40f0a61db3e8d3a9214d8cdb4985e90321d7117508c16f569a57e72e42ce4b96

Resubmissions

28/01/2025, 10:14

250128-l96nbavraw 10

28/01/2025, 10:12

250128-l8jgdsvrgn 3

28/01/2025, 10:09

250128-l6zetsvrdn 4

Analysis

max time kernel
149s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
28/01/2025, 10:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

270KB
MD5

330f0941aa62e18b70c9b4360bf343d9
SHA1

eb22e6147fbb2b92b36a8db2d06f5366c9bb4c0d
SHA256

40f0a61db3e8d3a9214d8cdb4985e90321d7117508c16f569a57e72e42ce4b96
SHA512

6cb71a976fc59dd2857227a255184c9b84ff95071b52d10fe89969833915f8e87631cc72e7c7f3599b9c7ee6dd86a0f0c574911efb04256f9da310f3b8b07c9b
SSDEEP

3072:BLIAkp2SvaEvZ+pIhnrlf5RA+Jej3SN9A5VIcwoAwtN+25/jg+y:BLIAk8KaEvZ8IhJ5RNESNyIJ4g+y

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133825325941257540"	chrome.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
3968	msedge.exe
3968	msedge.exe
2168	msedge.exe
2168	msedge.exe
2276	identity_helper.exe
2276	identity_helper.exe
2076	msedge.exe
2076	msedge.exe
1216	chrome.exe
1216	chrome.exe
5104	msedge.exe
5104	msedge.exe
2720	msedge.exe
2720	msedge.exe
2988	msedge.exe
2988	msedge.exe
4160	identity_helper.exe
4160	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

pid	Process
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe
Token: SeShutdownPrivilege	1216	chrome.exe
Token: SeCreatePagefilePrivilege	1216	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe

Suspicious use of SendNotifyMessage 36 IoCs

pid	Process
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
2168	msedge.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
1216	chrome.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2168 wrote to memory of 3484	2168	msedge.exe	77
PID 2168 wrote to memory of 3484	2168	msedge.exe	77
PID 2168 wrote to memory of 2396	2168	msedge.exe	78
PID 2168 wrote to memory of 2396	2168	msedge.exe	78
PID 2168 wrote to memory of 2396	2168	msedge.exe	78
PID 2168 wrote to memory of 2396	2168	msedge.exe	78
PID 2168 wrote to memory of 2396	2168	msedge.exe	78
PID 2168 wrote to memory of 2396	2168	msedge.exe	78
PID 2168 wrote to memory of 2396	2168	msedge.exe	78
PID 2168 wrote to memory of 2396	2168	msedge.exe	78
PID 2168 wrote to memory of 2396	2168	msedge.exe	78
PID 2168 wrote to memory of 2396	2168	msedge.exe	78
PID 2168 wrote to memory of 2396	2168	msedge.exe	78
PID 2168 wrote to memory of 2396	2168	msedge.exe	78
PID 2168 wrote to memory of 2396	2168	msedge.exe	78
PID 2168 wrote to memory of 2396	2168	msedge.exe	78
PID 2168 wrote to memory of 2396	2168	msedge.exe	78
PID 2168 wrote to memory of 2396	2168	msedge.exe	78
PID 2168 wrote to memory of 2396	2168	msedge.exe	78
PID 2168 wrote to memory of 2396	2168	msedge.exe	78
PID 2168 wrote to memory of 2396	2168	msedge.exe	78
PID 2168 wrote to memory of 2396	2168	msedge.exe	78
PID 2168 wrote to memory of 2396	2168	msedge.exe	78
PID 2168 wrote to memory of 2396	2168	msedge.exe	78
PID 2168 wrote to memory of 2396	2168	msedge.exe	78
PID 2168 wrote to memory of 2396	2168	msedge.exe	78
PID 2168 wrote to memory of 2396	2168	msedge.exe	78
PID 2168 wrote to memory of 2396	2168	msedge.exe	78
PID 2168 wrote to memory of 2396	2168	msedge.exe	78
PID 2168 wrote to memory of 2396	2168	msedge.exe	78
PID 2168 wrote to memory of 2396	2168	msedge.exe	78
PID 2168 wrote to memory of 2396	2168	msedge.exe	78
PID 2168 wrote to memory of 2396	2168	msedge.exe	78
PID 2168 wrote to memory of 2396	2168	msedge.exe	78
PID 2168 wrote to memory of 2396	2168	msedge.exe	78
PID 2168 wrote to memory of 2396	2168	msedge.exe	78
PID 2168 wrote to memory of 2396	2168	msedge.exe	78
PID 2168 wrote to memory of 2396	2168	msedge.exe	78
PID 2168 wrote to memory of 2396	2168	msedge.exe	78
PID 2168 wrote to memory of 2396	2168	msedge.exe	78
PID 2168 wrote to memory of 2396	2168	msedge.exe	78
PID 2168 wrote to memory of 2396	2168	msedge.exe	78
PID 2168 wrote to memory of 3968	2168	msedge.exe	79
PID 2168 wrote to memory of 3968	2168	msedge.exe	79
PID 2168 wrote to memory of 2984	2168	msedge.exe	80
PID 2168 wrote to memory of 2984	2168	msedge.exe	80
PID 2168 wrote to memory of 2984	2168	msedge.exe	80
PID 2168 wrote to memory of 2984	2168	msedge.exe	80
PID 2168 wrote to memory of 2984	2168	msedge.exe	80
PID 2168 wrote to memory of 2984	2168	msedge.exe	80
PID 2168 wrote to memory of 2984	2168	msedge.exe	80
PID 2168 wrote to memory of 2984	2168	msedge.exe	80
PID 2168 wrote to memory of 2984	2168	msedge.exe	80
PID 2168 wrote to memory of 2984	2168	msedge.exe	80
PID 2168 wrote to memory of 2984	2168	msedge.exe	80
PID 2168 wrote to memory of 2984	2168	msedge.exe	80
PID 2168 wrote to memory of 2984	2168	msedge.exe	80
PID 2168 wrote to memory of 2984	2168	msedge.exe	80
PID 2168 wrote to memory of 2984	2168	msedge.exe	80
PID 2168 wrote to memory of 2984	2168	msedge.exe	80
PID 2168 wrote to memory of 2984	2168	msedge.exe	80
PID 2168 wrote to memory of 2984	2168	msedge.exe	80
PID 2168 wrote to memory of 2984	2168	msedge.exe	80
PID 2168 wrote to memory of 2984	2168	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffbef0e3cb8,0x7ffbef0e3cc8,0x7ffbef0e3cd8
  2⤵
  PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,5484628438688705256,3487467512923191238,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1864 /prefetch:2
  2⤵
  PID:2396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,5484628438688705256,3487467512923191238,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,5484628438688705256,3487467512923191238,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:8
  2⤵
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5484628438688705256,3487467512923191238,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:3836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5484628438688705256,3487467512923191238,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:2348
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,5484628438688705256,3487467512923191238,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4916 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1884,5484628438688705256,3487467512923191238,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4580 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5484628438688705256,3487467512923191238,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4052 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5484628438688705256,3487467512923191238,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5484628438688705256,3487467512923191238,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:3860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5484628438688705256,3487467512923191238,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:1988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,5484628438688705256,3487467512923191238,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:3000

