4d0d51e3e1ed877bf2a7c27830005955a67dd923910f69d43d565537ab9b6871

max time kernel
150s
max time network
151s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241211-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
12-01-2025 19:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_10e348c6059abdb25d0b650ce3591a7e.html
Size

6KB
MD5

10e348c6059abdb25d0b650ce3591a7e
SHA1

82c10f89b940adf2feb110115fdbcb0d4604d745
SHA256

4d0d51e3e1ed877bf2a7c27830005955a67dd923910f69d43d565537ab9b6871
SHA512

b80f6515da161ff39ad681c115d991b4ace53621900210cef272810e6c3ec4da590e138686280220dd71e0d93da19ee1f20f704679da6c67502de498c44468e1
SSDEEP

96:uzVs+ux7UhYtLLY1k9o84d12ef7CSTUrZcEZ7ru7f:csz7UhYtAYS/+b76f

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\85a78349-0198-464c-805c-92424103edcf.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20250112193349.pma	setup.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133811840465227722"	chrome.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4520	msedge.exe
4520	msedge.exe
1576	msedge.exe
1576	msedge.exe
464	identity_helper.exe
464	identity_helper.exe
2948	chrome.exe
2948	chrome.exe
6044	msedge.exe
6044	msedge.exe
5696	msedge.exe
5696	msedge.exe
5356	identity_helper.exe
5356	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs

pid	Process
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe

Suspicious use of AdjustPrivilegeToken 62 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe
Token: SeShutdownPrivilege	2948	chrome.exe
Token: SeCreatePagefilePrivilege	2948	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
1576	msedge.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
2948	chrome.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1576 wrote to memory of 4204	1576	msedge.exe	80
PID 1576 wrote to memory of 4204	1576	msedge.exe	80
PID 1576 wrote to memory of 4764	1576	msedge.exe	81
PID 1576 wrote to memory of 4764	1576	msedge.exe	81
PID 1576 wrote to memory of 4764	1576	msedge.exe	81
PID 1576 wrote to memory of 4764	1576	msedge.exe	81
PID 1576 wrote to memory of 4764	1576	msedge.exe	81
PID 1576 wrote to memory of 4764	1576	msedge.exe	81
PID 1576 wrote to memory of 4764	1576	msedge.exe	81
PID 1576 wrote to memory of 4764	1576	msedge.exe	81
PID 1576 wrote to memory of 4764	1576	msedge.exe	81
PID 1576 wrote to memory of 4764	1576	msedge.exe	81
PID 1576 wrote to memory of 4764	1576	msedge.exe	81
PID 1576 wrote to memory of 4764	1576	msedge.exe	81
PID 1576 wrote to memory of 4764	1576	msedge.exe	81
PID 1576 wrote to memory of 4764	1576	msedge.exe	81
PID 1576 wrote to memory of 4764	1576	msedge.exe	81
PID 1576 wrote to memory of 4764	1576	msedge.exe	81
PID 1576 wrote to memory of 4764	1576	msedge.exe	81
PID 1576 wrote to memory of 4764	1576	msedge.exe	81
PID 1576 wrote to memory of 4764	1576	msedge.exe	81
PID 1576 wrote to memory of 4764	1576	msedge.exe	81
PID 1576 wrote to memory of 4764	1576	msedge.exe	81
PID 1576 wrote to memory of 4764	1576	msedge.exe	81
PID 1576 wrote to memory of 4764	1576	msedge.exe	81
PID 1576 wrote to memory of 4764	1576	msedge.exe	81
PID 1576 wrote to memory of 4764	1576	msedge.exe	81
PID 1576 wrote to memory of 4764	1576	msedge.exe	81
PID 1576 wrote to memory of 4764	1576	msedge.exe	81
PID 1576 wrote to memory of 4764	1576	msedge.exe	81
PID 1576 wrote to memory of 4764	1576	msedge.exe	81
PID 1576 wrote to memory of 4764	1576	msedge.exe	81
PID 1576 wrote to memory of 4764	1576	msedge.exe	81
PID 1576 wrote to memory of 4764	1576	msedge.exe	81
PID 1576 wrote to memory of 4764	1576	msedge.exe	81
PID 1576 wrote to memory of 4764	1576	msedge.exe	81
PID 1576 wrote to memory of 4764	1576	msedge.exe	81
PID 1576 wrote to memory of 4764	1576	msedge.exe	81
PID 1576 wrote to memory of 4764	1576	msedge.exe	81
PID 1576 wrote to memory of 4764	1576	msedge.exe	81
PID 1576 wrote to memory of 4764	1576	msedge.exe	81
PID 1576 wrote to memory of 4764	1576	msedge.exe	81
PID 1576 wrote to memory of 4520	1576	msedge.exe	82
PID 1576 wrote to memory of 4520	1576	msedge.exe	82
PID 1576 wrote to memory of 100	1576	msedge.exe	83
PID 1576 wrote to memory of 100	1576	msedge.exe	83
PID 1576 wrote to memory of 100	1576	msedge.exe	83
PID 1576 wrote to memory of 100	1576	msedge.exe	83
PID 1576 wrote to memory of 100	1576	msedge.exe	83
PID 1576 wrote to memory of 100	1576	msedge.exe	83
PID 1576 wrote to memory of 100	1576	msedge.exe	83
PID 1576 wrote to memory of 100	1576	msedge.exe	83
PID 1576 wrote to memory of 100	1576	msedge.exe	83
PID 1576 wrote to memory of 100	1576	msedge.exe	83
PID 1576 wrote to memory of 100	1576	msedge.exe	83
PID 1576 wrote to memory of 100	1576	msedge.exe	83
PID 1576 wrote to memory of 100	1576	msedge.exe	83
PID 1576 wrote to memory of 100	1576	msedge.exe	83
PID 1576 wrote to memory of 100	1576	msedge.exe	83
PID 1576 wrote to memory of 100	1576	msedge.exe	83
PID 1576 wrote to memory of 100	1576	msedge.exe	83
PID 1576 wrote to memory of 100	1576	msedge.exe	83
PID 1576 wrote to memory of 100	1576	msedge.exe	83
PID 1576 wrote to memory of 100	1576	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_10e348c6059abdb25d0b650ce3591a7e.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffc257646f8,0x7ffc25764708,0x7ffc25764718
  2⤵
  PID:4204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,12513625782576194245,5298090588718653656,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,12513625782576194245,5298090588718653656,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,12513625782576194245,5298090588718653656,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
  2⤵
  PID:100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12513625782576194245,5298090588718653656,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:2252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12513625782576194245,5298090588718653656,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,12513625782576194245,5298090588718653656,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5616 /prefetch:8
  2⤵
  PID:1168
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:4732
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff7c6e85460,0x7ff7c6e85470,0x7ff7c6e85480
    3⤵
    PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,12513625782576194245,5298090588718653656,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5616 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12513625782576194245,5298090588718653656,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
  2⤵
  PID:424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12513625782576194245,5298090588718653656,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:2872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12513625782576194245,5298090588718653656,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,12513625782576194245,5298090588718653656,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1
  2⤵
  PID:4944

