCs

pid	Process
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe
3024	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 232 wrote to memory of 3388	232	msedge.exe	82
PID 232 wrote to memory of 3388	232	msedge.exe	82
PID 232 wrote to memory of 3264	232	msedge.exe	83
PID 232 wrote to memory of 3264	232	msedge.exe	83
PID 232 wrote to memory of 3264	232	msedge.exe	83
PID 232 wrote to memory of 3264	232	msedge.exe	83
PID 232 wrote to memory of 3264	232	msedge.exe	83
PID 232 wrote to memory of 3264	232	msedge.exe	83
PID 232 wrote to memory of 3264	232	msedge.exe	83
PID 232 wrote to memory of 3264	232	msedge.exe	83
PID 232 wrote to memory of 3264	232	msedge.exe	83
PID 232 wrote to memory of 3264	232	msedge.exe	83
PID 232 wrote to memory of 3264	232	msedge.exe	83
PID 232 wrote to memory of 3264	232	msedge.exe	83
PID 232 wrote to memory of 3264	232	msedge.exe	83
PID 232 wrote to memory of 3264	232	msedge.exe	83
PID 232 wrote to memory of 3264	232	msedge.exe	83
PID 232 wrote to memory of 3264	232	msedge.exe	83
PID 232 wrote to memory of 3264	232	msedge.exe	83
PID 232 wrote to memory of 3264	232	msedge.exe	83
PID 232 wrote to memory of 3264	232	msedge.exe	83
PID 232 wrote to memory of 3264	232	msedge.exe	83
PID 232 wrote to memory of 3264	232	msedge.exe	83
PID 232 wrote to memory of 3264	232	msedge.exe	83
PID 232 wrote to memory of 3264	232	msedge.exe	83
PID 232 wrote to memory of 3264	232	msedge.exe	83
PID 232 wrote to memory of 3264	232	msedge.exe	83
PID 232 wrote to memory of 3264	232	msedge.exe	83
PID 232 wrote to memory of 3264	232	msedge.exe	83
PID 232 wrote to memory of 3264	232	msedge.exe	83
PID 232 wrote to memory of 3264	232	msedge.exe	83
PID 232 wrote to memory of 3264	232	msedge.exe	83
PID 232 wrote to memory of 3264	232	msedge.exe	83
PID 232 wrote to memory of 3264	232	msedge.exe	83
PID 232 wrote to memory of 3264	232	msedge.exe	83
PID 232 wrote to memory of 3264	232	msedge.exe	83
PID 232 wrote to memory of 3264	232	msedge.exe	83
PID 232 wrote to memory of 3264	232	msedge.exe	83
PID 232 wrote to memory of 3264	232	msedge.exe	83
PID 232 wrote to memory of 3264	232	msedge.exe	83
PID 232 wrote to memory of 3264	232	msedge.exe	83
PID 232 wrote to memory of 3264	232	msedge.exe	83
PID 232 wrote to memory of 5028	232	msedge.exe	84
PID 232 wrote to memory of 5028	232	msedge.exe	84
PID 232 wrote to memory of 3660	232	msedge.exe	85
PID 232 wrote to memory of 3660	232	msedge.exe	85
PID 232 wrote to memory of 3660	232	msedge.exe	85
PID 232 wrote to memory of 3660	232	msedge.exe	85
PID 232 wrote to memory of 3660	232	msedge.exe	85
PID 232 wrote to memory of 3660	232	msedge.exe	85
PID 232 wrote to memory of 3660	232	msedge.exe	85
PID 232 wrote to memory of 3660	232	msedge.exe	85
PID 232 wrote to memory of 3660	232	msedge.exe	85
PID 232 wrote to memory of 3660	232	msedge.exe	85
PID 232 wrote to memory of 3660	232	msedge.exe	85
PID 232 wrote to memory of 3660	232	msedge.exe	85
PID 232 wrote to memory of 3660	232	msedge.exe	85
PID 232 wrote to memory of 3660	232	msedge.exe	85
PID 232 wrote to memory of 3660	232	msedge.exe	85
PID 232 wrote to memory of 3660	232	msedge.exe	85
PID 232 wrote to memory of 3660	232	msedge.exe	85
PID 232 wrote to memory of 3660	232	msedge.exe	85
PID 232 wrote to memory of 3660	232	msedge.exe	85
PID 232 wrote to memory of 3660	232	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://fairuseandunderpenaltyorperjuryiamacooldude.myshopify.com/products/vanta-fortnite
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdeaaf46f8,0x7ffdeaaf4708,0x7ffdeaaf4718
  2⤵
  PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,7719448718673755423,3269389589734014958,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
  2⤵
  PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,7719448718673755423,3269389589734014958,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,7719448718673755423,3269389589734014958,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:3660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7719448718673755423,3269389589734014958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7719448718673755423,3269389589734014958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:1944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7719448718673755423,3269389589734014958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
  2⤵
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7719448718673755423,3269389589734014958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7719448718673755423,3269389589734014958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
  2⤵
  PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7719448718673755423,3269389589734014958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
  2⤵
  PID:1672
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,7719448718673755423,3269389589734014958,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6224 /prefetch:8
  2⤵
  PID:3752
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,7719448718673755423,3269389589734014958,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6224 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7719448718673755423,3269389589734014958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1928 /prefetch:1
  2⤵
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2028,7719448718673755423,3269389589734014958,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6032 /prefetch:8
  2⤵
  PID:868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7719448718673755423,3269389589734014958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7719448718673755423,3269389589734014958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7719448718673755423,3269389589734014958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=640 /prefetch:1
  2⤵
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7719448718673755423,3269389589734014958,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:1132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7719448718673755423,3269389589734014958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:1
  2⤵
  PID:3788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7719448718673755423,3269389589734014958,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6436 /prefetch:1
  2⤵
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,7719448718673755423,3269389589734014958,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6752 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7719448718673755423,3269389589734014958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7120 /prefetch:1
  2⤵
  PID:2672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7719448718673755423,3269389589734014958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6872 /prefetch:1
  2⤵
  PID:3128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7719448718673755423,3269389589734014958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6680 /prefetch:1
  2⤵
  PID:2192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7719448718673755423,3269389589734014958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7012 /prefetch:1
  2⤵
  PID:3408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7719448718673755423,3269389589734014958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6464 /prefetch:1
  2⤵
  PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7719448718673755423,3269389589734014958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:1068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2028,7719448718673755423,3269389589734014958,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=1964 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7719448718673755423,3269389589734014958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1384 /prefetch:1
  2⤵
  PID:5152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7719448718673755423,3269389589734014958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2072 /prefetch:1
  2⤵
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7719448718673755423,3269389589734014958,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:1236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7719448718673755423,3269389589734014958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1376 /prefetch:1
  2⤵
  PID:5760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,7719448718673755423,3269389589734014958,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3932 /prefetch:1
  2⤵
  PID:5944