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3044

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:844

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffbeec7cc40,0x7ffbeec7cc4c,0x7ffbeec7cc58
  2⤵
  PID:4432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1792,i,7611504969052107605,4187957220768645002,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1944 /prefetch:2
  2⤵
  PID:3532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1716,i,7611504969052107605,4187957220768645002,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2080 /prefetch:3
  2⤵
  PID:2024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2212,i,7611504969052107605,4187957220768645002,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2228 /prefetch:8
  2⤵
  PID:3880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,7611504969052107605,4187957220768645002,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:2004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3136,i,7611504969052107605,4187957220768645002,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:1124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4424,i,7611504969052107605,4187957220768645002,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4436 /prefetch:1
  2⤵
  PID:4524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4528,i,7611504969052107605,4187957220768645002,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4724 /prefetch:8
  2⤵
  PID:4144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4916,i,7611504969052107605,4187957220768645002,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4728 /prefetch:8
  2⤵
  PID:2968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4824,i,7611504969052107605,4187957220768645002,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4880 /prefetch:1
  2⤵
  PID:4104

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2440

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1472

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffbef0e3cb8,0x7ffbef0e3cc8,0x7ffbef0e3cd8
  2⤵
  PID:3028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1876,17600075706195670600,18377874412583007360,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  PID:2700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1876,17600075706195670600,18377874412583007360,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2020 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1876,17600075706195670600,18377874412583007360,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2548 /prefetch:8
  2⤵
  PID:3896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,17600075706195670600,18377874412583007360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,17600075706195670600,18377874412583007360,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,17600075706195670600,18377874412583007360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4040 /prefetch:1
  2⤵
  PID:2440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,17600075706195670600,18377874412583007360,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3900 /prefetch:1
  2⤵
  PID:784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,17600075706195670600,18377874412583007360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,17600075706195670600,18377874412583007360,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:1656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,17600075706195670600,18377874412583007360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1
  2⤵
  PID:1240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1876,17600075706195670600,18377874412583007360,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3768 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,17600075706195670600,18377874412583007360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1876,17600075706195670600,18377874412583007360,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5608 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,17600075706195670600,18377874412583007360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:4104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,17600075706195670600,18377874412583007360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4612 /prefetch:1
  2⤵
  PID:2536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,17600075706195670600,18377874412583007360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4036 /prefetch:1
  2⤵
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,17600075706195670600,18377874412583007360,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
  2⤵
  PID:616