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3620

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4000

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ffc2541cc40,0x7ffc2541cc4c,0x7ffc2541cc58
  2⤵
  PID:5016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1916,i,18324414855431931314,17394838548522552486,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=1904 /prefetch:2
  2⤵
  PID:4564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2148,i,18324414855431931314,17394838548522552486,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  PID:4416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2256,i,18324414855431931314,17394838548522552486,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=2472 /prefetch:8
  2⤵
  PID:1900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3160,i,18324414855431931314,17394838548522552486,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:1564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3188,i,18324414855431931314,17394838548522552486,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4532,i,18324414855431931314,17394838548522552486,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4564 /prefetch:8
  2⤵
  PID:3832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4696,i,18324414855431931314,17394838548522552486,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3740 /prefetch:1
  2⤵
  PID:1116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4672,i,18324414855431931314,17394838548522552486,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4564 /prefetch:8
  2⤵
  PID:1776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4944,i,18324414855431931314,17394838548522552486,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5104 /prefetch:8
  2⤵
  PID:888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4908,i,18324414855431931314,17394838548522552486,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4564 /prefetch:8
  2⤵
  PID:4628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5052,i,18324414855431931314,17394838548522552486,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5100 /prefetch:8
  2⤵
  PID:1708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5240,i,18324414855431931314,17394838548522552486,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4952 /prefetch:8
  2⤵
  PID:3832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5488,i,18324414855431931314,17394838548522552486,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5536 /prefetch:2
  2⤵
  PID:5592

