101fc81ae7c75c2430022f77a4e4c5c4fdef9b44b27775100bd4de7b9a9fa670

Resubmissions

09/12/2024, 20:00

241209-yq6v7ayrct 10

09/12/2024, 19:59

241209-yqfzrsyqhy 4

Analysis

max time kernel
53s
max time network
60s
platform
windows11-21h2_x64
resource
win11-20241023-en
resource tags

arch:x64arch:x86image:win11-20241023-enlocale:en-usos:windows11-21h2-x64system
submitted
09/12/2024, 19:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

random.txt
Size

1KB
MD5

690898f1caa00ae10d00d286c5151d2b
SHA1

b6be0d193ec3f5bdd910baa4edcfc71b91175cf9
SHA256

101fc81ae7c75c2430022f77a4e4c5c4fdef9b44b27775100bd4de7b9a9fa670
SHA512

5852810826df1f7fd429070359a34c4f9bf9d71e6136682c4b47b7812e03904f75b31b27ad3b393f782326376713c90866be14931eb5c0e4a2e70624fb0ce17e

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings	cmd.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
1056	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1128	msedge.exe
1128	msedge.exe
4708	msedge.exe
4708	msedge.exe
4184	identity_helper.exe
4184	identity_helper.exe
4144	msedge.exe
4144	msedge.exe
1520	chrome.exe
1520	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 796 wrote to memory of 1056	796	cmd.exe	78
PID 796 wrote to memory of 1056	796	cmd.exe	78
PID 4708 wrote to memory of 888	4708	msedge.exe	82
PID 4708 wrote to memory of 888	4708	msedge.exe	82
PID 4708 wrote to memory of 4276	4708	msedge.exe	83
PID 4708 wrote to memory of 4276	4708	msedge.exe	83
PID 4708 wrote to memory of 4276	4708	msedge.exe	83
PID 4708 wrote to memory of 4276	4708	msedge.exe	83
PID 4708 wrote to memory of 4276	4708	msedge.exe	83
PID 4708 wrote to memory of 4276	4708	msedge.exe	83
PID 4708 wrote to memory of 4276	4708	msedge.exe	83
PID 4708 wrote to memory of 4276	4708	msedge.exe	83
PID 4708 wrote to memory of 4276	4708	msedge.exe	83
PID 4708 wrote to memory of 4276	4708	msedge.exe	83
PID 4708 wrote to memory of 4276	4708	msedge.exe	83
PID 4708 wrote to memory of 4276	4708	msedge.exe	83
PID 4708 wrote to memory of 4276	4708	msedge.exe	83
PID 4708 wrote to memory of 4276	4708	msedge.exe	83
PID 4708 wrote to memory of 4276	4708	msedge.exe	83
PID 4708 wrote to memory of 4276	4708	msedge.exe	83
PID 4708 wrote to memory of 4276	4708	msedge.exe	83
PID 4708 wrote to memory of 4276	4708	msedge.exe	83
PID 4708 wrote to memory of 4276	4708	msedge.exe	83
PID 4708 wrote to memory of 4276	4708	msedge.exe	83
PID 4708 wrote to memory of 4276	4708	msedge.exe	83
PID 4708 wrote to memory of 4276	4708	msedge.exe	83
PID 4708 wrote to memory of 4276	4708	msedge.exe	83
PID 4708 wrote to memory of 4276	4708	msedge.exe	83
PID 4708 wrote to memory of 4276	4708	msedge.exe	83
PID 4708 wrote to memory of 4276	4708	msedge.exe	83
PID 4708 wrote to memory of 4276	4708	msedge.exe	83
PID 4708 wrote to memory of 4276	4708	msedge.exe	83
PID 4708 wrote to memory of 4276	4708	msedge.exe	83
PID 4708 wrote to memory of 4276	4708	msedge.exe	83
PID 4708 wrote to memory of 4276	4708	msedge.exe	83
PID 4708 wrote to memory of 4276	4708	msedge.exe	83
PID 4708 wrote to memory of 4276	4708	msedge.exe	83
PID 4708 wrote to memory of 4276	4708	msedge.exe	83
PID 4708 wrote to memory of 4276	4708	msedge.exe	83
PID 4708 wrote to memory of 4276	4708	msedge.exe	83
PID 4708 wrote to memory of 4276	4708	msedge.exe	83
PID 4708 wrote to memory of 4276	4708	msedge.exe	83
PID 4708 wrote to memory of 4276	4708	msedge.exe	83
PID 4708 wrote to memory of 4276	4708	msedge.exe	83
PID 4708 wrote to memory of 1128	4708	msedge.exe	84
PID 4708 wrote to memory of 1128	4708	msedge.exe	84
PID 4708 wrote to memory of 2732	4708	msedge.exe	85
PID 4708 wrote to memory of 2732	4708	msedge.exe	85
PID 4708 wrote to memory of 2732	4708	msedge.exe	85
PID 4708 wrote to memory of 2732	4708	msedge.exe	85
PID 4708 wrote to memory of 2732	4708	msedge.exe	85
PID 4708 wrote to memory of 2732	4708	msedge.exe	85
PID 4708 wrote to memory of 2732	4708	msedge.exe	85
PID 4708 wrote to memory of 2732	4708	msedge.exe	85
PID 4708 wrote to memory of 2732	4708	msedge.exe	85
PID 4708 wrote to memory of 2732	4708	msedge.exe	85
PID 4708 wrote to memory of 2732	4708	msedge.exe	85
PID 4708 wrote to memory of 2732	4708	msedge.exe	85
PID 4708 wrote to memory of 2732	4708	msedge.exe	85
PID 4708 wrote to memory of 2732	4708	msedge.exe	85
PID 4708 wrote to memory of 2732	4708	msedge.exe	85
PID 4708 wrote to memory of 2732	4708	msedge.exe	85
PID 4708 wrote to memory of 2732	4708	msedge.exe	85
PID 4708 wrote to memory of 2732	4708	msedge.exe	85