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3284

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4948

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
757f962869b7aa60a3c8bdfdf27cdbb2

SHA1
7deb13706bf8e08a284d127f04178e5595527ccd

SHA256
86ffb70e4861c88989eff3858762d2d80699c39e41daf9c65ca4645f9f26b2ed

SHA512
73acca3147e7e4f6c7fb3a7f460c5f154b3c0d371d4859508a2b4e0885e60094bbe50bdf4f1c995bc38ab89edfd7644726ffaa15d2a4cc5d42f0cd0ec8ed50c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
214KB

MD5
ba958dfa97ba4abe328dce19c50cd19c

SHA1
122405a9536dd824adcc446c3f0f3a971c94f1b1

SHA256
3124365e9e20791892ee21f47763d3df116763da0270796ca42fd63ecc23c607

SHA512
aad22e93babe3255a7e78d9a9e24c1cda167d449e5383bb740125445e7c7ddd8df53a0e53705f4262a49a307dc54ceb40c66bab61bec206fbe59918110af70bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
1efc1c881be19dfc17853f42bbd6e362

SHA1
8d0a7d2349fa739478d8f68459449cf677025032

SHA256
cefcd849cb46b1d99f6879aed6d703b6f196ba578f31aae3819a00c3582dfc1a

SHA512
e64df6b08970dd814eca2d5c61fd1aaa890caf1f58334fa97f25817450970b8f19aee326d040d7fcf1a9a446e519257238a8c7b74fd26cba9856f14d27963648

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
11d2058c643ef0000d3087e93b00cbc1

SHA1
97b3941c2084ffa1f75160ca402dc4256edcbdfd

SHA256
26a52fc26ab7813b9362cbe8c38dda8593e9d60cb95facdb1a20ecd022ed6add

SHA512
0c5d33635666dd887e6df7dc1c743a22f36459f1decdfae1f6bb4ac745231611f8ee3b23c874b77ded375e2b994062ac4b1ad83806191a4a02cea6951fd20081

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
959205b4d9968ae649176916608cbc84

SHA1
302fdfb0943e01b952bb728c1d8342ca216b30d5

SHA256
c2149317483b2e39210cbc3dfc51da7254fc06842f254462682c30354eb5b926

SHA512
cd4b7e0ce40e6406c5367d1c06b2361ea826489cc4e293c91b87b8b4ec8615c1f27266b4946e269b209cd59eac7c5e66ffc615c1973b5bf46aa8ff1c1683253a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
c5a99b8471afe8be4a3a7dde1b99089a

SHA1
017da4c9e6daa4b7ee0283207883189135887455

SHA256
1f03b678bac896af050502ff3636db96b857ec610ce92401527ced8822d68f4f

SHA512
0e9508178325c01dc7d18352ff9aa32215ec0ddda49732a190d032d69985a3eb694ba7b6081c3d797cf7b685f9bf06f91aab0031734e694b9622202bd30a8880

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
b82ad3b1b1f97564141a0cf3ebe02c9a

SHA1
a3e8c9b375e1740ee2613c90ef5bdd94a32880d1

SHA256
36903506e3250a5305ef5ce5a7d15ccde3755871b9e6580646574d0fe58c4df6

SHA512
2d994208a82c55feda2527565a403a3c5a3a264394bcfe73a112fa6b4dfb92c60f58e85bfc4c5128ebc65b1b66c1fb27e6f50b4e7e6a43fe8e1aabb6e43f9b7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
cdb3425d23d18f00bc4b035d7f6deaac

SHA1
86287863a8cce1d1b30200913787f9c2cce332be

SHA256
23823f6dbab109ad5d251e91b35d9c83ab63d9ddc26962445040150abeaf8307

SHA512
67c2028d39ede12bd2776fd266334303264debe9b18ac8f129091df8cd1ab37cb2f8240879fafbf37fbf32e5caebc90e655d0db44d9291bd5692bd16486c2c23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d3ec8c4e06102f20a635f6b44be261f9

SHA1
b2976d4531101c956a6f75ab85d38fbafd5258ae

SHA256
3880aa3ac8fc19debe52a818d182bcfd5bbced9f2bbd029d67b83df12c8666df

SHA512
0f1159311dac2d3cfca8bef2fc0e9a3ffc2984beb35374ab85c890b972a76775652d7e21f5a1095d928a8810c790a85f4b90923e8e33128e9b729109b643c0f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ddeb988e118af1878a3f403ff9cd0d32