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:452

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3432

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\RedoResolve.mhtml
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffc257646f8,0x7ffc25764708,0x7ffc25764718
  2⤵
  PID:5708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,8084091581589742486,1855338967039776442,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
  2⤵
  PID:6024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,8084091581589742486,1855338967039776442,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,8084091581589742486,1855338967039776442,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
  2⤵
  PID:6076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8084091581589742486,1855338967039776442,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:1
  2⤵
  PID:4240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8084091581589742486,1855338967039776442,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:1
  2⤵
  PID:5208
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,8084091581589742486,1855338967039776442,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 /prefetch:8
  2⤵
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,8084091581589742486,1855338967039776442,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8084091581589742486,1855338967039776442,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:2156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8084091581589742486,1855338967039776442,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:1036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8084091581589742486,1855338967039776442,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4496 /prefetch:1
  2⤵
  PID:5596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8084091581589742486,1855338967039776442,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3800 /prefetch:1
  2⤵
  PID:5532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8084091581589742486,1855338967039776442,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2056 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8084091581589742486,1855338967039776442,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:3856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8084091581589742486,1855338967039776442,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
  2⤵
  PID:5628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8084091581589742486,1855338967039776442,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3876 /prefetch:1
  2⤵
  PID:4176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8084091581589742486,1855338967039776442,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1
  2⤵
  PID:2628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,8084091581589742486,1855338967039776442,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:1
  2⤵
  PID:5340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2152,8084091581589742486,1855338967039776442,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5560 /prefetch:8
  2⤵
  PID:2876

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1476

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2568

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3d8 0x490
1⤵
PID:100

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
7a2796b6198b401f6ee861613572ad7f

SHA1
9b4c4da56abb2443c1d5735b0e8bc1da9bc55263

SHA256
6bd3641984aa919b546b19223d3f3f7407bc1897ca8c28de1741bac89546ed95

SHA512
4f5a37609fd72f5a50b6b831e71b4819e29ce6b48cc6d978ffe9e90228eb1c378c5d7161fa8bf19bfe70c2483264bae0f84eb7bf5af125a2706094ce28178355

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
d4f3e7d32287d98364ee6e95a6b93f19

SHA1
eec778a40de1d3955e848fd3360557dc54881e8b

SHA256
d42331b7c7b35b50367d21e2a978f42c62d4fa2685ea8510b21b732e3ed54e03

SHA512
879533e49a834e2a7e982a3eed234934d4b049f976c640e7884a927d300263860afa59ffbd95fff138bdcfb714d7fbdfd125dc4db2abb4855a7a2cbaf96bdc2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
187B

MD5
f5ea5eb111f66dfaa8fb8bbbeeb3a527

SHA1
50581445c2506aa6deb32f16e725f81bb06eb8ed

SHA256
4b0eef3b21d605967b3cce5385b3fb855385329762010b94592d10ccc014fd10

SHA512
123400ab1c1f499a62b14b1cad3061be78a4a8d0b16123366f0a2dd524d6db0865874cf46d851d849424a3fdb243077a9c77d91232b40e42c3655b2a4aab47bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0dbc70add1ed7a509e594e6fa3249c32

SHA1
814fb1216482c7d120a958d81218cbfcc9e1beb3

SHA256
0704b32437b9ad9a98a1e1b3cac5083f6663887a894246772f296f32d039376c

SHA512
7cac3dd40f97564c7872eb4d17d8eea691fdf01abc625dbbf7cb6c023c9a6ce401c7819a3eb1a186a1cc981b519f5dd0a083566e02a9db253fe5501a125d95f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
756449a1d68225ffdd196850b82971e7

SHA1
124b1b0bd923161aa7eae289d79f4e8b5b8da272

SHA256
46d165bb0c9e89b21da930d8c8b6818d33c5c6c7f598fe735548ab223f73271b

SHA512
95db97d48e60522ef25f9b97b1218d5d65b2e979baaccdc7150cfa133dc4117e5a04ea53b18bffe58e5b9de90b7ac3578d5c0dcf40df3947e20084d2fb87b584

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
c05817a2919021297863049bb58f9216

SHA1
0a2ae8e4acbec73c9b3f305ce70bf8e0633f9d53

SHA256
07635c6b0963d1bf24a172cacb68ea0fdf70bae3ff83d1f3e3aa0a027793af41

SHA512
26aa10423724787b80277f2b692be0c2086952166079cfc0c5d4148f2395ad404ce2ab3d1fe5e4ae774ae86eef9d9afc04536dda63d5d13392a8b77d9c478502

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
13KB

MD5
58c2e35ad1753c9c8027b81e336b4cd5

SHA1
332706f685a61c182236c930ed598b9bbd6d3019

SHA256
763acd8290704db6857c28166ef1cdcf79a5b21539c8c740898871db33c1e129

SHA512
83fe7309eb47bf20d842d97139766634fd6afbca4835fc48c282a28982ed90b15ea7adc4d3f53f77528ef24fb77be82a79d08f4f207118ed60d2cc7b3cc31141