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4972

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3124

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3316

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x508 0x50c
1⤵
PID:4328

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffdd6ddcc40,0x7ffdd6ddcc4c,0x7ffdd6ddcc58
  2⤵
  PID:2808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1804,i,12965276989014266724,5546190944397954499,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1796 /prefetch:2
  2⤵
  PID:2240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1820,i,12965276989014266724,5546190944397954499,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1812 /prefetch:3
  2⤵
  PID:4552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2284,i,12965276989014266724,5546190944397954499,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2300 /prefetch:8
  2⤵
  PID:2368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3144,i,12965276989014266724,5546190944397954499,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:5136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3296,i,12965276989014266724,5546190944397954499,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:5144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3872,i,12965276989014266724,5546190944397954499,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3652 /prefetch:1
  2⤵
  PID:5320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4700,i,12965276989014266724,5546190944397954499,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4688 /prefetch:8
  2⤵
  PID:5436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4696,i,12965276989014266724,5546190944397954499,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4676 /prefetch:8
  2⤵
  PID:5584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4872,i,12965276989014266724,5546190944397954499,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5056 /prefetch:8
  2⤵
  PID:5696
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Program Files directory
  PID:5796
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x284,0x288,0x28c,0x260,0x290,0x7ff6211b4698,0x7ff6211b46a4,0x7ff6211b46b0
    3⤵
    - Drops file in Program Files directory
    PID:5868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4504,i,12965276989014266724,5546190944397954499,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4664 /prefetch:8
  2⤵
  PID:5812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5144,i,12965276989014266724,5546190944397954499,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4448 /prefetch:1
  2⤵
  PID:5344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3356,i,12965276989014266724,5546190944397954499,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:5140

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5280

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
f5d49183da4b7fa8a36bb2b54c913b6a

SHA1
96a2786cec2607fc30f730c71937fc348f396037

SHA256
a7c4258a694a2c66d831eaace926e3997ff73c28c94b659ea8a1737a13890783

SHA512
779926d2da4ffcc0ac51db5afc79961416414f5e8d16b25a3b6f686ca284da05d865b4faa30dbb7125f226744f63a5a9c70eddd827bd7f50f2d0d9ba9ace34f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

Filesize
213KB

MD5
f942900ff0a10f251d338c612c456948

SHA1
4a283d3c8f3dc491e43c430d97c3489ee7a3d320

SHA256
38b76a54655aff71271a9ad376ac17f20187abd581bf5aced69ccde0fe6e2fd6

SHA512
9b393ce73598ed1997d28ceeddb23491a4d986c337984878ebb0ae06019e30ea77448d375d3d6563c774856d6bc98ee3ca0e0ba88ea5769a451a5e814f6ddb41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
30KB

MD5
b0eae7ef382d996a0863d31e57a4e22e

SHA1
f17483afd4d06a1f4d91067228bc92df6a1b23cf

SHA256
a60d945cbc5b9c905264708fd7d47e4b7e187eb50ddcead54f007b816f46cf3e

SHA512
f78968763db076bc809a271f2258782c235839414e89bbc957237c7b80d058b06658d61f6251b79c04cd42bf1a2ceff0e9ae5449a8a5d04b7e593479f38a511e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
38KB

MD5
5b2a62171dafd731aafae3d0d560851b

SHA1
2d8b7aa243d516a12a04f996d8ba81a4dad57617

SHA256
5effa5f4c44a8727940408c3e59692f7c0dccb87cb41aba9781e94c182701a95

SHA512
8c5c33875f09a595a7e66ce71aa827e10530737d8e9fd6827a42d4edca0400ed1cb30193bbb8a7395c2a0012bf494d462846e28f0effd7dd28025471e636509a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
66a2d9f4991faf08c576efc45126ef5d

SHA1
60337fe9c526d3d3b2405256f4dec51b2c534e79

SHA256
7b0d8560b002a46f27e6ec972a29e87929cc9cc7b34e4507f29ea35953d850e0

SHA512
fdd21f98054a94b0a8f82cd10e72c574b1026d6014bdee06f48efb9d4e278d1fff692572448b4ae449be4a194879c416ec97a00afc2ba2b561cf62325f174da4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
eadb2cd15c8400f6f416bb24a6f15f6f

SHA1
70da3e1e54ecd50008e2a9e84526e6c0243c34c2

SHA256
9d47a3cbf88d64c7b4732f2ec9429509d52481702c19abeec0ca8056056a5c3e

SHA512
759a60d7303e306773d7d456d85fc08fc07d288c800d293dcaaae59c9662e23f31430f7d1578b171bfe27c801d74b19125ddde405af4972f43357511155abfc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f7fe4537b5f8dfade0aa0493d38bc5ef

SHA1
ff6b3928040eec69220805e54d93719d76fac14a

SHA256
a5cda8b32d8feb2597f4a220cd8605fcdbc72d7c1a77b9d7bf84c9921f707483

SHA512
596b38b6e0e316343d08d4e2a6e92d4ce77912a4f84d7447bb57b511a53900c64328aff0126f3ebcfd23b7e8e50841f8f8fb8b2a78145fbbb94ef85e50638a27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
715d95b33f3e02edc0156c05896dc732