SHA1
b3e9093f92517ae49992b127e3c4253d8fd9ef26

SHA256
3433684cce8cdf0e632cf601b957f53a018123ac74e281100a834854d6b920f8

SHA512
b6319106cca111912f8f4ecfec7bb8a4dda9fa2802558ec1c3b4212b3f8ccccca12fd240eee2091f90b4f65a79b8726762f2f0dd91d522e2900beb113c77d65b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7bf363b52e301ba753cb811e915dfa8e

SHA1
f0847f3c0cb2c45996f01d15eb82515f8bf30356

SHA256
467c9804002c3abef4cd703752ec221c338cd154254231d8a58b01b972366bbd

SHA512
ad9878165ea1a59ebe49f1b88280dd0f7966a4c2381d87870fd4a496a002104f6adf554b57c4b5e7ced0e07fd9dfa5a03f8713fefc0f915cc332cc0061884f7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f7c10bb7b44031a0aacd81b291838c15

SHA1
18188f76eb2fb1779924077bab86e3e9df0563b4

SHA256
cdd391c6a18b38b87a59d19cb2d8640c55001f5b125877b21b7e9b5894ecba9f

SHA512
d1bc447dc6008d4e217583f5cb7f0a956eb610967df746eba93241bbf6a18d6c4bd7fb2c48d6891d7162bbbf414a2b97ba5b15b70648822c35cd08b88d42aa94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
970811f7de3db45842d0c7e9d20f4e80

SHA1
3fdaa902e8ba881c90655accfb1bf19958283265

SHA256
b12b3c90a52723ddfe1517f39a5c83dfd96e99c22846ae7bba48d14d76c38115

SHA512
946277cbcc39d51aa970243c115bcf42394fa00f7d83bbcb9ba009a72276f3301fb6c6faf0b4fb35968341aa41700fa5cea6e7f0fe076bbdbc78b69273798b5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ca13416a8e8936b11c2fef592c3856e0

SHA1
8e0de7749af64b9c62deae2d145b55d897d5c6f2

SHA256
b89c39508dfb383132a0e55284196abcef7c9f4e595657c627f7c43765fda3c0

SHA512
dfbfc041f1ea69158df9c68b0c1466ca894aa6ada977f9c432bfd7488878b21b8a4be5d4087236ceb9e15240f0010d6986c09ec881f9a74791bc5c4124aeb101

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
00364bd2d45ab5588c23c1a3df69c596

SHA1
7c4cd3dbe42301b99c82c9626e35ca3332461a7a

SHA256
b1084092df09506a8a76e53ac5cdbe8759263229e13bd6cdbfd50f59b2e892a2

SHA512
beae544b90b8f555e92b775a5524943fc3e9d80c41903406f8f261bae6d5b481dc9090d867868cd0188e18224a04cd60bfa9b7ccda584b895f4a03ca675ab794

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b7bf59a32a34f4b8bb7a0c1449185608

SHA1
752da22848c08e1c8454b7877ceb424914915791

SHA256
41ea5ff8dc17941f2adb81040fed3888b5621f03275bd26e1da5fee600a25ead

SHA512
c40b9b1e1bf35120fb646d19e847762bbc50939394a5cc655a2c6cc0ddcc56af64a189e28604d61d5c6893327a62e3a69527b824337461c2e4b00a8ec9d74a10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
f95ab6e44e966456af20526de9c59e64

SHA1
f80f19cd433b6ef99e03cdb6e07dcf661ba31995

SHA256
92498553e0ff9cdc39bc19511d8c5e5771993e717b87de8a3f6f6a4e156a0779

SHA512
826b5581329b012601424a023345230f8a7eaa29d3faee0e8f3ce81e1ffa85f58e6002e1a963059e0ee2448ddd1494f6ebd3569f15fdb555fb1d66c2b3c5d2de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
9757e6bbe8246ad82de3d880ea113e72

SHA1
a4edd6bcdab86b127803ea71c2e0717eecc28c43

SHA256
df41f137fa414d50a8edc4143c6b501db25bd3e92d11d390cecab96801b211e5

SHA512
345017396a67ad02e9a0211a4dafc9eac373bf9d8fe970f026e02d8363e0cd5ffa54a752e0d0e01364299e25c7dc085f5119b3bb93f36349fed32c3e1ebf6695

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
51f550ead12b998faa6b1517b0f9eab5

SHA1
69b44985e63fbc34397296581c46f0a0a5677599

SHA256
3a71ab918b4babae38c6f774fc523c42dfff44ac41af66aade206605db74b854

SHA512
2d0b6c978ef5c9d2bb5e0f1885b26fa556c1e8014f71f9efab9b81b8a992476b3f41a1e673b7f8d7d5b864c6ae1a7d41ce7d7f816089d364ef98369500455264

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\65b92809-205e-4cf2-83c1-1a4ec2649dcf.tmp