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
ee202d7c0ce6395deb147821953679df

SHA1
f7d1c17cd916adb14a08cb533312a8ea0e6aa748

SHA256
2e499d6f896043bc9d76136059539c1bbbb7f31da02eae2539d797630def8877

SHA512
dafab1ca4ddbd1fd45408cdacde11617d3973b73bb4dd2867945eb64fa8cbc6d6d4054f431a827ad45f54a02d6b3eea956a03f531d6640d76e1c759f6fd9b494

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
b5c14965eb2580d0eefba0c054078c4d

SHA1
276fb5a65c5ef5e4295feffadf7328895e6bbfd6

SHA256
54e04cf9c74241396561c84edb5ec5784cf164cbea1bf0cabc36cd884094efab

SHA512
bf50bbaeb6365068444dd39208cd1032014801ffdb00d3893a757a8ae9e24e82537c05ea3185bb068ba4c10e69efc76a209c4b517181bb6e480f64b9ed69abfd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
06bfd2004cb817cd96eb138a2c53537b

SHA1
609faa9a21860ad14f47b11bd2d7e044fe259c1a

SHA256
60ee851ff711b16bf6cc301a5c46ca5ac3d0d659d378b4177c67971a3571adb3

SHA512
4c87bb592700d0bfd0240390d4194f344c1ca0c8335d654ea1c5eb1631edabe5532b707ce8c0937dc1621adc5d37e519610a1b2cf2426eac999540fc71f85678

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7b19b7ecb6ee133c2ff01f7888eae612

SHA1
a592cab7e180cc5c9ac7f4098a3c8c35b89f8253

SHA256
972bc0df18e9a9438dbc5763e29916a24b7e4f15415641230c900b6281515e78

SHA512
16301409fee3a129612cfe7bdb96b010d3da39124aa88b2d111f18d5ae5d4fc8c3c663809148dd07c7f3cd37bb78bd71e25be1584bd2d0bacf529fa7f3461fd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
23fa82e121d8f73e1416906076e9a963

SHA1
b4666301311a7ccaabbad363cd1dec06f8541da4

SHA256
5fd39927e65645635ebd716dd0aef59e64aacd4b9a6c896328b5b23b6c75159e

SHA512
64920d7d818031469edff5619c00a06e5a2320bc08b3a8a6cd288c75d2a470f8c188c694046d149fa622cbb40b1f8bf572ac3d6dfc59b62a4638341ccb467dcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ef2eecfd8b9d5d9fa22a8b7a58b4300c

SHA1
0f9ccbbe964685ab241d9f87901095e5053e3c5d

SHA256
acd94d5afbd7b6ec927ff94ebb2efc03b924eb93956421472350ce519723b8a5

SHA512
f5a47c06e3da089f496878747540dcdeaca08a2e4867088226324b45c4ad18dd38fc6d16923d9501726a5919f4305a020085c128af6c033f61a259a48a0b7664

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3ae9199f44b8d5e0b859e42b3363023d

SHA1
571ba888e3d985f49b844ca10a84e62b316a9dbb

SHA256
12690fdda13025c1be265bdb487219654d47e938d1d06deebaafe373c266645e

SHA512
42d6f572de230e0e18ea77ade41b2bdf9838b11658324ec2c9a09786e17f4b9c21ab5641d30b1b020bfa59f5c15792f705b848c23547c4e220db13d8c3050e2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
67KB

MD5
bcfda9afc202574572f0247968812014

SHA1
80f8af2d5d2f978a3969a56256aace20e893fb3f

SHA256
7c970cd163690addf4a69faf5aea65e7f083ca549f75a66d04a73cb793a00f91

SHA512
508ca6011abb2ec4345c3b80bd89979151fee0a0de851f69b7aa06e69c89f6d8c3b6144f2f4715112c896c5b8a3e3e9cd49b05c9b507602d7f0d6b10061b17bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
21KB

MD5
2481ac6525d99c8aa045e0cdf9b02ef0

SHA1
e86df3a0d0f37d6cf98c892831933fc456963b4a

SHA256
3d90de223cef2364a53fff7e299f385d48605c4eaec5b168cd067882ebeb6018

SHA512
76d76e6b53f7665c1feddf9feba806e75f793948f1e5500dbcd3a3023f03ebf726982ee70e4dcc7e4e1b01cad14aeec28349de08abc8d09a58ab0f644b25c860