SHA1
308e76c069ebbe92237bf7c1247e9218e2a0fee4

SHA256
8cfcb88247d7f54772963ea34512beaf5527412f7f63fcaac6cedf6c1b676017

SHA512
b28413a9394037c4a4bdf150c3207c6843c4add8014fc9cf4f52685ce027a758d4a8dc5dd643c0d62ebe4984df96492d2ad4dd2b8190bd3947f63315ae6b2af0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
abcebd94a6d3ad5a0af28fffa9509eb1

SHA1
b6174df27210c0cf5723191c1232bd08b7f9c483

SHA256
31a53b0ffe344e078244c75f21f7ecf9e00c9e9d1667a8fb20e426530694f213

SHA512
d5ce942131dd020c77422a1b29058561e002f51d289d7f06e068ee9682100994d24a1a1da08ef9cc74992598de170fcad1d85a3457e7acc2dd188f6de5c8bd04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
af82e2178072d43eb86d6c269e66a658

SHA1
6ad0ff97161fc9837adc62a61f5daa13404ce6a9

SHA256
fea30f3538c8af8b77dc385fcc64deb2d1e68b08200d878d92557784e93de31a

SHA512
9fc9b1298a140275d53a637abc8990c5fc89c19063b3ff43c16d68223cc075ce9c8f25fc84be50b0e53418f8d8e946f769594070244473ac0a35640a8bedbce7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
1f07a4135a29b0d47ee9b38f85046acb

SHA1
f45530193e5126f65f467128ba62fbe55f778411

SHA256
2d743054a7b10b30848ab2850f72db00631d1b2db4afa59555cc75217c72a8a7

SHA512
d591c0f03156b4bf0a8d50724757c0f6d676adb59bc97907928e0bddbed34b5d8750396ce4d460a346f9cba857b3b43dd022c9e957ce4600e31d495f5739ece8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
212KB

MD5
7241d7ae5f3aa43b6268818d8dc11de1

SHA1
851f0c99617dc90170ebd5a99ca1062bed252a39

SHA256
f4837db6feb35a366398865ede8b761ff248c0212645e350b89192d339d32ccd

SHA512
0e7bf18f6adeb5d31d327fa69a2852fd05e8043562a83597aa30f3f774a2ecb2bb16e54bf3d65f0291ad371adb4aebf9eea3cac36739e02f625882ec1d6b6222

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
212KB

MD5
57c6d3fa82461a34c5b3ee062385086c

SHA1
153bf303ee1a561ad871c31c0bf9ff94fd67b033

SHA256
4af5b0a3c668c2ab3532a355deff80cf6af63e54895297c100263fa330df697d

SHA512
eafdbe0c7893d829be6b1e50acc1575a26a494793febc4257e40a45cd83e4a40961f03470d6ca99962dca84aa6a103ed68ddfd20e74be5ad3a7fc4aec2c81e9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab8ce148cb7d44f709fb1c460d03e1b0

SHA1
44d15744015155f3e74580c93317e12d2cc0f859

SHA256
014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

SHA512
f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38f59a47b777f2fc52088e96ffb2baaf

SHA1
267224482588b41a96d813f6d9e9d924867062db

SHA256
13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

SHA512
4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\601dceb2-dae7-4a9e-a3dd-f3e47a0e184f.tmp

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
23KB

MD5
e43bd87175462abc0660e721cbf49a61

SHA1
af75cb0fa576a5887a1b18ee23fdf1e1e7066801

SHA256
dea8084c0da3fd8affa5ac526c4c788e1aa901c642e34145a7579f3bc44b9f2d

SHA512
4e01f7084d068daec3deeb835323fab348fcb387c371fd2fb49e6b3b49862fd1c89e1a9b3868fef43b49c3c6ee525df467abeb252c679c34990574769e0de473

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
64KB

MD5
d6c711683af80fc0952fe2f28c69b4d4

SHA1
b083132d2f7355b65f66ba9f63cb8f59aa091562

SHA256
4105e3be4f58b90412e2dae2f81a6b7efbec69bb672623cb82c69e613fe83c2f

SHA512
b1750630e8220d29ae4b90bcec74270801cd39f6fc2cd8b597419ac6d5c812a2ca9942d85043153e968658ffd8f82709835b21af6aa84b73280ad81dcab2e409

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
27KB

MD5
efc23168356806b9edab331ea90a0f82

SHA1
5c6427f7a204fd1df9ad1cd07558c3d21e9f99e6

SHA256
0854a29b4cfe4fe62bbc9b46ced83922fc17d41f63a5bdd244692326ec26b75b

SHA512
5ac352013eaf34bf4a33e85e5f21603fc818e2938db54b306a3a8207a3cac22c59f827421d28039db4e44beb3875b3bc15ae6d1b84e9de025c875a2053561ca8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
43KB

MD5
d8d21d286216181105e9f4afc7dba931

SHA1
1a1fc2c941b2dbafbadb94a5446a4b67714a5721

SHA256
1901684b45557ec77a376a1b68a7f49aad7a078b30ecd3a6afa44cbd2f289563

SHA512
28c2d73118f4208290d299f3dcd4d7ce0eaf9666f31de72b4ff56ac73bf1e1b3b679756f70860165e0f57c13f5711f52222ad5183deb8a684e68a8eafc9677d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
43KB

MD5
7ad75df91e28d4752606c79ad656e33e

SHA1
b609a25c40c2badc4a9d9a92320dfd2996b57045

SHA256
2f9fdf2e045f318c3a8d8dcbafbfb77c7aa494a50f1e31083c955a6fb9b3cc51

SHA512
fa41aa755f65f124b6be3e9504f1a4a386b9f6f7e0ccfe8537ee76a30ab740e26ce7cf71e27f5e60853bcd8c92f2b49bb3e3c4a61de9b95956b662745e2d2966