Filesize
10KB

MD5
fa93cd6744b6e786be17bf4603d6be60

SHA1
2e85a2e11397ef0a5557824076ad25d642eb14ed

SHA256
c95b346377e0585de4e7b65230f1d7832a44ce171c03e011ce55979f49639310

SHA512
0aa0cde979858dc5beb8dff4f770789c6e1846d8cde67f7353df8400859218b6a30134cfbeeef0e9aac77346c98c04ebf0598e17980d5e20c2740657ec88e003

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4c1a24fa898d2a98b540b20272c8e47b

SHA1
3218bff9ce95b52842fa1b8bd00be073177141ef

SHA256
bbcc378fcbf64580e7a48b4e7ca9be57fa0a1f2e747f488325685bdb18d73a95

SHA512
e61f196e7f1c9a5fe249abe9b11eea770fb2f4babc61f60b12c71f43e6fe9354cf14869daf46abc2c2655bce180252acd43c10562a2dcd31fa7d90d33253820e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f1d2c7fd2ca29bb77a5da2d1847fbb92

SHA1
840de2cf36c22ba10ac96f90890b6a12a56526c6

SHA256
58d0f80310f4a84f687c5ce0adaa982eb42fe4480510399fa2ae975d40bb8bc5

SHA512
ede1fafea2404f16948fe0b5ea5161ccee3ee6e40c55ff98c337eac981a6776b9c73dc030a5c59e4347aec91259f497539206e71949c33adcecbf2c846709e14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ec457a568ee0eea6e1bb5e495090c35a

SHA1
89bd1618d1a3e6d5d3ccb1f04d269dde3c2195d4

SHA256
a92c87582da4dfc40c313309a531ff17ad89646f2f6df7f71513b6b2cb75f65c

SHA512
1ba65eac89e4d465b6e8a096102f5626bcb9d768d4c82eb720262a2142932e630d5a0fb426ce8019ff6373aeb513664d86179ea92e7656371c7328d767c98de4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e1f1e416a733ebc7484e4dd4abb137c1

SHA1
bc39213a39950c8d434c086113f4bf84ba952038

SHA256
5353a4174ccb8fc55503d6523c01a9b02e6b232212d55639ed9bc5f591761228

SHA512
3ae4559885ddbfe07bac511635e46ec9abd0385a140f41eb70eb47283c280636903a45d9c50c37490d45c7613d975aff402a58acd9badbcd898e15b452b87b61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1859754e-fa0f-434b-b264-2f824ee27741.tmp

Filesize
5KB

MD5
98482fcf49ddd996f7211cf43fabd31f

SHA1
630ab64817e4c8ae9cba2d0a25f46adeda80ccb4

SHA256
833730b3a26a8e991783f06bfa725aa67c0147221cdf34faffbd08a4f78fe85c

SHA512
4c89635db8e658aec056f30a64749225b10144f2b817abc991d2642d9b139d7205c6f51e912314e3e34e34ca5057a8f5ea7ed6a24fff78b92fa6baa2397f14f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\71c0baea-9e9c-4b8a-a7cc-b2cc57330623.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
59db96f049e7b97ab35cd80c6d2b35b8

SHA1
206f3e4541a2b8243d35beaab5830cf3a74a0f72

SHA256
0ef0091fe367c468db574b01cc2d47339f51e0cbf8548b8bb057fec51a8a1980

SHA512
2c489fcadf453775cd9c2643a3623166d479350f10cabcac0ad0edd337d586dab791168d82bed5252c2fb4d97d1245277bf25105c63fe512391305ba8a6a37a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
25846358166444c0ef367a8a4628416d

SHA1
d070016427b33b6b5b79396b66f1e8d3b620bc7f

SHA256
ce992ea3d84fa22753f985842d11fe3407d112dd72e9d38152cf2b1b41e9e400

SHA512
a50fbc5c55b176b77479cd8a5aacc8115609b9f75dfed5f195f71dc5b5127e8c862d9b864668664faec63c70143ef8715832550c6ab6a578f7811023c0406fd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
77534c78e478cc15b9b59a9b42bdb4d7

SHA1
c25d1f06d20389cd13290d80ba5879769c45b41d

SHA256
c2acda0224e827f96589e281a317e5a3d16c2bbe6e92cb0431311c59f78b66a1

SHA512
bcf3eebf8ed7964b95848b02cb119b4d3cb178de4a9a4c26ce55596434f85d531eceb7ef7c81aa1547ba288ff461ecbc30698d0f014b034190e420e461cc7095

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
a508b7c43170c71e9d403a810a376c8c

SHA1
c448842463f3c7d704e00b0c2696633f4dbc224d

SHA256
a5eeafbf7d5aeea84eede32d10f07ebef4a7484eb74836f47eb638826b308aa7

SHA512
3a755340eb9780827241c40ce18b78b7a555d949037a1cb25aeebfbd0c6f5fcd8a858e895fbde2738bbe903b0684df9fc7587dbab33a80a83e03fab646517d94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
436737a2237b432f4f408759b82da096