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
1024KB

MD5
5bd34d3ba7663e115bd920d1bc9ff646

SHA1
e13909cbc2b951a7be5e7232d994e4c302384279

SHA256
3fbc06aa38c5e491ab07a39e73bf91c7b64351939664261d507ddad184d9e633

SHA512
589e3863132747c73fbeff777ebfbffea384c5867fb1603e7710ef1dcac65dfcd0f3bc686612b4582af70d4d259960ec8bf1d34665653120d9ca8dceadd105a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
792B

MD5
48ee351bfeefad7e64ff1f17d9588d07

SHA1
0dfb362dae4ed539864c18cb380fe9040b08d737

SHA256
211cefa8fff76836f9db127168f1a9d57de5814d53b9d9b40e1a607030ea364f

SHA512
cefb3cbd4affeb6e1a3209cad656f8ba3f5d5fc89471c3e48c6e9e3d4c944449087b59f5b5b85db87d28e93c3b9a7c73fef47ee651e083f39eb12da39e6b2042

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
f36cc5ceefcf5abe28c74b8a2ae75ad4

SHA1
7baa760afc12910686674b8024727db5c7dd2814

SHA256
336c1974f7d8ffdedda28903e49dea2a44acc97d82daedda43cd7aa2d95017f0

SHA512
c02b9c3d32f905d12ef737b6f5ef516cb97f4759f8097cd42faa85440cfe5eded53e4ed1e94327276e1518b7a7f0718c9968623517376b8745e098244e097cd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\index

Filesize
256KB

MD5
583b2c5796e04f0928606f02fa297530

SHA1
4dc9d80eb5968c07d80c00444d4532934662f6ec

SHA256
10bb354be42325c6ce7baec5121d42fb88f00ceab48c39d029a2e4a6bcb7afd4

SHA512
d5dcb8469768b256b1966a21c27777a11fe0e8bd3d074e168d31fb1f9a3b9ba19293ef1aca1cace4af14d9420152f4cd00162eaaa47791c523b34bd71a9801be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
703c7cfb9cd95148ebb4caca9ce22018

SHA1
85410f425b13d5c7e5679546d22dfdba498fbd66

SHA256
948afb0ad18a110375024a95cf8d65fc5aa97af37c24190ecdcd079f2be51144

SHA512
e9b0f90ab47188c03195b8c61aebd3025b667034098271870ee1ad5dff6b505dc7f700bb13d00ce2042a84ea1401353911368d4f1dfd7cb8d42f7e8c907f5780

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
1KB

MD5
33e935b45bf6ade41c334c1b7975b23c

SHA1
21001808a758ce0ab9aef1e63b21ade7993c1299

SHA256
5d8f9c4346a19a8ca8687e6536f031dec0b36ebc19509e4d42785abd7b9c4cc0

SHA512
9196ee0dc41a0eee56b087d9a4d2eae9f84f3f3a12e3f79cbef2375c6b1e64951f06e4b12cd957a5480812656f41706ae25a65919035be1b120bf1499a205ccb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
291B

MD5
e3546151372dbe5b05bab24311124113

SHA1
765c1bde06af4b7c1161fca312678d5a7c5fd587

SHA256
693f5d1f48dacc97ab4a7c2676f7aa46af46fa5e90cdbf7f4d08d80f585c6801

SHA512
54b8603090618757b6fc3530687894b8518d74a83592505813e1c748e0fb6ca1b3f1f5669c4d8293931c75752dc32e5cd43155fe7c782c6ed9cb1f75a911398b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe57c8de.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6e15e76cb9bc7f5369cb467a439fd71f

SHA1
2b022f43e5af79a4d81d456eeaf7590ad5646afe

SHA256
8f32b51e289c1d6af0462f6c746b596f55e2f2ca7d3234364b8cb6bf90400492

SHA512
915b87fb1d4c1e42ce6c4f1c763921469500ff79c9cb8bb363e4606e3ee36074a9a2ecad32576f5f376bebb9cea8a72eb83535e40a84d6613ff64dc1f5e39f56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
69ec7543aa866fc0d02cfb3460203b0a

SHA1
e99c71ba6a2c96909dbc03b63aa780d830dcac80

SHA256
e810edd9bffe1c740f1917c978a5caf387989064d8b8f9daa1c5a496dfe8a8d9

SHA512
ae5d989d323d3c54fded9eee6295cc48cd33c51cea8765a67300563f9196e3753d8b11ad5cf6cef1a4427f086953b58d5dc2ce552374b7a34d9aa4db3dbf3f5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
daedd5c4bdb52f435c07445264a605da

SHA1
62dcfca2e77bef61e0abba2104bcc603390ea48b

SHA256
f3289d65f5277f98fa47bca7a937d13b5a7551ac31df5efe0f33cacc05bcc204

SHA512
1ac46bf41354f9fb442184e07816347e8a9d864d79d542c79d2d88f78df312f476c244f78e190230f5d8c74c698393053968790bd17f86347354924ae24ef27e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a36379338dca106a3698b7d09b1b3b45

SHA1
4e333e5b931eb960372aec8b3ba35fbcf5f1fe3d

SHA256
5c0befd6e9dcf68c9d9025fccce2f2373e72d8fb39231e458690fae7a3cd11c7

SHA512
d37fb446abe1cfe61cfedc60d74f0e8e464c6f6d7dd07515b15c9c95e90f4b9c02bc5e3f1143cc4b501dce6a1a30e7393cea2dba6a03c0d4ab309aad7d83004e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8ed4c151ac30f2065f49ec09e604c563

SHA1
bb93c5851f74c113768764e656cc2d3872ea5e6a

SHA256
b5bba0298a2d188dbdbb90bd7cd68e37fb0cea515d86def96a326ac2809ad74a

SHA512
dfae2f7ff831d34f33cb2596dc2a2c23b76bdfa7ded00100bee2ead8fb585ec1313c2a08122d8d5cdf4a2f4f64729a2d0432c3796c86db33c167ca00ac907b9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e4c119be196ee226d0386320f4393741

SHA1
109714d90449fd325fb4349592934937f6361a56

SHA256
7f63e396568526b0548db9389593f901dad163b99c55468a330eec1933e445fb

SHA512
8fded8af59c0ec39ab4f9211040de823ea03c1b4bafd6e5bcd5a72536b823a243cfae42583496ddea43abb4253290e7753305720c6ff9e6fc5cc8153cc1f94ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
8cd513127214e252edf0454f329bc002

SHA1
6f47fac6be8e7331e54203a7865e86b32cddf16b

SHA256
3df220380a8bf881117c17102a5c70ae7deea18ec92e7c478df2ee904d882108

SHA512
0b6d2f2e12bb8b15175875b7118778e57475934dee0476bc3ec989c5408d1ff5cf1c2d5dce4bd980a3ef9bfee232f974fa90050171826f3f0847f9682ae7e4c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
371edf34cc4edfe5fc16d906571e1a49

SHA1
2b0f160569aff513f7ac25a16adf02758cca07fc

SHA256
ee07b7e150c132312f076f2fe4c58445fcf86aea9eda0468b6ee040b5f690d35

SHA512
9598bca019b2acf65bc0511062e8edf53e00b3801d7a9b49f9c6b7209bcf7ff782ec215716955d5f378f952d77435bccf210384909f28bffa83fa9ac8589cdb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
ffbe7d9b2e7283f7ae3ed1324237ad7e

SHA1
2ee52d1d1e549524aa1abd2ecedcb9d4fbafaa4a

SHA256
a55cd3929ea7ed84e238bcc0723f8c3ba34fc3ede6085b635641e8cfca31af07

SHA512
6fa41727c1392a6480854d30aa4a86efb3e2efc44f73f051f895b67341f06d7d4be7e08fbf4df78a695d1143fa6fd57413f7d9177b486387c2ae9bf3a69e553d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13381184038587239

Filesize
1KB

MD5
30a4c26a24e381b7014e3a71f899e0b5

SHA1
d438f6fae0e0727c032dbb7055a43e3793afaa7e

SHA256
5dc5649a2b31bd2b6876846166a5cfdcdab80fe0e9ebfebb72d237c1d8a86167

SHA512
473086f1cb2a7ad6fad0a1a5e74bdb67b775807e02bfbbcdf6654ae684f617b7193dd6445df2eefc3d82d352bc10d0e7a979e343aaeaa5b70f584f2606589e5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
59ee5d5559df28a526c67a389df7b610

SHA1
63fec0a2c4450daab96f7dd745bbc4d27cae525c

SHA256
ca7f93ede1f2bcb285db9f5200dc1e6e37d2a9675fc6b8882bb8f88cb03f60b3

SHA512
956a3a3a9f2f663b0e8bf7c9bdc7ad944e1b59691651f8b79c16b278acff9c0e1b3a8f6157e24f7078f9697586b83d1931d3b4d8a2c3d503e3f4157b2ca1cd36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
3f3288253396dc563b8c3d3b1d02d7a7

SHA1
09e3c5d98dd1a28ddfc293e818bec14e84f35a77

SHA256
50a6f4f60b3656c7f987312c9e7e7035506fa4bb9bf3bfa661b7a1ed6dfa3a28

SHA512
af475df4d5dd405f9c5129474e177c421549ab1061f3366ac433c92eaecd779451117c7327eb7861fb8a7cf0ce61c24be28a52cc852f4c817c55cea4056a800e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Top Sites

Filesize
20KB

MD5
f44dc73f9788d3313e3e25140002587c

SHA1
5aec4edc356bc673cba64ff31148b934a41d44c4

SHA256
2002c1e5693dd638d840bb9fb04d765482d06ba3106623ce90f6e8e42067a983

SHA512
e556e3c32c0bc142b08e5c479bf31b6101c9200896dd7fcd74fdd39b2daeac8f6dc9ba4f09f3c6715998015af7317211082d9c811e5f9e32493c9ecd888875d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
19ca581cd612ee2d1218d48c0a02cc41

SHA1
b9b3404135239617f68457392be47e0d063e8399

SHA256
ac9d8e90910847ac472dfd53eb1189bf92edcbba7c30b233fadd6d0698fd3d3f

SHA512
698f059a393a9c570c7f708423ef699204778e9226b1c661922f6a15de503050021a4d160af244d37031dab8db7d865a6419e98cdae846b90f0cf74b704c7901

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
116KB

MD5
f70aa3fa04f0536280f872ad17973c3d

SHA1
50a7b889329a92de1b272d0ecf5fce87395d3123

SHA256
8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8

SHA512
30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
cc2ec3b70a68f9d4126057fdef5586e8

SHA1
53e426edd2f749a3356679464a0d2e2241a11204

SHA256
475071afac8713b7c1a77f6ecbb603ffe1831dfae63b84d45c2662a5c5d62d40

SHA512
fa13f98e2720289ee963bbda8fed354d27d932b65c0079426b2e57ee4381cc6398dde0a31b16035d79cbbbadcc496115e241794454ac1fd4368ec0a5742813b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
279B

MD5
adfca723644456f906609cd24d6fe4a0

SHA1
8bd377fb54a38ff9b637d760664e64ecd429e70a

SHA256
07684c61420493329e1fb26ba46f2e6ff20e6fc6ce335ee2acbeb58cd3ffd756

SHA512
9cacbbbb35304dd6615a545c2abe8e9b612cbc1e7d7ea466e02326051310240d909c6e73183d5f86c0501f27a90dfd79f455b81c97fd85436a5045f16a7ceee0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
560B

MD5
67d12ffa2b4ef22a70e36e97c51fb977

SHA1
d5d8bbb6e9f0bb850115612dabb20065f08453a8

SHA256
dbe31552979171c16bd4b8d2721dbf4a2d179d88ec229df0f66344be093ec920

SHA512
224c6c7d01aec908abf571510a5194194d3dac132ce2fe99085005c1d01be0ad4ca0c48140a73ed785033109d00d5a00d07ab6189726eccac716b20e25485fd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
297B

MD5
f4866d99763555f08d35a402320510fc

SHA1
d8454d875c289c82ace7960a56ec7325b431b558

SHA256
f09b0f4c67d281d9113fcfb3db9af4b3cae6a8a016316f19e7e5056749db45f6

SHA512
f71340aa04a61474184a89f778986d1cee156fc9426021414f5db456afcf1266be166160b1f276996a40ea125d6bd64afb0f7a18c5d7ab527b8cc46d40edb3a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c816997afccfed904bb09401ce15ba68

SHA1
8c95b013fe0e7fdbf9fd5f2d965ee34bf1a07af7

SHA256
722ba1ac08957d5bca1ff99b5084170a5a832e7dd1485705e4736606969100a1

SHA512
8d7bd87d3a8ce32222fd4c59e8813c0748997ea547d7800c44d06658c3285db959cc0fdaef63280fb8168818c8fc4356cf7a37941279750ef141102ea3f281e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
78cb0d050d9c98c0319b2b48de10e7b2

SHA1
1b6ffecfa6d2b510a5b59aeaeb81855e9ee016e9

SHA256
50f7e506991c072135a1214569a3f1de6bcfb8376996d30f3591de8d8a2fbf01

SHA512
5ba80aca061acf5a3d78c0aa4786a586360b43cb85782e0c6660fba2b7f8136e6f832fc2b2e8f5fa9aa12196e25ed7474b01874eabbe710b07d7d928ba548b30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
5a912b0f4a375f1b8e8d5c099aa67c91

SHA1
79a175fe020094fb90cb32e35de8bf02046a3360

SHA256
da2b620c86c11e41847c696fc9a29ca32c33ba3108d59d8378c443432d35447a

SHA512
7a1d4f0290d3408d6a9c29a963288ba0b091051c095985e6e465fe671767d5f7f9ff46bd784bca5022f3bd0101829ab54a0a302adef976bf84e8fb4dd06c7a05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettings

Filesize
81B

MD5
f222079e71469c4d129b335b7c91355e

SHA1
0056c3003874efef229a5875742559c8c59887dc

SHA256
e713c1b13a849d759ebaa6256773f4f1d6dfc0c6a4247edaa726e0206ecacb00

SHA512
e5a49275e056b6628709cf6509a5f33f8d1d1e93125eaa6ec1c7f51be589fd3d8ea7a59b9639db586d76a994ad3dc452c7826e4ac0c8c689dd67ff90e33f0b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettings_2.0-2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1

Filesize
126KB

MD5
6698422bea0359f6d385a4d059c47301

SHA1
b1107d1f8cc1ef600531ed87cea1c41b7be474f6

SHA256
2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1

SHA512
d0cdb3fa21e03f950dbe732832e0939a4c57edc3b82adb7a556ebd3a81d219431a440357654dfea94d415ba00fd7dcbd76f49287d85978d12c224cbfa8c1ad8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUris

Filesize
40B

MD5
6a3a60a3f78299444aacaa89710a64b6

SHA1
2a052bf5cf54f980475085eef459d94c3ce5ef55

SHA256
61597278d681774efd8eb92f5836eb6362975a74cef807ce548e50a7ec38e11f

SHA512
c5d0419869a43d712b29a5a11dc590690b5876d1d95c1f1380c2f773ca0cb07b173474ee16fe66a6af633b04cc84e58924a62f00dcc171b2656d554864bf57a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUris_638343870221005468

Filesize
57B

MD5
3a05eaea94307f8c57bac69c3df64e59

SHA1
9b852b902b72b9d5f7b9158e306e1a2c5f6112c8

SHA256
a8ef112df7dad4b09aaa48c3e53272a2eec139e86590fd80e2b7cbd23d14c09e

SHA512
6080aef2339031fafdcfb00d3179285e09b707a846fd2ea03921467df5930b3f9c629d37400d625a8571b900bc46021047770bac238f6bac544b48fb3d522fb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTraffic

Filesize
29B

MD5
52e2839549e67ce774547c9f07740500

SHA1
b172e16d7756483df0ca0a8d4f7640dd5d557201

SHA256
f81b7b9ce24f5a2b94182e817037b5f1089dc764bc7e55a9b0a6227a7e121f32

SHA512
d80e7351e4d83463255c002d3fdce7e5274177c24c4c728d7b7932d0be3ebcfeb68e1e65697ed5e162e1b423bb8cdfa0864981c4b466d6ad8b5e724d84b4203b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTraffic_638004170464094982

Filesize
450KB

MD5
e9c502db957cdb977e7f5745b34c32e6

SHA1
dbd72b0d3f46fa35a9fe2527c25271aec08e3933

SHA256
5a6b49358772db0b5c682575f02e8630083568542b984d6d00727740506569d4

SHA512
b846e682427cf144a440619258f5aa5c94caee7612127a60e4bd3c712f8ff614da232d9a488e27fc2b0d53fd6acf05409958aea3b21ea2c1127821bd8e87a5ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\dfac2be8-f4b4-4fba-baba-9d05cafe90ec.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2948_905112249\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
abe8002291598ecc3f69d9725c72f4f9

SHA1
61d5a95878be618158cf9d76b97d25ddfa08d517

SHA256
67c4ca1d038897e27131da4fcddba423e6b4fe4db116313ba516e0d297c9fdf2

SHA512
0f78ae96f47d3fa7bec0e2af1ca2bc46c67f330dafe0aec82ec11251db1b5bad91e60f60095787fe7b077daf42676016069d218807aa5f8bb49d4c86caf30560

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
df2909e5baedcb1dfa071dc57293297c

SHA1
5987cc4abe7aa7ec2c4deff4b8201720cf78ec74

SHA256
68bb720db6740eb2564f85a23a4b70e8c29657aa1554c9edfc25039ac520c226

SHA512
78d8862511ff86d16d30a8b3e2a8906ba4794b36fcb68b0693f392838b8f033a3893f7293a0fd984e0a1b2682461839120284c48eb31a052c65d3682ff7d7dca

Download Submit