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
37KB

MD5
11b5b32f390008346b4f4273d9328797

SHA1
e602c9fa916c6fa842385562513ef16926401baf

SHA256
88a39ac49856f83a101cbbea6477753b3f019e385b1e6f147025d35e8732ea25

SHA512
d92953d3f6083e221755b47d8b12c8d73d3c07ed11868bcea4ecf72262ae801e5e6c0f8388b7dead9e553f0f0d0c85c39a536efef96a284b870f035e74161187

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
32KB

MD5
4176433275d0a0d1349588f464435a4b

SHA1
f3c4f68c247fea07140aea8b81a93a2da42eebe5

SHA256
3e0afa144acc566297a1fc94e7ab3db6d7e8054c3c22015bec3a67571c9d779b

SHA512
96a23ec885f09fec90bd0358f67205c62f3ccd6f2e638eb57735031a95445c09ef98871ead9649f7462b4712138fad6bddf01e0ee388972f38db002a371d5d35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
2.7MB

MD5
d312f536f301372750d4be2aca2d55d8

SHA1
845239b88799cf0f02cb61e0604c5d4c29d6c74d

SHA256
46263a0c503d387bb4dcbe21c5256e1b4614c92212671447ec38be00d66efa85

SHA512
992b942e1467253a95904e4828840c9a19dddd2ea4eefe2d415504e6544c71bb88f738a60fa8958fa10c5303bda9e2a4ac48ec93951254c647d96c6f72f0ed95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
16KB

MD5
149484252a2fa6983cbfa1be78e7ed2c

SHA1
7fb7b069bdea910db6376eddab410bec58b51eda

SHA256
e4b6badade7a58c95156a063cd1ad7f08c647d99c7c7fae2e5bd06dbd27ce50b

SHA512
5f28ee0b00bf23fd74ddd11eb35cb908999ac00dac94cd4670b44856ecfb3640a1647d1b5dbbca5c0bbf95975e29fc25fe61d5dab2b30b4e8bce1a3a0775b545

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
704KB

MD5
0a4a94a02af876d9e7a599f9127c66bf

SHA1
69c16aee84aa235e28236c014cdcc2fdf1ff5bba

SHA256
fb58cb472308df273818e6d739097b03f728aa774f11128d3c3519279d646d6d

SHA512
dd4b869cd577d62131f3f47aaff64cb1ab90a544e93f01b27ed09f0b9f4d539d969f9a4d15a4843c8fa5aaf3e3c7af63a1449eadd0560550b2da762f2e3299ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
116KB

MD5
9ebba3b544cf2f47d8af82c7f0cdb759

SHA1
079ad260c39961868b55a9f6e453861120da2787

SHA256
e0293b7ad50b020d48ecb400ea5115f1a325864e0ac1e6ea4d3daf47222e4a5a

SHA512
d4d663238429123decca0e7f21dbe8fbe527da8e288b2f1c27eba0f7f88546aef4879c87e5d64f151a454ef4bb6c9813c718fb5439845cc15cd01d0de251b6d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
388KB

MD5
b4a951d7218c674f0828f277d1c2dbd8

SHA1
ecf467240bccd4a5db78259c0bf2e55f815f252c

SHA256
df6994fb8705c77dea678eaa9096248ef550f8140e74e7186f7ca99d47a697e6

SHA512
1b021ea210fdc3a9392f0c0dce8bc944e02cb827edbc80db3ca525b338806dd3888994f5d92fe4120f1b16d398be2e0ca6d0b6e6599dadca25b8369bb13306ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
36KB

MD5
cfd291b4483ece58a426d0c816bce6e1

SHA1
d75a391ca8cf4e947261537182a92c989f45542c

SHA256
2422a1cdfd49e4f29d3bb08f74464b545d5a84c43508a43f60fb848af52f320e

SHA512
e6b3abba981e65fd4a1ef76c9253b6da3e37a77b59edc8d72e4d26106555651f04236bcd469c4724644552f808cb26b7813bb4fcb04a8bc47d1f2bb00b639af2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
23KB

MD5
4e4d6850ad3f040736ff9c073bedb35b

SHA1
5d6edb403792b4995b4b5ebdb169355db2d3a2e9

SHA256
c67340bffa26bef38636c452e3c73b3baaee6d4a10bb265121051cfca8674307

SHA512
eb9f9ea92385b7910dcb5dfb57a8464d412e8f43125782c31cd813c224dd873c7967aca1e6538d3a8edef9ff46d8f0c87a2b93b0dc6913d3623ea1edd890da25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
45KB

MD5
e8629380a1c2d8645d5ae9e72f1eec79

SHA1
2c97a48566e37f76abbe73f8b168137fb736f718

SHA256
52c19481084afb600c8551254163763c4a3a0b232a0b07ddf7edc19b5335d742

SHA512
cf6e4ba4b8a97cdd16d86844619138f6c80bf80ff298fdccdc1afdedc1235c86653fc16e4a88a48fd4464f480e018276dd5d44a94dbc64a2effb2db9e863e515

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
20KB

MD5
f269793d01803d78291f4315851d2a46

SHA1
8e54da33f906bd30fbe78be8bd80bbda4306234c

SHA256
c4de92f239aa1f43ee6c133f6b6b909b38bf500c0c7a4803a4d509cc667dd3b7

SHA512
f39d6d801605d2f6ca2ca063a12cd46732bf93a8cc88493b1d5269b478bd4a823aa819a3a38a5dd955b39bde587272d0a09ac46fa3f4c0775119faf640ceb2a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
144KB

MD5
8d7667f5a3a15218987b8be47b8bb633

SHA1
7821e8901aafed47d1b88c29677894c65202036e

SHA256
ecb8272b5ad678b6bafc50dcb128657a8f9993c138fa2a14a6df52b411c0f998

SHA512
a35cd6ff473284e88bd0288c3bd9d88731c62c267430338ac02f4b57d16714f216fca1fe8c3e38e8570a278d7ebe3d87d56a21472eccd0185726081760377665

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
98KB

MD5
7d9c4530195dbfcf18f4eb514b8ea855

SHA1
56d5ff947ee9db81e6d81c65fcbbce2cb662ee35

SHA256
01e312d391754b2d4f9e389b62cc4a33bf071d4028fe5f1af1bdc6178050b380

SHA512
be4c69affd5b9e6a4738fd349c08eac253c969b243622243424a4985ab07f42fabbcf06874c01ad0f0487bd6b203422dc8372dc049f66a4d94023124a96354ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
41KB

MD5
109b5013c88cbade8a4a34e42331f93c

SHA1
7044b6b1aaa1b7ed935f1b6e5143531b63ae6935

SHA256
6f15dbb3cc35f2f6819aca39268c811cf96a56c22d96e439bc027230d160dfd5

SHA512
cdcda1c746d3b29536a313f7cb255368a8622d0a5a6b8c632909ac3b8affbbd00fcc7399f64fb157050d8493efde7d6cfbf5779b71b23dc2644802e839b4b608

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
25KB

MD5
77548605287dba81304c268ee14fd02f

SHA1
20ab69cbadfeab5e14368936177b74b8966e01f5

SHA256
043503b33d271cf2641ebc4518a21633ce01ebac24acac23cee42d7f28caa49c

SHA512
c368d5a5c697111d6991fa9a24a160a9822621eb9a9da9295098fc6683d00fc36f5b2ac383714e1e93c030e9ba70813e20087a2dc97b3a1a59a44a69a657d5c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
19KB

MD5
dc5cd4fd05553c4226f7284f4a192a67

SHA1
bf4dc1c0e4649d2f5a28281870307415c2a9c652

SHA256
438a84c30d0bcbca4a1262cc930fbb189c6e414a03663ccd171a5f227aa6167e

SHA512
944b3b06a8e6c9df1da442e6abd8cb7b2092a1453d855c5d210d1e056215f4bf1b9baeba4752a7d7d566ab58ace4a76cd85ce6dd3bd537d0db63b796b0d8c622

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
17KB

MD5
e691449da8e3ff41890ba36ca7fd8608

SHA1
d83b4aaa520af8b24ea0f1eb81a6d2d8b1a2ad49

SHA256
36d40ced150354d2dbe45196438bbc21b8c38f4b966510b2f5d4dfc618930bc0

SHA512
9c1f76138f60a1298a983d018350797212916a2b0e6b851f92d5df8f2f4ae94dc4b3aa07af3dcb25b09915bfa80607b4c41fc2a0461b70a7731ec3ea53944e08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
23KB

MD5
edb43f25b5053b3019fd93249dff3ac8

SHA1
8461148e5de43869667fbe64194eb80450bb3636

SHA256
dee06f722e9f34013c9ceacd547b327c78bdc637504e58b38c45fcf65ed43c92

SHA512
0b0b05af01a9c3e14eef9e5ef236ef8c125137a3ffe410fcd143aa1205ea2035d8bb1ee6a6f7986f3b1a1b6235a7b185c961238f8ac07b9aaec9f46e1f859849

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
23KB

MD5
7e5e1a4d163955f635729f88f153893f

SHA1
6ba4277576da62f25b86b1485f3bf74f24b35351

SHA256
605930c279754975b1778a8b9633851c83e2fff001980bfd07803488fc41c3cc

SHA512
f0a1b0250461d2ca8a338a0eb99a1edf087afbf3a8179cd493c50c1701a39855ed2b56e20200254ec955d29a85fa36ec1784aac61c5146713b40f386b6a562ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

Filesize
29KB

MD5
df7d003f29cf3edab59d689693b0d08d

SHA1
169ac3763ab4723582d7c73b3cfa1dca8e7e6f6b

SHA256
6e473913f1911895986897996f57caa08c38b38b3eaed24cc035eee6598630cc

SHA512
cf2c6b5cac8859acbcf8462432afb2b70a41f7e532c600b7fce32a4776ecc07d9a487edcb266adf0a3b13471dcfb1f1ac8f4b7941282765783f05709353660ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000044

Filesize
18KB

MD5
cb2eed093631062e8033796351a8cfd0

SHA1
2604f725ff663ad008c0b1b58317700688204213

SHA256
5decc1d78d1ad33afc34549791882c100aab460e8070da4bcf70a589974f78e5

SHA512
571032f6373dddaa648d12aab67ba9a843f98b315aab51187875c6abe2055be288c3fcf34107335fdf1456895895c197c90b5b89c846b6a9e76cec250d7f6e32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0b141be5b8a0f6a1_0

Filesize
3KB

MD5
e2205d07d11db989fe167df71f3e5c89

SHA1
236775f31293888a91bae478a0355c40ca045e6a

SHA256
7793680916a5414051eb4119ebfc3dff6c4a2ef9874c51451addaac13f4af27f

SHA512
286eab875ba09b379bbdd51557db66931573f3f2e942358e4502a2080aedd8c85d8f0320838524d006a5fcab5441121353a5842d83af58e6820e5831bdc8ea2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\126021629ecace5c_0

Filesize
2KB

MD5
b629eca7b29f3c99c6f982abdeb84549

SHA1
e940b4911c2aa4933f7fc2050ed12f8fbecdbd3d

SHA256
407ee6c426651480f51257931570be2e43ef41bad5ba845e8614b920a5e9901e

SHA512
988b34d6ce3442b3089b02d3bae63f955a26f874c6bdeb3eb29a8661a5d685e51a57f84206a6afa50f539050dac1dd1221255c53baea0fe1c45645793e0462b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2ba5b84822b10996_0

Filesize
3KB

MD5
b4e98fbd2766ef3ac8aa28b36b2f94a6

SHA1
7cd6bacee2f145a7bbb05c4c654fbb5d8867fba6

SHA256
bb86390a9de6d292536e2748168dca57b2c4d39f886db1ce3f31764eca2aa2a6

SHA512
32f3dba6009cdea92bd9abdcade83775ccbad6e4885dadb452aa3c4cc57a9e82a2ee36f1d704620121d8840bea9717910af811af8c7fade99db060410fc20b8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2fd6de94d091600d_0

Filesize
9KB

MD5
eca68ebfb50222ac0dcd5ff47c306a6b

SHA1
b31eaa32e8a2c1254d99ea9e6b8b4ee5ffa79809

SHA256
a819405941b8671eb0ce8bc8bea3232f857480205dac608158631fc2e2070b3f

SHA512
8aa034e45a3df21fc02b392501a0cd16d6207ed2741a6dd87d2cf9c4a1be7b1b5e76e37577db63a7432ead6dba90660ba16a38fe357c714f813e5c6c778e7465

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\32110ecc97908c5b_0

Filesize
4KB

MD5
a62b6a064c39011e9536745f376c3edb

SHA1
590576336d063b6d0415b2f587d950e69b560173

SHA256
7a34a5d2798d2813256eacf1d12c3aff9d4617f247b384fced67b04d6f851b29

SHA512
2a6de461749fd8c3bf914c44bb0db0bc53ed294ada41a780f1b1327973c2b557d978a5abf7230bc46a494cf75cc69c7f995e02663f26f5d2968f471e7ea3de80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3ba967b8ca541769_0

Filesize
128KB

MD5
19ba4bd7a5f347d99aee8f4e811d8e90

SHA1
3ddb4c8f8b5c9369f627ea2d3ec8907c0ba3a6d9

SHA256
aa1fd9c3722ec058060036ecb93da3d21e5bcb77980caf97fef3fd95e3bff719

SHA512
c068c68abad1477217fa8af400742066f87c4acfe30a84294aceadb90badf48c9d1ad0287d1e1dc35da0e186065841e712ec87ac823e1d311994f45902d9da37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4fdb57ff6ee3052f_0

Filesize
346KB

MD5
99768a4e1f99febab05a3b3bb7a14713

SHA1
3222496852124c83b8ed6c5bff9cb89154ec285c

SHA256
060bfba43cc28e9c265130331f7e11d6957a333668b2b913a2504b5e4dc48486

SHA512
fd954434fb8635ad5609989d3d713efc06799ae1f8b0e534b663e7a7b240e9365b200f6c75d1ae8a16cc907bb5a63d8ccc42789cc8eae0f7fbf71fa54f6f23a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7f0ed283d4a59244_0

Filesize
366B

MD5
65a707889e8d9713d344c9110cf013c8

SHA1
ada3ed3cd32cea715db190b44ce9b83348784565

SHA256
048b27d8818e4856fdc3d82887686f267d8495fca898e33ab21d1ea01ff53b77

SHA512
535d907a34aff7f5a62450e05dcbc33641b78b618022839da0b1d2e8b060553282e53ec369fb26e044485a176bc96f41033298855ce31188db5887d18df8962a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7fe23e38830f3925_0

Filesize
390B

MD5
66d5613f4e4614f44ed1b2c1f741b74b

SHA1
e10017b6ec897e226e970d73cd1500e58ce6a857

SHA256
2f451a9a4364f881821ac723c641f01138bbf1f2a86b7f529d5d778762407d1b

SHA512
c9c34753c51701cd976f52044f1e04a7deb123b7bed1377a839dbb2a68cf4c653727587525050e2d38c2f3e71ed37dfdab0c741578c6e0b149bebfff56178e7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\826ac81ad42f9995_0

Filesize
2KB

MD5
d46f687eb7eff26c337d59133cb4be99

SHA1
2d10b594ba40ff7c748a59bb4aa286a9307fb432

SHA256
7817f479b59c4e0eeab765c51d67d825ad7632c69904400b8d25a27a70968381

SHA512
f25d9d5c1b3f5c154ac21eb835740e73fa1c03444b4a9a23efae4df05e45e0adcd195342a484f3df2778ee9ed1c3dd009baaafc44a9baf86daa3646c3eb03617

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\abd01179c5c7bb50_0

Filesize
2KB

MD5
b28d28b4533d9e771c1c0930a3271387

SHA1
578330d1805ad43014123a2a2cd6e09cfb3b4650

SHA256
f0d85df22969a597f1ffcabfbdcc5c948ea1fdd329829c2fa70d5ede4a72b48a

SHA512
773cb475cc58cb89ab1af201061ab3eaeda0a9b06f20d2f9006d2b408e40d042b31f558a45214a697a840cddd95ced976cd7eb2c2c4a93f077f02ba2476f94c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\beee3981070dfe82_0

Filesize
2KB

MD5
5d7252bbf29bad8056f0d93e4bd7b20b

SHA1
5fed33fa787b26c0b1a3188289da4652ec1f5bf5

SHA256
97634760ede1fc7ba13818494caae006d5ca0c3b50b2ac1ece66d06ef198a6ca

SHA512
e5848f35da51ab597f9b5c1d6420873b1c6b17d330c7251d906ee593d59c902b23ef47b24fb93fa484eebc381ce637d1e1cd35c45fe7c9b03d7c78155d4aa9eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d6b887827e135161_0

Filesize
5KB

MD5
a3fbe02dc8609a4911caac6c6ff94b37

SHA1
c1018f043068c0668da44594deb0018051cdc6b5

SHA256
c6aade0eaea07018131cc551d5551458f32c4c7c1767d54aa49fbd8cad630072

SHA512
541dd4e23247c8df785913c9eadd40ce08aaa709d16574a31eabb7cd48fc8646b6f3a637ff05d14b9cbf2f308aa4eb3cd289ce28e9f8e40841621929b8bb01b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e1f669d6c860574f_0

Filesize
4KB

MD5
44ede302cf24aa6f60fe18acbae489a8

SHA1
a9a379887684bdafefe94eec9815fd44051c4b8f

SHA256
9979222b6795d8cdef183789c3c881ca2310edf07e195dfe259d9f1afea05902

SHA512
f97bbf3ddb367c93582b9d85be5fc03547bcb5934918e61fb9c5cd46431e801a036cb38bf46bed96571762ca4fc663ef80ed0c4b42e67f0d3b4fe1df91628356

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f3783035f0a6818c_0

Filesize
2KB

MD5
248768819fc4d98f6c49fb1363dd57c0

SHA1
a8534fa41a72e17bf2e31c5e1ef5d126c568f111

SHA256
656bb37a265cd22240469fdaf45b61ae4f2ee38d5fe0a75d1e9895801236f9e4

SHA512
c477ba8e01fb79032fdf5f9ebd3e4f4e46783a92419360da6bfa2804042f27613ed7d580846d71ca9f65e635e102011946b2e3aff1bf8c6e46d8def2a40aefc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fec5dba453525719_0

Filesize
12KB

MD5
11005cedaf64c1ac70ee29086b6b44f7

SHA1
c42309e0956d5cbba5a93b49eee3b77de3dc9480

SHA256
adb414af84746962d67d2b542f091ebd91c66388ff9c8e680fb453669199039e

SHA512
8f7c511622febf3022d347965dae45a05f6cfb326c6d4588c8ccfa396b5edf4e37c7ffadb783464663444ad2dc936bdbd04e8ea86293f2df23fb12b2cb7e92d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
984B

MD5
fe61d15e7586e45fd7f5cc1757f6a030

SHA1
0e1cbe22c963003f10cc006c47f0b238fcd6a9b5

SHA256
6a5bf1f57dc434e871134aa6ce55f415e6bcd9a1f8160c8b954f4ba23b92071d

SHA512
33efc5a28c33afdc5acc8e02777de47799bcac84d27bf6579f3dc09c3c9eaf3a967577e62db87766602d42dd095edd79f153dbeb2423fb644344b27bfda6a919

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
3fa7bac5a37d262a7ce394abbc877c93

SHA1
376ed785a11ef7c28570e6bf68f717bdabdb8c89

SHA256
d022343fa6155c41e5146e383949a1de72ea384a399407e40607c57e5f1ea2f0

SHA512
db1a07872f2daa7021006ea023b660bcda2d2333f639a03825304b79fae1db75d06863b18d0d84d9e17af7e5faeb8a09a1cd064a70f87c5fe2f2a2ef53c9d8c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
430a9e170ffd01c525113948f61ad294

SHA1
efdab30bb3caea4008f365ac299c88a9ba548ecd

SHA256
4fc84da5fe72273ed3a38e62c4ab53c3d7def0c2ee5b28648f3abd5a977c75bd

SHA512
0049bb2161e68470ac53e71f5004c2247c1a0210e11bac8a9fe823def2dd5c27615a7e2d029792a12c43ff090c3ebdf74aaeb1387eb2ebc5cded04e7db2a002f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
e3f983033782bd78f80aeb484aeec552

SHA1
9d29e1fa8b827bbc4cbd2599742479f1a789a4bc

SHA256
276aad61b7ec374026403cc24dc4dcecb9fef65353d7bdc600572b57b7814a4d

SHA512
950c341d1ebcc343ce1bf568446d883f83c785c4acd4c60966549b5e110c0344f44422cedc7199b565dfc69b632db302385d624569603613ea102687098fd11a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b5c2556592d3a44e8d3fff7f2d728c46

SHA1
d9c34a8dc605f9a859c33470523d1511e705f2df

SHA256
20e22973e004b7ce5611871f6e4e545cb1fdc5e45c27685950ea9af34d1225d5

SHA512
498609c717704d8d8d5b9cf1f6f0f35194669f7b03b3043f1b4ede22dcfbb14f4030e5370a2ea7bbf071449b27759400e7345e3abe93bd8f19ff4d298993f955

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b664e3d701d101176d25a314bc1c3e0f

SHA1
3777edd69a3748b6987797a7cc9ed29890e89c3d

SHA256
c8464f9ff37f4356295208705219d8474ae864fcaf426c46fd72413e0d82bd2c

SHA512
ba8ec2dd4e7afe4fd49a9b13fa7680e03ae7611585afdcd59e59109ed440cb01b3726439803e85f0455d519ecf6fcf2e0d32390899a3e946fbb026bfb909742c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ec09e34fce1a20d866e12f21c6e329a8

SHA1
03bc1fafd3b9327a9a6a731b9083364039a489fa

SHA256
4fdb68700483173e8f0519acdaf5fb4ec135ce0659b8fa726ec1a620175cc794

SHA512
3827daed5e0c4723b5fb1bc3890661299117c420de463102bf0c4251aa4000952ddf042cae5a1cd64fd340d5138e2f1bb2ea0376341e74a3d904e3e981e68974

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
2804b301e5070f86981a3ef9401b1fc2

SHA1
d1530db09bd612e5b4fab810a9f7053e8b633435

SHA256
378c15439956cf05bdc087e7e0331b01403c89e92a92a1c6db538c759074fe57

SHA512
793413cff27730a18a61760d6393ad4fc8664a74ee2808101ef397f8f94266d52f9b0e0fc865673f1b63de21a8eb4e64ce6ec76148dd99ddfb293764f0915d54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1d15adf3ff661a581b1b8819952c08e3

SHA1
72e382e8a3d0e1405677e6097129d30f9d294b0b

SHA256
b7e4f8932901383c7ba0707282e2b621bbb9fffa04af18fccb94d21a8a9a9eaa

SHA512
62b48436fe8645719d66f7e951897cb64e168cd08caf94cf91f08ef3e7f9998d31887c9374c236ea5094a763e3002668cef7ed3e9efd166cf676c554ba0f49b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ab4a00379ea2fa13631d6f095b20246c

SHA1
bf4754516939e10353e2f4a0af5dd842e39ea60d

SHA256
b3b89322194f2b0be2a713b9cf199beee1a5e3c63d376ee60c3b7ae98d24936a

SHA512
c8d82d32eb22e638873532c18d056d0026f433062d31e49eaec75d950c690a2e314355c9fa466581fc5651adc8be34cdec22d956f5f902e07f08bcf5f349e051

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8a2f6058928a1b4f359fb22c0366c891

SHA1
553689299dd5ea2f7f687e475e3ee80605d4293f

SHA256
e299e080ab9776acb45225c8b2ac3d7e2649c6daaac4839758e2ff0aeee98c79

SHA512
b58c97ac18008be2c75f7af08e795c3d314ac49186d7ca301b78d9f5b18bb70728fcb94e50137a8344caaaab85a37645b4bf8b659113ca91d625955d05749d6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a9f627aa769fd0d6d4cf795e8ded376a

SHA1
b46fa819c29f5bfdfbbe0268e26abe3be7d82e48

SHA256
49757a9b89cbd053d9e49f525390b1a6f4517c0e912feb80f04805503ae7cc99

SHA512
f5350c319e76f3dc0b9501a8a0dc341c08762315b94cbdcd4bef1f3ad7b8a9d2912b91893c5cf8580eea1fa7e7840f902528ede45b5a3f5dc1fba4f383958430

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9c0dc08e893fd1e7460d2a107835eb13

SHA1
2bfc744d867099f3839680ccd185fcf4d70eec01

SHA256
33efa12c9b11b88bb7ff687b3f7d0681a0b355f23dd770a6f7d142105f412d80

SHA512
d8bc50d37f0e930a5b8a71394802089091c0acc971470a1643968e5dde70386cb783ae137579fa68945d049f15727132d80ace713dd34d1df4c7ec9c5e18ee66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
76207b2a4e64dba7f1e3575da396c1f3

SHA1
51abb84f99a9b3f572e0f2ae39d71b249269306f

SHA256
3f22845eded21a9ca0fcd821565fcd434f949920b7431d0515e5336a77229c67

SHA512
8001513f4131b4987f58ee99c4290f54f852f9654ba453cc7398d01258b3f0172c6ddb32be97dc808d1e9fcfad87be629451c3b1fca33b37dd0ede1df3ff7885

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
0a927155ed436b079b4187d51c6a2ca6

SHA1
ee592498de6c5f378eb1afb192da2a5514e8b98f

SHA256
b54d0df64cd8fc1068e2c49802327e4aae7b5bd93ea2bc7ff3934e41a306cc8f

SHA512
20d7b71b17a9dca0489976cb8ec89aa054c748f073f296fe40dc674cd079739d2ab1892589c87719055198b3f7da7985b07bb36089303b68f9f79fa6fb930916

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4e69ee491c27a51a805a49bc5b2d9651

SHA1
9b9e7ef0a4b21186bcf82b61466a19a8d66d9773

SHA256
fe3d450ea1a54ca486a6766e91dbab1b57d863d4957f93c5f38953150efd655c

SHA512
59f9d924dcedc59e1cb35225919a05be3f6795a1a0f2ad7d09f051d20a053225431051adcfdf8acaa024e94c0abc90dc055732c03390b7aaa570d0c5bcdabd08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
3bd0f327ad155efa9fd4c74806153617

SHA1
e119779d360c6f3f2e04980cff6bbf5416715ac7

SHA256
fe08e7349030edcc6cbd5b8d3cb202df6360984fe872a4497e179d1b079155fa

SHA512
55fce25e4a9c6031898cadf93d4159e270d8bfac1bab656f784b51f86eb60847fcdee933ef8cd203b7e007f428103251ad6edcab1f78e8c3060cde5aa7222ac7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ef9d6b9cdec44d9999326515a85294a6

SHA1
368f34a8d154688920f85fd700eeaaac4335c822

SHA256
5480f3a1c28ed17a2e6fc7bb68dfd583831f3139068af0c964cb6bac68b70e16

SHA512
eb51b8cade06b502bd51045ddc7c7147cdca6096f72ff227e78a9868bcec8adb97ef4a73178a54a0b1fdcaec3f80a799148ec86011b0d97f7576bf9dc5806378

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3aaef1f02004811186ad4bf20f441c2a

SHA1
4158b43811db09c221d747010b098e70a95fedc7

SHA256
9375bc507925d25184c65af7c237cd263da48b85090204283d3207c2b15ad008

SHA512
b45b922fd69ee5fc903b02546d8a89bd2cc11dd9f5d5ca72cbb85a2941d15107420725b3d016513d1a7275cfc2a3478285e48409fbcad9353d8b22c7fd5a01f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c4a8.TMP

Filesize
1KB

MD5
04eb2ab6099dc87a1c8bf2c073aff770

SHA1
aa141b5d6e4a4bedcc737f7d37fa49f6815d3884

SHA256
a1a8aca780a683dcbcdfc10ae176a2a25edf8f6e5e799bd01967d2911623af44

SHA512
4a055847c4bd0c928b23a252ae1533e7860865e97027c1402390af0a7a0cd8f1e68a21a2cbe4adbb5c39817f0ebae8ff2967f2f4dd3f98ade3ce64310af311fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fd9858c4781a5ce1f265ff36ae0fe7e4

SHA1
4c12215c3da9347da42ce6cd7e237b179a22c218

SHA256
8c8beb6eda77f0c54d7bc62b681764bf5a6c78d1f1c1ee767a0569cb9986e713

SHA512
68b437e53edc89c602ae7b45214da288158f8fffaa7422da8fb18167f8645701e708b1c6fc10550e75310dfa3faa201a5b103ec8d5801b58c04b904e978934b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2a4762291bbe78be9c07e7f5dcebaba0

SHA1
6a94eee8cc864b331ebf9d71ff3356dd588b9d85

SHA256
e0e8c35688cc30b422274da657e0a91d01cf64ab2ef754ff92443e1181de7593

SHA512
d63222d57015610a432f29f4fb59226b56232b800e8dc78cd89a32328c7c0cb291b1b572c2f9c52e0475a639d4e7ecfa0eaa059f6132099ca56bc1e8f8e85896

Download Submit