SHA1
bc2d9fcb4669523a8d4a8c5b3bbd6813b23f048d

SHA256
e40de9c5d8e55d5a2805b74c098c93a295de146dfe173063869b2f30bbb68798

SHA512
dfd445185514eee34d517e52c6c2897c03577b1ba28d046430e7202f0c4bf4d89fac9111ca15e7b347981bf928f36c7730bb88f3db8db4b2d9e2b37300e1889e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
116KB

MD5
400ab9908f9d1c9e1d29105374cc8d30

SHA1
3cc62c42e27e544414cc18a822c967001f2b3c99

SHA256
e9994d9aecd707507a8b0be955f4415c7c7510f7099d4b13248c4789f9aa7d59

SHA512
75d04211e511762178d147af884de6093d980469fe41579ca3de2d8f552beedcb36f2978a2904193f2465b18d3ae23e7d3d7cfe47963e50095932d5981614100

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
586B

MD5
c9d1f3532a1cb0b78e63dbcf4b97fdcb

SHA1
79ef5b93ce42c936d650fbbc755a5113ddfbf293

SHA256
a1d1f0e4595da2445b6dd1d6cb9c1697f466c6449422bb0553725ed01654e607

SHA512
de5dd4e785787cc8b8533f33bd316d3d3c61b04aaca2bc5cbb1ec3091418be6e4a981f9219211886ae2a664c0705f46491342a359003c61797f99df1f6be2f8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
7d7df54bd3263cf9082c303895ff01a7

SHA1
5b6ed960771aeeaae9e45c31ec25a2b7df818d98

SHA256
dbfbbacb23bb03f05d7618f8c5a0228cc7f8ba9f59eb55534b0fd1d7abf4e77c

SHA512
4d1da814093a6bb48729570bdab5b0ed19392c8e4ea2fb63a73c8d5d8f78fd701038289dd51155c460f2e9f3e91109f844c6f878edad3720e5f84864502e8e48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ee276bbcc4fca1bca2b7f6b529495fa4

SHA1
44f2518b28683cf52267a83b444fe866fef0e591

SHA256
08fe0d5d37c904caff934dd24624725c77f8b503e919f86a4a602316b5c9acbd

SHA512
772746a2df8fafee1159aec0b3c5fa62b7b501355bd0b3b1546b89cd8b72c22e17d11550c10a7bfbfb50a6eb93c24eee23403ece2b25c62f48da9ed072f76b48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
57e8a626b61cd426b6bbc713e60541a3

SHA1
0020dca2b21fefc1fa494de95737643e27074221

SHA256
cee9e94eb8455c19351ee5bc38777fb97f2d5cd70940c726d264d5e49fbf2fd6

SHA512
df553bddfad44a787925c4d67e5c871bdc1f4b6eae053d6be1b37be6570867e92438b2523be7b65e699326e2734f01cdf1754a81fd95c377cb20761c9927ebe7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
15cbbd80cfcdfc04e6681129f48b9dfa

SHA1
f198e137064427845281becb10bd15d4869fe952

SHA256
a4ece5bcbbe55511f54b8f4042c7c71c4b6a1e89713b226f175bd8232819bb59

SHA512
d3b73ed0b9953c3613255f4e0551766144cd8c2f8b6863e0e3d8314765ee55754843606d7677e41930df8ccdf9f506ebc00bb3bcf0ce5a6340ff321f14940928

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cf67e2347d5c9b417a81834d705efb5f

SHA1
bc4e18db2ce198134ffa87336e5cc0fd301d724b

SHA256
cb337e06f5587c9de7714eda863ba442f76eb07329cbe698a42be5ecfd29c553

SHA512
e067ab121a42f66f0295f04a5a49dacf76b9c3152fafb309650c4c626cf281a53d3d439d2f12ca654ff829f79a2c6bb5207fc2362cdef18e753c04371e64247f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dc5a8ba3cadf0c31bfc0d1e7db1d918e

SHA1
5c2762502e1d0b98a8addb6a84a2107e527ca7b3

SHA256
3fb8c04af25a2d8e6e3bad2feef96e3eaee5e8bf151852a1912e2b7a96e3efc8

SHA512
d50ac95a1051897160652c5df820e3e002b6e21496975f4bd1bc92b2d345dd99f7d81e683b28c8ebd236bc57ba0f4dfedcd5b4872bd81c57fca704fa9598383d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL

Filesize
36KB

MD5
8d7899c95e4b8fe21620dfa55cf90fb7

SHA1
e7acf25e79fe194450406ef925dac3686d4ece25

SHA256
1cfefe0ac2844dbb744347f822b23d0a06715b443ca623313edb6363de6321bb

SHA512
033c0c9f51ff04e628a3ab499c5ccbc7fd8d08f1329321e0c3800fc1d1db134ca3a56b857f59ddd3f09f92f166d778baf87e476c709613d9027aa1b014978838