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\random.txt
1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:796
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\random.txt
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:1056

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe51c63cb8,0x7ffe51c63cc8,0x7ffe51c63cd8
  2⤵
  PID:888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1868,533382345119827769,6353062007758131133,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1892 /prefetch:2
  2⤵
  PID:4276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1868,533382345119827769,6353062007758131133,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1868,533382345119827769,6353062007758131133,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2512 /prefetch:8
  2⤵
  PID:2732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,533382345119827769,6353062007758131133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,533382345119827769,6353062007758131133,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:4384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,533382345119827769,6353062007758131133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:1
  2⤵
  PID:2520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,533382345119827769,6353062007758131133,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
  2⤵
  PID:1028
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1868,533382345119827769,6353062007758131133,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5744 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1868,533382345119827769,6353062007758131133,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,533382345119827769,6353062007758131133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2936 /prefetch:1
  2⤵
  PID:4176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,533382345119827769,6353062007758131133,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:2336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,533382345119827769,6353062007758131133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:1052

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2832

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2092

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffe3fb4cc40,0x7ffe3fb4cc4c,0x7ffe3fb4cc58
  2⤵
  PID:2868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1836,i,12924391476733721412,8554536519192566678,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1828 /prefetch:2
  2⤵
  PID:72
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2072,i,12924391476733721412,8554536519192566678,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2140 /prefetch:3
  2⤵
  PID:3052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2200,i,12924391476733721412,8554536519192566678,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2212 /prefetch:8
  2⤵
  PID:2492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,12924391476733721412,8554536519192566678,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:2180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3148,i,12924391476733721412,8554536519192566678,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:4700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4440,i,12924391476733721412,8554536519192566678,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4520 /prefetch:1
  2⤵
  PID:2268

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3464

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
203fb8f24aac6e4e1a9d439da8dcb8a6

SHA1
ed0bdfba5e7fd686194cd6bd21819b69a029fa1c

SHA256
540ab008a0f0e879effb4695a9c0becad1f6b25a761a16d173453dae4117357a

SHA512
858711b41becb02e6f054baf2f70bd21634ecf3693cc665d9247dbb41ddff89be5de500942a30439d721c5abc63977973050e71882319d3ed08afc0bab2871db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
f8be6db1e44da92821679c0b1aab0d3f

SHA1
f1343d2794e9e301f1dad69663347cebfeaf729a

SHA256
28f3e82aee67ca3808053c9153baa5ace2a8797b07e1cf1c6c42466c0ebdf779

SHA512
55e78af52a1006199a6a57aeadca771bad48916af349498283a5981d212d804011ed517c35a92e829e2bd0be96e21037519b1d4ce7f8e28dde000e7e096bfed2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
2ad43a4456766ce01ef8ffda8d11c556

SHA1
ef8a5fb0b71c7924164853ff312226e39d84fc11

SHA256
1536f8fff71593a781472cb13bd3223b550768ef8166c0dec79d0106faffe460

SHA512
e24e902de3b4c7f650249bb27b878a7d1400269b9c990f592b4c6e98a8cbc4253ccf6ab7510147ae28d7409af3fc1e02cdce0538a044e88403051c6e9bb45180

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
5ae1a7b4b5b5e75307c9a7e51788591c

SHA1
5b55ae0cf28cd3adbc51eaa9e7c6bb86ee979e60

SHA256
59ee2aab4fe78386e4f05a431a78f605bc5bad9c653838479cdc9b89b03c149c

SHA512
46068ef251f0aa99f5d672635a80b6049183d438d200d8e59f4c13147c08b7e0f165af4691ac736aff5095b3628f21372005fea2c5523155e539a68ded9f4004

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5431d6602455a6db6e087223dd47f600

SHA1
27255756dfecd4e0afe4f1185e7708a3d07dea6e

SHA256
7502d9453168c86631fb40ec90567bf80404615d387afc7ec2beb7a075bcc763

SHA512
868f6dcf32ef80459f3ea122b0d2c79191193b5885c86934a97bfec7e64250e10c23e4d00f34c6c2387a04a15f3f266af96e571bbe37077fb374d6d30f35b829

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7bed1eca5620a49f52232fd55246d09a

SHA1
e429d9d401099a1917a6fb31ab2cf65fcee22030

SHA256
49c484f08c5e22ee6bec6d23681b26b0426ee37b54020f823a2908ab7d0d805e

SHA512
afc8f0b5b95d593f863ad32186d1af4ca333710bcfba86416800e79528616e7b15f8813a20c2cfa9d13688c151bf8c85db454a9eb5c956d6e49db84b4b222ee8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
852d6b9ee105a2c3acf0b238ef24059c

SHA1
ef00735ce3bdb215acccaf81ccfea2ea2832e47f

SHA256
a4f6af159ad733e3c84d21b8fceeeeaf058292cdc153cf56d35a94cfc7ecabaf

SHA512
74414b12aa9569ee5f69cccc06e601b518b2ef5d60695dedffac6c0b07fb4afd8d976db0d1231c5f51c4850760630f7c7fc440808eb0f77d03805559ae7eafe1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d7a2844fcb74bd030b2cb2420019ab9a

SHA1
892a4062e8741073caccded89520d4471be0faf0

SHA256
606156c3e42f012c54f0c93a042da3a47e85c0ca8e5486ed2aab70feb19c9dcf

SHA512
7a8a58cfea24d32165ae6fe0981bdba3d10e01f70c6f96058730e36f9d308a2045311ca13e4eec65790096517e76f04bf3c5dc6e6f3ed2f240f4ecd70d26f630

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
49fde3965146e554fb7c55738962a42d

SHA1
07d5b340319f74152a07fd5ccd894d53aa84a143

SHA256
dd8afca1e53ee0e11d9d6019c83678455e30aab9b47499af2c3fe1bed6c9db8f

SHA512
debc6bac5331248ae3ebf6d82d34507d65ad14cbb50854cc0135d26256dd88d131c66341f60ab609d8e374a60c6ec42950cb7faf342ddd93bdd0db5662b6f73c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
53def95f46b57bf9996b8103632821d8

SHA1
e2de4d5f98c648d8414a44082d43227d8c340243

SHA256
8642d94b2057cec16d929cd7455fdfaa68cede54089d0607abdbe62a05be0af9

SHA512
d8a12b1ef6166cb0db3093ecbf7d1121a48c3e2525eb2d775a0c0642204e083d3e2ecb4cd42cc73402dff7ba830937987aecc273455d979049302383255a13a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
92672f1937b629d7eaefcf9b390eed7b

SHA1
445431c17272fa5b3fe661eb8d381d6716c364a9

SHA256
1e8229c6b3b5637464a9475fff3138b74fe330917d93672485f93781a3b51c99

SHA512
cf619cae61234bd2a6017e2988bfc7c46ff4ae6c712987e53cfb90344bc25c2cd8bb732c8f8cab77366d3d2790e28f780d7458968015db9bd5574325e2aabad3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a177ead617eeea69aa83b0c3b667d438

SHA1
4ee15cc3d7521d7351ef0c89407aa8d66678bce2

SHA256
a894a54cb896e9329a75244bb6761eb508b02e6ea4ac5b5ec3eb9451ab5fe363

SHA512
005b1b3730c291b9834e97eafb6241fc2e1348a12ddfe0bc3aca9c6ef90c9032843e142f1635fa5a9e2de2f4676a4eb8f8c94318c1193894e3d1d229b6762b20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5ba3f6050c606b0c773fe64a76f38589

SHA1
cb3b3326dd59709e2e7962a449925d405436eeee

SHA256
fc5a6a51f90f9de5fc72aab53da477f7f9ddcbebcc76f78c8d522a28cb85844c

SHA512
94893f41457c0bbc74aea25420b06afb999d505641c3c2ed07ccedd4f44b72ded1c59071e1131c01dd275326bbfeba5592383e96d940649f95dd603291213284

Download Submit