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
156B

MD5
fa1af62bdaf3c63591454d2631d5dd6d

SHA1
14fc1fc51a9b7ccab8f04c45d84442ed02eb9466

SHA256
00dd3c8077c2cca17ea9b94804490326ae6f43e6070d06b1516dfd5c4736d94d

SHA512
2c3184f563b9a9bff088114f0547f204ee1e0b864115366c86506215f42d7dbf161bc2534ccaee783e62cc01105edffc5f5dabf229da5ebd839c96af1d45de77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
202398899a9cf64e5e898d9a34adb1ac

SHA1
c401ad2b3fd6d0110d9225b94dfe139b7372fb79

SHA256
c4a6ba65eeade0b10ceb025d1e3dd97341d9e26bf3fdb429ed7238ed8badfd4d

SHA512
3b6e0c1db16addb4edb569c170e982d34e0f958873c13d4ec7b5ef66723e23817c05c0b30e8cf381e47ed892c29ce39dae609e180a482d19d9ad7129ada770bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13382532574134813

Filesize
2KB

MD5
73743899c2ff18839bef8265b7fa4d52

SHA1
f12e381aedaf7d0184e26e46f53518e8d11c8966

SHA256
a6eb757de4e70aac77773daa3f12a9a2b3cbb72de9749bb5b0619396a7dc7768

SHA512
3bf584a1396ca8d443d97ac5f226f6f5f830871c6ab71bfd3d5945ad145e23e060656965f43848e773efed0af7e204f378c97e927d6b0d3d5840a62c0ffabf57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13382532574320813

Filesize
1KB

MD5
3c2bd7196909f3e666474ac77389b52e

SHA1
c80d789273a1a42cfb9e976ebc34df94a2e2d138

SHA256
9a0c1df4da70fc94b93e99168991746cc481c5b82b3615fc89cfff98e9a0a4f1

SHA512
28cde2e13bdd912d03f9ad43abac35cd7cf73f3bb59ef89b56747b0665b386c8f53b874da4767e9f4ceae46d99c85ae814d473fc83997bbd15c0ac934ac50977

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
6de39c8518efe8727827068f8d2c74a2

SHA1
54604472937aebf9a9db9a5ed345f57cae201346

SHA256
23a2c18debcb4b8dc7ee8774f6b89eb1d554a0d5a25b3f08bfe85b735fc8ab75

SHA512
af52e2fddab7923f9c5eeab3a93a3b248d45507a910c008c3a75769c55e31731a9fbe4f2fe091f3a91b534c107d0267e93257ecc1460ac720d8cfde78a0af8b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
390536b0fc3485a82171e8a2a2a425a7

SHA1
9a27da62fd3e4f00e89133ef86f7cd36e7a75e26

SHA256
1b37f02d621cd8e6856579233765c2fe435fad9986017f144035a572cb9a2f92

SHA512
e98852da6412c0e90274e82a536e30e0ac1a287c29eb4f94d25c7438216c503f4e802c861ab17123921d6ea88cda6082f500bf33c26bffe2e8ee309310c77fb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
202B

MD5
4ce2eb219fcde7be8704b4da95edb4a8

SHA1
ea31ca08a6d68c4af80fea9748bf561e4c71e41f

SHA256
48db05f191382eb5ed00f07149ab880a27e65912b65f5047cded74fabf74ade3

SHA512
490c4683e91d34ee7d98b0cf7d5c5222bb308fdcb8df93f5654d6babece383e7ca5a18fb368f0f164ef22b065d43595eb6d38c9d89d53b49171433dcd0deace1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
03cd15e32e461769b364e86ae1d5d31c

SHA1
ff1729ab6bb2e80aa8918420e793dc76909555cb

SHA256
6c4ed04ab92e215b56f52fa46cbc755e7177e68ee12f94900467a000b35fec5c

SHA512
490b39d9ca23ffafea458191701fb66c1b2e319d112dd588ce295d6715f420c5c095221d503e61f3465c03e511be3e8fee4783ab9c05f00438a66fdcb45253a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
b848e51f88d5de0b082c812ff1d16f38

SHA1
4e053b719d1afdf48f584548a35c5ba11897b242

SHA256
98f0bb555022dac3815f977cf274640901c76cb012d812bf79d445ed8e38f750

SHA512
bcfff6bd5edde5ccabc1fd4676f52362c704c4e9d7746680b3d15d2ab6facfe2a9c27c93a380905645ee230d1e779f21dd7b6acc11e857a439596fd59b8b99d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

Filesize
209KB

MD5
b700207fbfdbc39b82bcd71e5ad2013d

SHA1
a42969d79333c59bfacc89b5edf980e3e3b4c280

SHA256
ea23a230a61cc7d256c34fa9158fce8eeaf744a14fbaba0524103c8d06a42499

SHA512
abcd04fdb31d40892981ebdec5d4aabdd99205f8e527c198aad0c7cc8a6d897eb505738d3e4aa4c98fb42fc9ba7e87c23aa95ef5119e5dd5ef2efdeace54bf51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
38B

MD5
51a2cbb807f5085530dec18e45cb8569

SHA1
7ad88cd3de5844c7fc269c4500228a630016ab5b

SHA256
1c43a1bda1e458863c46dfae7fb43bfb3e27802169f37320399b1dd799a819ac

SHA512
b643a8fa75eda90c89ab98f79d4d022bb81f1f62f50ed4e5440f487f22d1163671ec3ae73c4742c11830214173ff2935c785018318f4a4cad413ae4eeef985df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
316B

MD5
8ee73c155cd684abb9ace7e23bd13bfe

SHA1
52605dd64d6b0545cc68f3903b78b96a7c6c2604

SHA256
8cea34ced2aa6e229b65e128ffd796644f2e4a3d0e361da120f110a7dc954347

SHA512
ae5967441bb71bcb602c8e839d44ede22ac9510e7544df055f1b21ed22421471409d69296e0b5c21f66ca4dd7cf93c82651037f273fe34b87ad41a83db08a221

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
334B

MD5
4f58a752f8c37ae94ae55abec7107311

SHA1
46a1f7698cb9e85b4412e3476ce829864e8be59f

SHA256
ea22c2d8e7ffec065186627db54829b4b3d6e09f89603e40869fd3ab78aea47f

SHA512
2d704dafb03be35b046540f8b8dea77f62c83b0ced69b9df9b3cf0cc47229fb78fe796f84a97ba683bebf36a68d78548a66350117efb237816f8ff5ef672562b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
af91f548dcf846a11b75ddaacf6c17aa

SHA1
8129ac2af2608368e7e96779a6813417d9e18a78

SHA256
d2a517d46c1cc4bc500b66b5c7cd68df35760227642d605321561b4a51bc40c5

SHA512
99d591fa025a2c99093c1255f09e3904fbcbeedb4ac3fa47ca7196571c1c65dc25d0a11fdce24b2ac55803a51e0440bcefcfc0a00c32f07cb4755ad5a7b1d8dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
266431df7a15fb1c57f4012411ba0889

SHA1
9bd44034ce32e3710adaccd584977314fdeb79f7

SHA256
afd0608ea1c4ffe4fce45c80ae7968d510cbe0b5aaa1933518dc5676ad3dbc41

SHA512
2c1538660d8a4e42d31046377c0780c89a6a93df19336e8530748258099e5e1439cddc57895ddec5dfd17d6f3e67985bda468788b4c1b7ec246202de380e3507

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
740eb3cc098b6e28db23f73c7543583f

SHA1
f7536a9edc528de50b9e7e2d3b381c5af23d8132

SHA256
730ba5df86350bb300ec96ce9771dc2f6dccfc4f9902f2622a5da14574069307

SHA512
99aacb2eea358dc49c4bfe792e5b84e3c81472f7abb6202d26bf66e3c1fbb6bb48a71273f2030876d748255690952db8cb46fb26523464657dec720fc1819af7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
20KB

MD5
7e86d5c1bf2ff36b15bfbd8fcf748b16

SHA1
59a1515ddff8caec85c4f27ffb17b69a42ec6226

SHA256
82f03e141e82546b261c1a24cd9ae3cfd4b19a7b4f343a296428deeda88cf856

SHA512
943fdf966d2ca4bfb35e01431e7bae1611e86d4bbf9c27524ba4502a9a93b8c0bb39e7760a8ee76993c4099da1ff49febe0b48468f134d4121f22a0ffb41bf2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002

Filesize
20KB

MD5
2a029687e73114ebcb4fad10c0114e8a

SHA1
f09cbbed46b9f8c731568bdcee13024e89bda397

SHA256
fe6e92a5b020858bbdd8089533c6f22703bc5927e22f689c384164096705b11b

SHA512
211dc45e2bb5739bcf863c44ca8132f92e895b3c95d074929aa4338698d53c6ccb3a8e2f23180260d9226073f4f5cd21a200010a7a224de7c8ac2e1cc853730d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4fbb93150cc65806984e999ecab6edbc

SHA1
a3fc962443a7b531979a957323df46548d91c584

SHA256
284e78441e4857e351fbd205ae720ee46e90b480ddd1bcdc31170f37eb9a9a1f

SHA512
a929fd6101a9d2ec03d9128d931321be83cb636df35757986ede233b65437e9465d94dfa37da1c5a96d752c6fb17c007952c423d4d6a627d26be7fda864b63a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit