hxxps://online-fix[.]me/

Resubmissions

11/04/2025, 06:58

250411-hrmkyasl18 10

11/04/2025, 06:53

250411-hn1ndsssat 10

11/04/2025, 06:50

250411-hmepjaslt2 6

Analysis

max time kernel
150s
max time network
149s
platform
windows11-21h2_x64
resource
win11-20250410-en
resource tags

arch:x64arch:x86image:win11-20250410-enlocale:en-usos:windows11-21h2-x64system
submitted
11/04/2025, 06:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://online-fix.me/

Score

6^/10

discovery persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\~~CB = "cb.exe"	[email protected]

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

flow	ioc
398	raw.githubusercontent.com
50	discord.com
51	discord.com
123	raw.githubusercontent.com
397	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5576_333005987\adblock_snippet.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5576_2110638168\hyph-da.hyb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5576_2110638168\hyph-hi.hyb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5576_2110638168\hyph-ml.hyb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5576_333005987\manifest.fingerprint	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5576_2110638168\hyph-ga.hyb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5576_2110638168\hyph-sq.hyb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5576_2110638168\hyph-ta.hyb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5576_333005987\Filtering Rules-AA	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5576_333005987\LICENSE	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5576_2110638168\hyph-la.hyb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5576_2110638168\manifest.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5576_333005987\manifest.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5576_1815362639\manifest.fingerprint	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5576_2110638168\hyph-et.hyb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5576_2110638168\hyph-hr.hyb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5576_2110638168\hyph-pa.hyb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5576_2110638168\hyph-sl.hyb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5576_2110638168\_metadata\verified_contents.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5576_2110638168\hyph-en-us.hyb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5576_2110638168\hyph-ka.hyb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5576_2110638168\hyph-mr.hyb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5576_2110638168\hyph-nl.hyb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5576_2110638168\hyph-sk.hyb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5576_333005987\Filtering Rules	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5576_333005987\Filtering Rules-CA	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5576_333005987\Part-RU	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5576_2110638168\hyph-as.hyb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5576_2110638168\hyph-bg.hyb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5576_2110638168\hyph-en-gb.hyb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5576_2110638168\hyph-eu.hyb	msedge.exe
File opened for modification	C:\Windows\SystemTemp	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5576_1142703946\manifest.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5576_2110638168\hyph-af.hyb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5576_2110638168\hyph-cy.hyb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5576_2110638168\hyph-de-1996.hyb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5576_2110638168\hyph-gl.hyb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5576_2110638168\hyph-kn.hyb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5576_2110638168\hyph-nb.hyb	msedge.exe
File opened for modification	C:\Windows\SystemTemp	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5576_2110638168\hyph-de-1901.hyb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5576_2110638168\hyph-it.hyb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5576_2110638168\hyph-or.hyb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5576_2110638168\hyph-sv.hyb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5576_2110638168\hyph-te.hyb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5576_1142703946\LICENSE	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5576_2110638168\hyph-pt.hyb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5576_333005987\Part-ES	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5576_333005987\Part-NL	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5576_1815362639\deny_full_domains.list	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5576_1815362639\manifest.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5576_2110638168\hyph-hu.hyb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5576_2110638168\hyph-lt.hyb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5576_2110638168\hyph-mn-cyrl.hyb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5576_2110638168\hyph-nn.hyb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5576_333005987\Part-ZH	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5576_1815362639\deny_domains.list	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5576_2110638168\hyph-cu.hyb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5576_2110638168\hyph-de-ch-1901.hyb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5576_2110638168\hyph-es.hyb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5576_2110638168\hyph-und-ethi.hyb	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5576_2110638168\manifest.fingerprint	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5576_333005987\Part-DE	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5576_2110638168\hyph-gu.hyb	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[email protected]

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4144164418-4152157973-2926181071-1000\{033623B9-7141-493E-9002-CBB039EB752C}	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4144164418-4152157973-2926181071-1000\{5D9FE324-9EB4-490D-9036-425CF2FE83B8}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4144164418-4152157973-2926181071-1000_Classes\Local Settings	chrome.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\ColorBug.zip:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3484	chrome.exe
3484	chrome.exe
5576	msedge.exe
5576	msedge.exe
3484	chrome.exe
3484	chrome.exe
5368	msedge.exe
5368	msedge.exe
5520	chrome.exe
5520	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs

pid	Process
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
5576	msedge.exe
5576	msedge.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe
Token: SeShutdownPrivilege	3484	chrome.exe
Token: SeCreatePagefilePrivilege	3484	chrome.exe

Suspicious use of FindShellTrayWindow 59 IoCs

pid	Process
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe
3484	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4136 wrote to memory of 5248	4136	msedge.exe	78
PID 4136 wrote to memory of 5248	4136	msedge.exe	78
PID 4136 wrote to memory of 4432	4136	msedge.exe	79
PID 4136 wrote to memory of 4432	4136	msedge.exe	79
PID 4136 wrote to memory of 2620	4136	msedge.exe	80
PID 4136 wrote to memory of 2620	4136	msedge.exe	80
PID 4136 wrote to memory of 4432	4136	msedge.exe	79
PID 4136 wrote to memory of 4432	4136	msedge.exe	79
PID 4136 wrote to memory of 4432	4136	msedge.exe	79
PID 4136 wrote to memory of 4432	4136	msedge.exe	79
PID 4136 wrote to memory of 4432	4136	msedge.exe	79
PID 4136 wrote to memory of 4432	4136	msedge.exe	79
PID 4136 wrote to memory of 4432	4136	msedge.exe	79
PID 4136 wrote to memory of 4432	4136	msedge.exe	79
PID 4136 wrote to memory of 4432	4136	msedge.exe	79
PID 4136 wrote to memory of 4432	4136	msedge.exe	79
PID 4136 wrote to memory of 4432	4136	msedge.exe	79
PID 4136 wrote to memory of 4432	4136	msedge.exe	79
PID 4136 wrote to memory of 4432	4136	msedge.exe	79
PID 4136 wrote to memory of 4432	4136	msedge.exe	79
PID 4136 wrote to memory of 4432	4136	msedge.exe	79
PID 4136 wrote to memory of 4432	4136	msedge.exe	79
PID 4136 wrote to memory of 4432	4136	msedge.exe	79
PID 4136 wrote to memory of 4432	4136	msedge.exe	79
PID 4136 wrote to memory of 4432	4136	msedge.exe	79
PID 4136 wrote to memory of 4432	4136	msedge.exe	79
PID 4136 wrote to memory of 4432	4136	msedge.exe	79
PID 4136 wrote to memory of 4432	4136	msedge.exe	79
PID 4136 wrote to memory of 4432	4136	msedge.exe	79
PID 4136 wrote to memory of 4432	4136	msedge.exe	79
PID 4136 wrote to memory of 4432	4136	msedge.exe	79
PID 4136 wrote to memory of 4432	4136	msedge.exe	79
PID 4136 wrote to memory of 4432	4136	msedge.exe	79
PID 4136 wrote to memory of 4432	4136	msedge.exe	79
PID 4136 wrote to memory of 4432	4136	msedge.exe	79
PID 4136 wrote to memory of 4432	4136	msedge.exe	79
PID 4136 wrote to memory of 4432	4136	msedge.exe	79
PID 4136 wrote to memory of 4432	4136	msedge.exe	79
PID 4136 wrote to memory of 4432	4136	msedge.exe	79
PID 4136 wrote to memory of 4432	4136	msedge.exe	79
PID 4136 wrote to memory of 4432	4136	msedge.exe	79
PID 4136 wrote to memory of 4432	4136	msedge.exe	79
PID 4136 wrote to memory of 4432	4136	msedge.exe	79
PID 4136 wrote to memory of 4432	4136	msedge.exe	79
PID 4136 wrote to memory of 4432	4136	msedge.exe	79
PID 4136 wrote to memory of 4432	4136	msedge.exe	79
PID 4136 wrote to memory of 4432	4136	msedge.exe	79
PID 4136 wrote to memory of 4432	4136	msedge.exe	79
PID 4136 wrote to memory of 4432	4136	msedge.exe	79
PID 4136 wrote to memory of 4432	4136	msedge.exe	79
PID 4136 wrote to memory of 4432	4136	msedge.exe	79
PID 4136 wrote to memory of 4432	4136	msedge.exe	79
PID 4136 wrote to memory of 4432	4136	msedge.exe	79
PID 4136 wrote to memory of 4432	4136	msedge.exe	79
PID 4136 wrote to memory of 4432	4136	msedge.exe	79
PID 4136 wrote to memory of 4072	4136	msedge.exe	81
PID 4136 wrote to memory of 4072	4136	msedge.exe	81
PID 4136 wrote to memory of 4072	4136	msedge.exe	81
PID 4136 wrote to memory of 4072	4136	msedge.exe	81
PID 4136 wrote to memory of 4072	4136	msedge.exe	81
PID 4136 wrote to memory of 4072	4136	msedge.exe	81
PID 4136 wrote to memory of 4072	4136	msedge.exe	81
PID 4136 wrote to memory of 4072	4136	msedge.exe	81
PID 4136 wrote to memory of 4072	4136	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://online-fix.me/
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x240,0x244,0x248,0x23c,0x2b4,0x7ff86bdef208,0x7ff86bdef214,0x7ff86bdef220
  2⤵
  PID:5248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2216,i,12244139969385072724,12566530763350370826,262144 --variations-seed-version --mojo-platform-channel-handle=2212 /prefetch:2
  2⤵
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1908,i,12244139969385072724,12566530763350370826,262144 --variations-seed-version --mojo-platform-channel-handle=2256 /prefetch:11
  2⤵
  PID:2620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=1964,i,12244139969385072724,12566530763350370826,262144 --variations-seed-version --mojo-platform-channel-handle=2460 /prefetch:13
  2⤵
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3440,i,12244139969385072724,12566530763350370826,262144 --variations-seed-version --mojo-platform-channel-handle=3504 /prefetch:1
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3448,i,12244139969385072724,12566530763350370826,262144 --variations-seed-version --mojo-platform-channel-handle=3512 /prefetch:1
  2⤵
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4756,i,12244139969385072724,12566530763350370826,262144 --variations-seed-version --mojo-platform-channel-handle=4760 /prefetch:1
  2⤵
  PID:2992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=5060,i,12244139969385072724,12566530763350370826,262144 --variations-seed-version --mojo-platform-channel-handle=3952 /prefetch:1
  2⤵
  PID:648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=5268,i,12244139969385072724,12566530763350370826,262144 --variations-seed-version --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:5956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --always-read-main-dll --field-trial-handle=5616,i,12244139969385072724,12566530763350370826,262144 --variations-seed-version --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:4088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
  2⤵
  - Drops file in Windows directory
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  PID:5576
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x244,0x248,0x24c,0x240,0x214,0x7ff86bdef208,0x7ff86bdef214,0x7ff86bdef220
    3⤵
    PID:1428
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1780,i,1775483442087533638,10300502533577209158,262144 --variations-seed-version --mojo-platform-channel-handle=3356 /prefetch:11
    3⤵
    PID:2780
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2152,i,1775483442087533638,10300502533577209158,262144 --variations-seed-version --mojo-platform-channel-handle=2148 /prefetch:2
    3⤵
    PID:2068
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2368,i,1775483442087533638,10300502533577209158,262144 --variations-seed-version --mojo-platform-channel-handle=3332 /prefetch:13
    3⤵
    PID:2388
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4356,i,1775483442087533638,10300502533577209158,262144 --variations-seed-version --mojo-platform-channel-handle=4380 /prefetch:14
    3⤵
    PID:4672
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4356,i,1775483442087533638,10300502533577209158,262144 --variations-seed-version --mojo-platform-channel-handle=4380 /prefetch:14
    3⤵
    PID:3304
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4492,i,1775483442087533638,10300502533577209158,262144 --variations-seed-version --mojo-platform-channel-handle=4484 /prefetch:14
    3⤵
    PID:2804
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=4776,i,1775483442087533638,10300502533577209158,262144 --variations-seed-version --mojo-platform-channel-handle=4792 /prefetch:1
    3⤵
    PID:1160
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4796,i,1775483442087533638,10300502533577209158,262144 --variations-seed-version --mojo-platform-channel-handle=5136 /prefetch:14
    3⤵
    PID:788
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4676,i,1775483442087533638,10300502533577209158,262144 --variations-seed-version --mojo-platform-channel-handle=5160 /prefetch:14
    3⤵
    PID:1052
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --always-read-main-dll --field-trial-handle=5492,i,1775483442087533638,10300502533577209158,262144 --variations-seed-version --mojo-platform-channel-handle=5432 /prefetch:1
    3⤵
    PID:4952
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=572,i,1775483442087533638,10300502533577209158,262144 --variations-seed-version --mojo-platform-channel-handle=6044 /prefetch:14
    3⤵
    PID:1900
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4428,i,1775483442087533638,10300502533577209158,262144 --variations-seed-version --mojo-platform-channel-handle=4380 /prefetch:14
    3⤵
    PID:3720
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4424,i,1775483442087533638,10300502533577209158,262144 --variations-seed-version --mojo-platform-channel-handle=6168 /prefetch:14
    3⤵
    PID:6120
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4112,i,1775483442087533638,10300502533577209158,262144 --variations-seed-version --mojo-platform-channel-handle=2080 /prefetch:14
    3⤵
    PID:4448
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=2092,i,1775483442087533638,10300502533577209158,262144 --variations-seed-version --mojo-platform-channel-handle=4188 /prefetch:14
    3⤵
    PID:696
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=756,i,1775483442087533638,10300502533577209158,262144 --variations-seed-version --mojo-platform-channel-handle=5932 /prefetch:14
    3⤵
    PID:3996
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5264,i,1775483442087533638,10300502533577209158,262144 --variations-seed-version --mojo-platform-channel-handle=4464 /prefetch:10
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5368
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=1784,i,1775483442087533638,10300502533577209158,262144 --variations-seed-version --mojo-platform-channel-handle=3752 /prefetch:14
    3⤵
    PID:1584

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4948

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:2612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:3652

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:2260

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff84882dcf8,0x7ff84882dd04,0x7ff84882dd10
  2⤵
  PID:5496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1976,i,13614961096044793796,17375929523414094027,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=1968 /prefetch:2
  2⤵
  PID:4020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=2244,i,13614961096044793796,17375929523414094027,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=2264 /prefetch:11
  2⤵
  PID:1836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2368,i,13614961096044793796,17375929523414094027,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=2400 /prefetch:13
  2⤵
  PID:4832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3188,i,13614961096044793796,17375929523414094027,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:4184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3216,i,13614961096044793796,17375929523414094027,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:3652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4160,i,13614961096044793796,17375929523414094027,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4200 /prefetch:9
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4636,i,13614961096044793796,17375929523414094027,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4604 /prefetch:1
  2⤵
  PID:5652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5260,i,13614961096044793796,17375929523414094027,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5276 /prefetch:14
  2⤵
  PID:4084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5420,i,13614961096044793796,17375929523414094027,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5432 /prefetch:14
  2⤵
  PID:5204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5536,i,13614961096044793796,17375929523414094027,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5356 /prefetch:1
  2⤵
  PID:3452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3608,i,13614961096044793796,17375929523414094027,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3580 /prefetch:14
  2⤵
  PID:5232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3592,i,13614961096044793796,17375929523414094027,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3568 /prefetch:14
  2⤵
  PID:4116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3432,i,13614961096044793796,17375929523414094027,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3632 /prefetch:14
  2⤵
  PID:3136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4212,i,13614961096044793796,17375929523414094027,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4328 /prefetch:1
  2⤵
  PID:964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3816,i,13614961096044793796,17375929523414094027,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:4092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5764,i,13614961096044793796,17375929523414094027,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:5484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5816,i,13614961096044793796,17375929523414094027,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:1452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=4296,i,13614961096044793796,17375929523414094027,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3472 /prefetch:1
  2⤵
  PID:2444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5948,i,13614961096044793796,17375929523414094027,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4220 /prefetch:1
  2⤵
  PID:2088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=4320,i,13614961096044793796,17375929523414094027,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5964 /prefetch:1
  2⤵
  PID:1616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4796,i,13614961096044793796,17375929523414094027,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=6128 /prefetch:14
  2⤵
  - Modifies registry class
  PID:6060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3668,i,13614961096044793796,17375929523414094027,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=6116 /prefetch:12
  2⤵
  PID:2652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=6164,i,13614961096044793796,17375929523414094027,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=6160 /prefetch:1
  2⤵
  PID:4116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5436,i,13614961096044793796,17375929523414094027,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5652 /prefetch:14
  2⤵
  PID:3808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5520,i,13614961096044793796,17375929523414094027,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=6364 /prefetch:14
  2⤵
  - NTFS ADS
  PID:2828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=5476,i,13614961096044793796,17375929523414094027,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5348 /prefetch:10
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5520

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:1740

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5844

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4732

C:\Users\Admin\AppData\Local\Temp\Temp1_ColorBug.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_ColorBug.zip\[email protected]"
1⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
PID:4520

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cb.exe
1⤵
PID:2344

C:\Users\Admin\AppData\Local\Temp\Temp1_ColorBug.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_ColorBug.zip\[email protected]"
1⤵
PID:4768

C:\Users\Admin\AppData\Local\Temp\Temp1_ColorBug.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_ColorBug.zip\[email protected]"
1⤵
PID:2224

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
414B

MD5
a88cb4e96edb09f5f2e01922a844f331

SHA1
6f524f531201ac58f9f544f60a2d256b4291c37b

SHA256
dc5b698dcbb8e209a28d342df4594072d4bf2e9d0d0388c0aabb977aa8b330d3

SHA512
fe3e789e0f2b1b77c853a2f4d6ba7e9a7b99e1ac9ab9382bc15446c3f065630459cc19c0de41388288bef5db2c1ebd1517360a163e854f40074644692f5434d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
216KB

MD5
50a7159ff34dea151d624f07e6cb1664

SHA1
e13fe30db96dcee328efda5cc78757b6e5b9339c

SHA256
e990d9d31c4c7d57dd4795e43baea05501fb6ea8b7760f89001be660425dd01b

SHA512
a7768dd7e315b07754a305080e0fc023765e5a224b2c3824e8e10f29286df63bbdefef379e069941fd8cd9c7c3befce976779ae2efdfb6e7da697b09d7f07250

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
98e4f273d9ad632bb4724d53dc1cd3e2

SHA1
3a85346b6c7850c2d6846ffaf104361465ab7f3e

SHA256
859931d19994d8f98cdef4b3ad818314a44ea3d0239087369b72b84000c20153

SHA512
1120891e0f7a5d94bde41c2c1d4fe722453e8b787f4ea6472dec83d027a4ee3e3a57455b66d1ccac927636436a2761175de121f0f0ba3c95c844355004553d22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
16KB

MD5
d4bd14aad4008ed72a826dff9a336f38

SHA1
70582c362b286ab998e5083208f08599841af841

SHA256
4b9af96c34c28c99eda3ad3a78530c86ada725aaa7d3f92b4eddbb73e922fa12

SHA512
4d6360f1c5166721c7adffc17bd9f128cd44f23af8d9f6a0fdfa60d8e9a558c3e5b9fb3a6b5189c4b3a6243f9c9ee4d59d7d8f630d68df0086fd07586ecb9164

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
ba5ed1f9ecfee9bff78354f40e02184b

SHA1
a754b7ff16ce24316dc6a28b02921c92b954566b

SHA256
c4ab86151350028b900721f9e5ef7426cf62a0cbb84b08a72cd4caf371803273

SHA512
68b2fd1a4df39f07f78a4d038f5ce7ad2d5c8d4106f746f4f3b3474d7d3bfb56289f1b6ee412bcd3c1feb3b741c0924c6e21b6266caff57ce740f3bd84e025a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d0adb11415826b7c1f9ff8ddfbaf3871

SHA1
3c5c6b74bb775c24ac0b99719fcaff8217ede9c4

SHA256
b53034d481e3f86e0a04739341b4103c7aeff2f0c9363981fda2e82d22c38418

SHA512
695497ad9cb9ccd221dfbf6eb43dab6620a9247d1f93370d85b5c2c1ed36fb4a7df78b9c09bf421adeec47f88401fec95c98db653f53abdddd9b831d27c7b52e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
8fcaea965c2b4da865b0762c43770e4b

SHA1
630d81cf1726647243218ef6400afbfe4198c6c5

SHA256
1e7e9e037db597482ad6dad9bdcff9427d7fb01a0dbd0715a7e6299b5cca8b7e

SHA512
1e1fd2043ce8ba0caf6ad4d1a185db2eb92e40a0f776ec1589ecb0aaeb7524b4f731d6e638dfc271db945e3b2f81b6f80ffc7f6ac537189840982ec8c6850079

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
dc1b843f82292168020a609551edc349

SHA1
43f2c18f278267298bbb8d048b2039ff9bd96a24

SHA256
bf65876d2467f6bd62a6965f866f6184bfc48cf6ab132a8bd16649d706196f19

SHA512
28e27a5b45c14e2c93058f74101c49ca6e5ba548999e34ae05d15573a44d3351676351716b4026c614cc20cb8d63d155679ebc58562efde69a5c176ebd4516bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
fe4f32d3578aa887d9d2b1d28c15d569

SHA1
ab0b02534180cbdc1bafeb7c5e0ae1ed920606cd

SHA256
4cf22d0a3280d051e6d0e41fb14711474c134c1038ecd871feafa30fee2650e4

SHA512
95829edbe536486bb5a8f57eb8ed760dad496d9d8a71071bd5d348740afc30a755977e77cdf76ff5ce18b28b8363ec72307305c458954394109a8e6d1cf1888d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
fb07ae20b0dbe1c4d374eba9cbfd555e

SHA1
e7fc2a8345544d806be8c2996263991235276126

SHA256
e984b67470a885ccea0a1db6b89fd5f0f6c20fd97719ba136c73b47c1c148a85

SHA512
b7514de5bf2864b8a061faa51f796d4e048e29bd2bfcd8b65b2db35be701273680c46e247f8704453ede68322df5b4b351b8a9543142522730e2650deb33b977

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0affc77a4b487f4902e84f2d2729be0b

SHA1
a0045480a59e300331175189144cfe321302b85b

SHA256
11cf3a5b0a7ceff3616bd87f48b3f0c2894c0e3b36debb0e6fd97d26689e46aa

SHA512
144405250ff4ae7029aefec05e444321500fe4e5bdc72eba16cd040140e4ae7e1778e43491d1a1b76a4552016cc938739989f7efab17832d6b1bb872698b8817

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e5969bf883526e4321c510735d058c83

SHA1
161380e15815a49f3b569a5e56b082ee40053455

SHA256
c8444f5367a06774835c3cd06d4259d0b7075754fe8a9df98ce81a4e59c4b0f4

SHA512
d3cae9e4593367b293bbf8eb5fd23f1eac5c795f189e745a66c2548742acc1947a746b6b8cf98370bbef103f57be8676cfcbbece1ad9afb2b3432f330935b869

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
e4b97915434a900181ba33028d940f95

SHA1
aafc341ffa2e09d6756660a956efb0a9490c01b3

SHA256
8a7223e96058d17078ca1571551c250507194c26db8dc2f860a5916e586a55ff

SHA512
c05fff39ec72f80b0a8698d3ec423631dcf537e3423494a15bf53a4e82badd58392a8ff60493c73f5d1bc02e3f99e5d2e72238c7e6c5cc3e05e9efb01e0b2d27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
d7dadd84ed3c27124999833093dc80a7

SHA1
056729baf602bbacdb3c0bd2d8777c2b8a9ba572

SHA256
123972fc14f6444a6103064a97bc89fd028513d0368e5c1f038401abcd1f888a

SHA512
f87140383e49b355fa243d19c8ed19d0bd4d07c8bea588356e70a0cc70cfda56925cc2e842c97b283076f038a0e5e65cc126a84d317b87ee4db29f342b3dbbe8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
a865e5cf1efcfd19877e25786981ab13

SHA1
effb369347b3f2023ce5d772105d02ada0db76c1

SHA256
6d6e8c6a8319c6424126307bedbc4ce29ccc7d73b3f2319aeefaee1e2906d814

SHA512
3ba947d90055370e3d198feb818065e9e93756065c1b2d539598a5f76e0c4d3e11a3ade6a02678522f4e1df7dcc0ccdd8972939ec2a5c189e6784290e5251ac5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57e995.TMP

Filesize
48B

MD5
1c0dec1d92c7bac110d74f68ccb9fa9d

SHA1
979846443a94cea125de47b7ab6d52011c5a2992

SHA256
f823cef9038a159b6e78e194f410a5f78a97e559f0d36412f018faa19b6402d5

SHA512
85bd5485a9b0f35f86f4c8dcbeadb1af8cde0607bcd2f752fefad8ff1565f334e40704562362adfbdd1dc50f4fbda3d82b82f55eaa6488ab2d0d9154f7d945fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
76B

MD5
a7a2f6dbe4e14a9267f786d0d5e06097

SHA1
5513aebb0bda58551acacbfc338d903316851a7b

SHA256
dd9045ea2f3beaf0282320db70fdf395854071bf212ad747e8765837ec390cbc

SHA512
aa5d81e7ee3a646afec55aee5435dc84fe06d84d3e7e1c45c934f258292c0c4dc2f2853a13d2f2b37a98fe2f1dcc7639eacf51b09e7dcccb2e29c2cbd3ba1835

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
140B

MD5
dc40d6a2459fa1c207215d0aa96875d6

SHA1
17e24e9ada031c3412584597c30a2e61605908b4

SHA256
1e94dfcaab2c66ade7309907093ddd76d26d3985dc4839f8d8ef6352720cee34

SHA512
281298eb947648b49ea388b7e7639610ef13cd7d8a2212a434c9901508145d72dd727ad703058bcee62851ca3551ceaa2aeb7b9fef9a018841782cce12638733

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt~RFe5841c7.TMP

Filesize
140B

MD5
0ed9be3be08f2894b69543125f7a8d99

SHA1
4619d1bca422877224856be79405d1fb35b5916e

SHA256
e55cecf056fafbc4743c6585eebce1d08086f67c958d3585792ff41f7e5f4f2f

SHA512
f5ded082a79df4506e285aab1f499e5e838a3f9482e717b0dfa930b0df55cca7032072b8da496ef78a0f5701620861204d80e87b21baadc75f81c71dafa6a179

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\3\CacheStorage\index.txt

Filesize
82B

MD5
2ff1ac7d3be5cbc8391108dcdfaa02a1

SHA1
78ff5a5538335c3e87ac72878922f5ecfef193e9

SHA256
b7dd564d443059d96530e58e2c6685472cea90e67c29e76fafa761d85455e6ba

SHA512
a20a08af8fbab8e109417df491bef7ac3cd1dd905383ccae7ec80d9b337eb595f1c24b23680b16289d635349af6ef01e269c4f39f65cc898705697878e6292b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\3\CacheStorage\index.txt~RFe58b050.TMP

Filesize
146B

MD5
89bc806421da1bddedf9976d86f498a1

SHA1
d05d7764917e4f2d55866af9ed7f9c8a5a5e76c8

SHA256
41dcc6e4b7d16fa92c4c299e472b0ab054b02c2d7dea89e414707ce5997c18a1

SHA512
4bd0d9cecfaf462f8b4ff9666ff2cf17a074b4a3404c32e3d3fbb12a3f8258fb97d28cbc63d23356243dbc0519fdf46db8567db89e596a7db2c75530215e430b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\3\IndexedDB\indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\ac064929-d817-4f8f-9408-154766751b85.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
78KB

MD5
6de0138a3fba92a49f4d2b12fb430abd

SHA1
c234e74a69186a064defbf7654f1957b982a2ed7

SHA256
3ca4c35d6ad77b59a2a5b43e5169b131fb463a71f29064e2f370f75765251023

SHA512
076fa4bd0172b905ef41df3db1debb2cc72e573d85b6568ba288271a1063ccb420a9262859e3dd470c4ee47a6627f3863e2e3c1b57704f80e5eafcf5032b59d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
152KB

MD5
745b85d5f152b191c0175c449fbd5eb1

SHA1
c02eced2dcda7480cde36352d7fc9c773b680443

SHA256
540f7a71dd4007ef35b219d21829dd8a071b9b80c8decffadb992f7c8a18b46a

SHA512
e0651283f12a02acb21bb8c555ec028f0d64b666e847b7db33f3e54f52e0c2b52e7c42c8986644d5c4e0ff67b22a949af95dab3e23fe11f9118484fe6d69ddc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
9e4597d6e9951c90f605fa4a330843b2

SHA1
c9a4c72aba3b9584e03d0db43aee91e51094c369

SHA256
272d838982199dc905b6eea7f57fc331c216efacab7d865cf427fa4972aff009

SHA512
adbf3948d11ce019ee5a0e8971b7b08567c7a3de742e03274ae0bd868f64f4d09e93e91e38681b34eb017af7d4708e5484b776b9b3828715d05f35621423fe05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
3fd2e3156343dfcaf7960d1db89ee6dc

SHA1
5b9803d53939c9764ea08fe5a0a2046f4ff93bbb

SHA256
b32202c2e40ac4ba31a37bb025dff1f645b33eb9ae1906eb4bc9caf1ae69085d

SHA512
6ca7e7932748cc45a22b9d7d585957812b6331b6bcc87a92f9e0f6ee0e48d758789003e6d8b949d35e36b82d45d5faa1170d591da4fcae5324f5347b0b7657b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_1

Filesize
520KB

MD5
97627b7a53323a6d5bb399b7b20f0f65

SHA1
9c3884c27e276cc729a33889a84c038850ddf82f

SHA256
6641efbdf03d4cc4204f24b31ce4ffb8a35ca9e61183510607a3a8131ff8eed2

SHA512
30a37d600f7c77f3459f290d832ff7069fe679a9e2e17ce062f8d7acf0fcd56d7bb7c963c7c20685c2e98d1fcd99b23a55f6625c5637985dea0f9475045e76d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_2

Filesize
2.0MB

MD5
0fb708ff84ed2f0cc8cf31fa7361b425

SHA1
5720826eead5431f52b84fb03548221cb86adf19

SHA256
8b5fa4ab9618b132a89875c042d710184b7cd97c2ca389c0a5b6feb488a4740f

SHA512
b102f583e4545fb4d743414f56553f4c97206ba26162ca109f06327f95acf3785fc00e63c76c2552fedfeaea5a72af2d8d25ed457acb1dce4c5197bb7e1cf3a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_3

Filesize
8.0MB

MD5
3ca75431fedbf981c84f5b5cefba37d0

SHA1
ea138d5cdced4f9b8d7f8368532f0242b76ce893

SHA256
a711f715932eab1e6e18721b66c6356beee28fc117f290d10c2856b3f41f527c

SHA512
ec3eabcadc275070212b01f6867f27e12ab49f649f3500aafa5af271816ec4284c70ecc7fc2c8462373a35ed755e9828a72db802672a7c95da377d03c98ae04e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00008f

Filesize
54KB

MD5
b4a681b2764e907f8fe9f8eaefad5c14

SHA1
ad4d7f726f68dfda5157f2a150682506e2994c43

SHA256
4b8ba2996bc35e56becb135ca481788a6b8d9cb1d58d2e70bd4b11547f49ba6e

SHA512
52fbacc3d9c539bf124b18047e7e44cd79a296d71942f2337a8a940c0e8d7f54029f9ed9e46ea7dae0190aceee4969b8d5a799de7827ccf87cd7ce8d6ba7d52a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000090

Filesize
75KB

MD5
af7ae505a9eed503f8b8e6982036873e

SHA1
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c

SHA256
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

SHA512
838fefdbc14901f41edf995a78fdac55764cd4912ccb734b8bea4909194582904d8f2afdf2b6c428667912ce4d65681a1044d045d1bc6de2b14113f0315fc892

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000091

Filesize
20KB

MD5
10b51a3f5acc5616ad1ecd7b9ff5c01d

SHA1
254de1a36d6fdd789f5175e18d274a2727790d65

SHA256
545034c747697c57180ec09e19c89dbadf60b4b0599d4d1191609e74a9dd77aa

SHA512
fb1f602f5a9408fadc7a2e45189e043a763ff357a7aabae3b12a3cfaf3f0420486cef723a9155461cbeb955350f8d306e33bf096a4a4eaa8f6e336924a007b85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000092

Filesize
20KB

MD5
d816e2dea43b1d88e349b1035b71c1cf

SHA1
8bde94366128fa54a83ecfe18c40765f71390a6c

SHA256
90cd1f0fe7e2998bf1716cdee83dafc1a02b491b2a471d168a4ae31f26947fa6

SHA512
a3a93dcc1b4c658673609931b8bab84c2447083aa99bc3e5d4239b63956731bcdf6f90da7a5fe2ada743fca533f06bd2ead77ee7829be8778448f1643736bc0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000093

Filesize
56KB

MD5
65a68cac9cd09190abd490ead07750f0

SHA1
f67a834b0a574b99ec7d11046bee89e26a9be54b

SHA256
1c54592c2d291f03e33f8c43224d0d98305cb8c41cd68982f5c03dd8ff8787a0

SHA512
6890d985739a139fd087023d7a3e3b6b2a34ddd1f7e79d032bede2ffadbd21f65e77f0a372916c209f537b12df613ede079c0675d3c33f178b2f5e0dc9b64602

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000094

Filesize
42KB

MD5
40cf72c7783e8c42923242cd310091c2

SHA1
863288915ef90e255c504fd9c34d88145acbb460

SHA256
77b28cd84b262fcabd7c6806b5faf93c24e54cb759e66aee63672a68b29df229

SHA512
19d975704fefb8cc768849095acc0d7110cfa790522e02598cc1fbd206af8079421f0e3256d8450daafe3772f16a46c83b6e3e6e9c36fa14568913642ebf5f27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000095

Filesize
36KB

MD5
f58eb7472a54ecad1278ceeaf4392290

SHA1
20590f842af1f3b0b96d221014ca190243aa0317

SHA256
5ebee56e7127626f66a07864007fc8192e768c04c59e825bd4c8e6d062a9421a

SHA512
ef65c93237e356cc69177e5a7234d9c9ee999ca309c1e512e0ea6a0b3567eedd5fd5cd784a0eb5c16ac198703ce97da58a188e9be129b4af2a60ac016041ad50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000096

Filesize
23KB

MD5
a0b2c1224150093f7608afffd68761bf

SHA1
d1fcc737d131d6f44bfd5fd24962e4f87e23dc0e

SHA256
38a88f20086d0ad0a2ec85ef1b88ee34924dc2e610b31dfa74c3f91b80bf0862

SHA512
bdc1b3bec2cc116b9aba67170e42699e8572cba165527f95a82e13d6d32cfd99d3d33787310cbe6dbd245944d8049836ec2fa7abcf78a100636e0d788130b74c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000097

Filesize
27KB

MD5
c802509bcd5588cd0e55815dd413f39f

SHA1
454ae7410457f8e90338d1ea8f102c0788b6345c

SHA256
5717eb6fca2201cf74a06322e400e9514f81e51363d05b0145b3e6c4ad0671fe

SHA512
c1260a0992d09aaf811d94c41dce0f5ace8a8ae94c0c12081dc8f24b1391997ebdf9a6cacfb180946cf4e8db3cf2e28d981a92f227314a419c06eee237453644

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000098

Filesize
29KB

MD5
c15c79ee2a213713563a71192cefa947

SHA1
08665bd63370ac8595a409be6ecccaf0dfd164ad

SHA256
247eb61f7deebe51536353e4446c5b12b2e925d12a93ff22216275925efeaeac

SHA512
e5f9ed3cc8951832a7e977ed81a5fb6603791504f77ad9459b46f7ab2eff5790c98436d8a316dfaac63ab2e9e1b52a10503db9a7a4fa000557ae78f823f71e26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000099

Filesize
18KB

MD5
6baa05d5c1233b2facb0e4b1147be091

SHA1
afd8d7821b049863193158164447f23c648d7973

SHA256
770fa7c85519980402333b147419f8c104fed02af7b3fcafd22d411b458bd257

SHA512
b21a1ab0c9c37d9881fd40fce47577b1ddaad3df5f38434a586b4d1c0051f6f79e0718ff69c26bcd9df4c2a7d35664010a894dd65ff3e7ce0dc59af083935ee5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00009a

Filesize
22KB

MD5
1478201222df362fd6c5265ae6bc1b0d

SHA1
c2fcf64a8812c647f509d2626b2dc98742cd437b

SHA256
0f50e18aa8d17e9c9e7e410d9060fe8297eb9168753c554803a11ed9c2c0de1c

SHA512
c9563f9f62139f012d9e80b28aa2031de963dfdb5e9dd0c0184a87177f27fd536a22e3f4ce97aadb0bd9c3d0925c9fedfe7bbff5cb0d4cc582b25861b1b9fe3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00009b

Filesize
28KB

MD5
b7b2d58004288da891fb4aea8508341f

SHA1
70df379de73254e320f7dca77c3bcb6aed23ac5e

SHA256
a72fc7a617041d065e9e8292daa629d0dab7e3b02119a543bb59d8a54c169d01

SHA512
a9ae39f63d2da151938d8ec5fc3397262e745c91af56698c4095cee4cd4e77777504953cf04e1d69063909f4c5c1219355cbf716e7514403cda84bd56096bb6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00009c

Filesize
31KB

MD5
1c0e7abbe98767356fbcf42d1ad1832f

SHA1
f5f66b7bb208603cc4a44e2c408a26a10e50bd3d

SHA256
317757c16c7a4a9e89c935b1c16fe2708d07b83f9eafc12465bd91f6bf49f676

SHA512
5a915b9edf8f10622bb7d987d7cdb008eeb2e70d4fe6ad76d539b883ddfa232b59b1ee3115fdc3ca88f8482c8f9e006599a03aed756ea81b3b2d939e9ce62c32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00009d

Filesize
31KB

MD5
195695ec9588c748a3b5abdbea56b9a0

SHA1
943f94bafd3f254bf93076da7b763e9c582952bf

SHA256
a0941459a80fc2b3fcc43dd7363e5b23e9df0d08ab338a4179d5411ce62bd32c

SHA512
d9b6dba2ed7d94930e65b3d33f21a5446681681ea4e6f6cdd9f2c6f575d3d3a5992c19901ead3faf843d1d9c2217263075e805dc38509628a9a7a00afee8fa7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00009e

Filesize
32KB

MD5
bbe2843eb286d6984a878f30f860a880

SHA1
27ac70547bd52b610629fd31f91102d0fca12e89

SHA256
db858a6f00db936485d4630d9c8f7f30736e7dcba36f039479004a8028b51087

SHA512
7cb47d6d7c343942729fde44d2eeaeaee4757ad47e6d50707ffd6c6cbfa91f9547d184ac7ad5b1448506cacc3b7a2e35e4e2d8cc2354f087437b91f2ad8abdf0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00009f

Filesize
33KB

MD5
b4be91da9394b77960df2d63f2714248

SHA1
de22ab78bbe3755203a538cb2c75ada8dbe1cc60

SHA256
e7d27cc7e0c2c906250a74471561863913725acf163dd018ea3a3cf2c6255adb

SHA512
251ecdbd9e17ed82df1fa962b32e1616dcc944bf24770d436240b37c54360e55ae64093b6891973124110b05b581732f9b5964e0d57dde9a8261f81cc3284e43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000a0

Filesize
33KB

MD5
3c99f91d474c9f666c21e49b5d66b4b8

SHA1
2fd72bec5c4a20591c30dd764595bc75c74711e9

SHA256
092a698c2bc5ce641f6efff1519ae1399710a470369c1c6296551e1dc0df199e

SHA512
022978cfc36d10b873a8f00afb3beef820a0f69397bcaaeae12f234cb77e7f5794477c5d9cb8430085cd2fc972d1a26b15c39b116f1e1734bad01807d832f62b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000a1

Filesize
32KB

MD5
f94d55fc717970309bcf11e0c49ca5e4

SHA1
d6fa9b628b680e135aa667eaf2f882fe7688950e

SHA256
20ba85e57ca8fbb6161fc23b3b714f0786b4fc8edb286864b9e2dd1ffd91a4e6

SHA512
c6fbc14ccae8d6b0698ca9b8871f6507d802995538caa8c2a1c1a54e087017aaa84849eb18643b308ece69d9169977d3cbb89099deacaeaa048cea2dd7d9274b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000a2

Filesize
31KB

MD5
49c451a36ac412074a74f94fbb2df178

SHA1
702ce22f83b835e1207c1592b7475b0a3e3ba9d8

SHA256
8263a98c81582e04a21ccbb9062666a215e27404329eb850c9f2d9ac1f1189ea

SHA512
1c6360d0f0098888b20dfdc1506cf0893b156a77140cdedbe9724b04247d57f43fab6663ecaefe205c6087c73e896625df1f203ceea29604fa0bcb23d03f1eec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000a3

Filesize
34KB

MD5
dd10129bd2cf8714dd7241bbf33940f0

SHA1
ba62614d9f18cf7d42205c3c296f305126a1bcf6

SHA256
9cffd8f09458744df6a195157294a7d54ea7d8f1d97c858fcdc4192d860ed304

SHA512
8cfac6820e411c3e83cb9737f06dfdee3ab21988a4de9d186f86240b45dd78c475b2e22d5db285de6ed6e83dec9ae32491f13bd723d1a9e98c58b06bbd8dac27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000a4

Filesize
32KB

MD5
e8b8feff844bcba4479cc38e99751564

SHA1
e1953953fe5de55ba5ad712b82d269234d04160b

SHA256
905f856cc396d98c50aac3faa57d3ad0deabac506b9f2b60a93ee9772897f573

SHA512
9b2e24a4bcea770360ec020ab44f72a22168644b77a8a29f8fba53a3e09255859cad2cf86a8d51135068352f7862846b9f6441908a49b922b44cb3c47512c9d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000a5

Filesize
41KB

MD5
a7351161f4f6d0d3e7ffabb730e4e0fe

SHA1
becc630e9c383b2f5dfef154efc1cd79015b8134

SHA256
729d9f5fa977b11f28fa40eda55c73ec66a989337292c684d847f439aa2a5455

SHA512
d3ad6462eb1f00b8af4abc90f559ef224b5af446200974e39f15a8f6caf65064d6733c2ea7e189016b97a4dda00f2715fa3898badec08e6c6184a41de7af2c09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000a6

Filesize
30KB

MD5
b84b180b142d274dda98ff073f109430

SHA1
a3c40b285ff9900f2694bada28df41872cf9cf7c

SHA256
cab6006e36d0248c1a9d0c16e51b45589fd259abbfdfaa97e63913692b16df32

SHA512
9c4208330af86752e0e47521de4eb5f78b295a6745029c1bb618da9cc09a613d5144e70991843e548c07652d577359090aae305631a3d90e5784cd8dc1ede242

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000a7

Filesize
32KB

MD5
48938e0583513507f3cab1aa8c86aef2

SHA1
df2974276c4e9d2c6a842fa6a1794342469efc5b

SHA256
523dbd75c5a64e3a42ee4e454de0819a7a16b52fca46eb87d75075c93f0a8393

SHA512
68aa127f507af030955f493b7ff3d62bb8b94a29b8c1d2aa7b09c5c70228311a7c782ad9ae309779b2f97221a66d6842180dd809ea9d5f616fa8106f8c16bec0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000a8

Filesize
37KB

MD5
609df81e72197b16872fbb1e41f8b069

SHA1
a403410192bc83571d821eae3889c782de6c80c2

SHA256
345cd4943fc3b8413da3d5608568f94558bd295b6541263d679c0eb6977cace5

SHA512
3977f82335077630f69abd3d092e5c491bedb6edd6d0fbfb22f0d0e810cc92df0c7461afc6caf82a251937cf3fc56577a71fd9ad81735498a57b9ff5bdc9bea4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000a9

Filesize
37KB

MD5
cb04a8dc91e8ecee087b32d09f3e929d

SHA1
005d04eea5bee392f5bf2de195956b625a99a8f5

SHA256
04d9534aee40f54f1e584eba84d09818d4e4543a75a7719aab286ceaeb861f36

SHA512
ebee698fe28b0ee6040a7e26eda1865401a6400f496972318f18f1f4c22d85a3a9681858fdb6bbaae6d49fd38280d01f7ebe785a6326386e5012e24c4204b3a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000aa

Filesize
39KB

MD5
e062db69f2aa1381ddc9cedc6e5c864e

SHA1
07f1bd4ada9016d104c4c16d4332a0107690084b

SHA256
8cb26a3f6ce89b0cb5bebd9544c77cd40845709366dc828be1078732e9602f85

SHA512
325bf904b15d88baea8ee8eaaf35fcf302a65e6dfdbda3c39a3a0ce39c55bbc9d7ce0793641b2198fcc125e0f88e404d47193bb652f38d1de89ed7e8fab8888c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000ab

Filesize
39KB

MD5
d77ba997f7bed3d02859fc8c15c246ce

SHA1
c4438ae5c540685ca7f9c8690d64eb52ae1bb0df

SHA256
6d27b75ebb4961ccab37665bb8b5ed2e76a20f1c298b1e684ecb3bef196caeca

SHA512
e240f4c746db9cac6487edc8663a10100862dfe7ade446bf6ef51c24070d201dedc011f299905308d93b097de3e1c639d4ae521e1ef1a7e2922f487eaf92909b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000ac

Filesize
37KB

MD5
4bf856108f77ce1de84efd9cdb5fe937

SHA1
1f63b82af05844c091a837c07256154bf26bd165

SHA256
79575fa311dc144261f69305af3c1b1f92c618393275ee22413d7a52a15f46b2

SHA512
7ad3b3de007d012193234ed1bd25912fc79b59efabe0156caee0218185a90b56611612b7c8e18a7efa36ca76d3ddcc079a55c69cab756ba812d6d5480a4dbc7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000ad

Filesize
40KB

MD5
ec59fa2bb672412b63f1c974f1e4fa96

SHA1
f03f12c6f790371d7f9b4bed8c398bcf35b32a75

SHA256
514156b0d38dfc58a99b90dbfedcf52067f82b33b78df87c8f16e44bd28595ed

SHA512
a0f1051c1ec119a5db9736e7777e7de144226147da3b1cf322abb6aac787d76b4731b0cae6288eaecb6f90ee449f9a80acafc5494c4ba4d04baaece0411baec8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000ae

Filesize
31KB

MD5
45efd327035f65ccdd186b90bcfae9ff

SHA1
c15d9e15abf6199757736d0d22538a2f0f7117e9

SHA256
16b4085576dbe76f7e4c206efb2f7bd2efe91268f6e9fa0447315e8acd39ad68

SHA512
636062128b872699c3dc31650012bb9a7470296269273000895dbeaa7f5adebd68cc9fa74a5564696cd2a78ecde5efb7aeb358696845d04c23fe91486494889c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000af

Filesize
32KB

MD5
d784f67bcf6cc04e3cea742433cc207d

SHA1
f5a336fe93364e21fb68bc70bcd094a2564878c3

SHA256
b9d31768ae424f7324f16af8e7ac1a0b6e7fd7db7a432e7628fc0fe253390f04

SHA512
9df40853f42a3845d86f4455e83374de48af126b93136c64c263f2030a63b3c5c9a3b671657a9dfa190eed8eed5248fc834828211814b6b1b9dc976e198c08b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b0

Filesize
36KB

MD5
eaf8c9e325499c6686538d09feb143d2

SHA1
971a314ecf4af1a8f537f6914a762ecf7e191b4e

SHA256
33c71439f073df803ee45e4ddf7f5bcd135c783d2ded1c8fbabfe975f4e1693b

SHA512
1c55a8dcf36c6cd69a9badc94f57bbf99aace4e01436e295066ec7da223dd5270d891b8d502c05ed017dc85036a936fb626d85cc8636ba14bf1bb9e6c50a0350

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b1

Filesize
43KB

MD5
4d0d03527e3d2168e02165ca288a734f

SHA1
04d418e2afd809e64b060217894e14307c58aa4e

SHA256
add0dadb44850ab8db4148e5f731b922c48169baf50dde118900beabe83d6b4a

SHA512
ee32445e117f9cb90d1835c72ffb1d785fb0e3c5ab3f39360368e2a75379a8fa3c3b4556860ea4c7011f6ce3da0b29125bca0e29456b29bb4acb7a826e7654ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000b2

Filesize
35KB

MD5
01082d7b3235ee0af3d368222317d4fd

SHA1
f44a00bb397e6f0348466400a88d3a1bd5323469

SHA256
06ac287574006d055248d2e65c2558b3b9f19626e9e122d3baa966771cfdd0f5

SHA512
9cfc892cbcf5938b1888e9efb5a5670d49b28845ff88d4a92a6685411cfbb95d436ac9f9cf8555a275f95ae4be3b1998a34feb0e4203efd693c38018b02cb7cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
b168dd9f7480c2f9198348f4b3bab4b7

SHA1
ed0e7502d3163fda464bf15016c8a97b82886a1f

SHA256
128210c29b2dfda7989eb3ac68d4789f82ef4e9e676db4987a864a02738569c8

SHA512
874ee81f764ea1e0735bf7890cc929661ed649fc547d44d1a3d3f23a21a9ba4647723e9333f4b454e275841abfe5c76b9c583a53e3a1f303c58efdfa49850262

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
a400a79829142bd5df60bf648e1813a5

SHA1
fa838ca0f71fb93bf143398bdfaed5d7f0c47b5e

SHA256
ff5ab618eb021ae22c63580b3b15cdd8452a9591c44ee52518a109214012d445

SHA512
ea0287f09d273e7a029f56e7a5ab900c4402641c6573d1b1268ab85faea480ef6bb8dcb097854330dc20c57216b23863a600dfc38ad6e5be4798481376eeb614

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe577b89.TMP

Filesize
4KB

MD5
b838772533655356775dc9cc56008de3

SHA1
216597b8dd94273c7915e0d4454bb3cbbcd3a134

SHA256
0f37ff68b8119a7e1a515f992a84ad492bd847d47e2600e9a1412dfe2d4b09cb

SHA512
3ea24ce1cba0e99ddfd902a148d3c6ce09fc5c67b3d1bfae6813db8c12d44378144dcf72a391657b1fb653cd988d74109921301bf3e3ec9a525eada943414561

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DawnWebGPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\321cf991-2a3f-4c25-971e-27c431e0b35f.tmp

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
192KB

MD5
2b71b63a1c4ca8aeacc85ef38e9feb94

SHA1
70145fa661a1b0b9beb6b8a427ca6f072b2126aa

SHA256
6450799b46b0ad150135184fa129cedef9663114e5e7fddec602edf1e8906a51

SHA512
382cae189f20247de1693d8548c65573a84a4964f4390e13ee4e63921cc6878ec93b419eec490a7f2c7809daa09f8f98cea7b9e42d735427c52c4f3e5beea529

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
bb8b4045c787e5e2c7ae750a55304753

SHA1
a9b37bae327564b2aa6f911f619fa7aeecd1dc59

SHA256
84d6b34c47ce49a0fe959b54bba9cd176e808e59fe842c3983ba17b4759eef76

SHA512
e9393d09950c6771b6151b3198b3b3abbeb83f9579432a96f51ca794a082a389d3db7379ce4156940f72ee03e7b68a190ab279f0e485eb7506c5cf3dd14205fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
eadf64476920c7341648b83d936973c4

SHA1
668e3141fee52c65603c69e0bd7c1c0a91969f53

SHA256
dc23244227f66950900f23989b6eef7e4b4a8fd978f21e6ce933148d1163fd7f

SHA512
c4186cde203eb6cb19427abe32d13fbbab976b307bbfae39f8609447fa3188f518afa9211cefd5e2261d42f57663efeb14ac7d6ee9d24fbec9fc922f56e63cf0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
19KB

MD5
565c25b9ffe6536332ceccfdab3f2083

SHA1
f163fff15e67101fd77e9a94183e9eaf3d223215

SHA256
93fd054619ff1de2570ed3f3da8ea0e9fa4f92300e92141236d39bab5a400da0

SHA512
8b37ec8db9f8fadac5c81ed9e0800f9cb674bdbe160a25a5d7df3aedbd297c448b64f0303b7877db7a3e6a10b81b2f267041fc387571207cec13e6bc25047bf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
37KB

MD5
fb2dba236c3882ff8e9c6249d1f7d6d3

SHA1
3587f6b1eb377eef5d6d987a623c6a94bd51a3ff

SHA256
b030264465a4acde7be46477f43455b53dee26c79d50291b505f42bed8fdb308

SHA512
7568582710e6246ab7111e08472e60c50a5380fcb57b737f0ca94b4ab67938066c293444582c85c79263c07782a8e9e738ded5490dff5ed13e737567a2604a1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\85417b5f-1d10-4386-a48d-fde07e4a9876\index-dir\the-real-index

Filesize
72B

MD5
230103465dffa7d8f1bc9c128509eca9

SHA1
ba9bb37b64416047ba7f8f8a3f840b26b2a18634

SHA256
1936dc7734f77de3db665cdeb9e854273daeca2f3bb18972887dc0ecfd3c4b1c

SHA512
05b35f6f556659aedb857391a13bc48d3d4f0557e8ceb89b96e7299a6f5e21725266e1327e2de382e13876b76fb284ea987b61333a20c5d4d37fd4e865f1231f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\85417b5f-1d10-4386-a48d-fde07e4a9876\index-dir\the-real-index

Filesize
72B

MD5
571b7563f0f5b0c77ff7c98649cabf5f

SHA1
8a9da5a6df7912702eacd5109a550f0114de7de2

SHA256
d2c8cdd4ebc43bab5f88c618dadf4f37fc489152bbf28ca31c5baad00957a24c

SHA512
20905e6a3ba14dc6d5c4e3eff1b4400b04d3014c7913deb0e9b56fe9a3c6490feb47a2e9163841d539ca0b1ac5ca7d4dd1f955e4ab7eb40961e32b3c9eb2d1eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\f5417672-d12f-43cd-a1db-5f60f28ef2d9\index-dir\the-real-index

Filesize
1KB

MD5
9112ca3888d1f3323514df1beab26177

SHA1
a9bf69ffafb1932144c4c36714717ad771d4b8af

SHA256
e00f7fdc79822dfafc79a99fe19745440e6da8f0c80d17b7b84e3c016d5551ef

SHA512
527369381464b658a21284a1a3353fd11e807270ec5ef63ea86171f12e6c4cd3030071e8bb82430d01045001678ff17c007e6d29032cf93258321b49c63113ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\f5417672-d12f-43cd-a1db-5f60f28ef2d9\index-dir\the-real-index

Filesize
2KB

MD5
b67b936dd71473a69359e14d13e92387

SHA1
1b8d71842db18c94832de9477b53775ba8cd477e

SHA256
377b7fe963f5c784d2012af66db8edc8f842e9ccf016aa8ecbb6fc0885506832

SHA512
86a2c2d574e62f610424131926e4d0be4ec8ef0f64cb5970e6e90ca6953acd14d56e1b4683ff892451b0e89167e9f6a71f3ec80ef6156bc820aa5bf7fbcf4f78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\f5417672-d12f-43cd-a1db-5f60f28ef2d9\index-dir\the-real-index

Filesize
1KB

MD5
ed9201936384d94731916a034e3360f7

SHA1
4738d22331eef14ddd00a8db0ff6364fad0dcaf4

SHA256
43138294cc92d996f4c5577fab2ba8d32dff6dc8774bb977295274016c553994

SHA512
0b0d7089a25ab6ac264b6d3f9844c433c34ac390b899c28bcc748d54e8f24d8585ae19be426a52b528288e780756c56587d7c5b27753425d4bcd59305606b5f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\f5417672-d12f-43cd-a1db-5f60f28ef2d9\index-dir\the-real-index~RFe577484.TMP

Filesize
1KB

MD5
454bc32b2a60d80d8f44c99aa17fec05

SHA1
b134b8e2ad8fa247f97ceb8dc6a925af7bdb9f1e

SHA256
6e063d714e9806af1d1f2644f494e5036e0d04cad9cbfb153d49c926a75f382f

SHA512
a841c1faf2f97e82bb7939165344fc8c7eff860dcceb93d17afe0ae689a31505a3e732aa8fc8c83e38cbb709f9d5300156081a088019d9875c9caba2e076dfaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
253B

MD5
661584fca60386237d830e3a92320971

SHA1
1de007f4ac88092e9b53942ef456e5753eb19356

SHA256
775b261757a46644e38f2ef5601f49237808cdfb80cce5c22f6080bc918d07fc

SHA512
dd691887232d73befbc4bde785b2405dd4078f90b23009fea2ec44abd5560596c4ce7c89f4ff526837c8abbb9e7230b10c98b9edad92040ec59887c565d1a53b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
253B

MD5
2ff04452ef0e7d89b54b5cc367422dcb

SHA1
fea767d384d2220a1ebf14267ff7f1bd4c684102

SHA256
beb4cf4334badf51d558a92876b21a449e17c19ff176625c7369c1ff480642fc

SHA512
f25e0c67d9a72100b0b599a4c206d190c8eac8059742b60ca03b0f8ac01c077f08151107778f223ff4a4f2c9f048fad2b148e4a02cb0a3f4208dfb97adc9167a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log

Filesize
422B

MD5
7f129fce5ca3ce0411d6720b34b30fd1

SHA1
f5dfce2d8a78deebe398c6315e1018dfa8c42d46

SHA256
2cd1bddf849cb99002388e492f4e5d21ca15b9916b14842085a4da59dd7a03c9

SHA512
6350a936121b35711dde6d6312519c62f63e087b5ffe235bd348e8d64d074605559d310b5c121d4e0e2b84afe34083616c172ee90dca566a67405c7029bcce30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

Filesize
335B

MD5
8273b470676e5588500070e85aa38d48

SHA1
dd4e1e0ebc9afe27c9fd1be934d36c479df65561

SHA256
729caa6e957770ae589d656bdff5e128630ca0e003717adcfcef10d2bcce3a51

SHA512
4759b42a2fe11f1ded4470c27b9108b9d0cea1bdf1f488a29850464e01dacd54bad25ca1a2700fb86684e0372e565d48493c9fbe35d26977aded8dac13e2de6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
83729d4580a741c486da758867aa5bb4

SHA1
162174b84ce1737e37e78a4c9f2984ecc7218059

SHA256
a5c082e522e5d752e43e83c6708972de01f180403b0698cfb39f0cd468d8b4df

SHA512
3453b44ef36bc74dc4521e4350543231826accd16216998a4f08223c5b9daef7a088e7e58807b94d980a2934f0d1dbbbf474fc67977af656b37fef6dca339538

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
48B

MD5
29a95e91e1be08416388c5a2359820f7

SHA1
7fdff238a2703e929ae57ab3be07216d8b7e8917

SHA256
c364b4f4cfaa3560f4dbb1912705596887fafd6ceb188c7f2ccae8ee14be6a4f

SHA512
a5560f19e0d06b4ad186587a72b4f22dbaf7c79e42cf8bbdb4762375a340c3bb65eaf77cdb7827c7f8ca22dba871d033520bd37daebbe372c191a09fbcf1b140

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe577b6a.TMP

Filesize
48B

MD5
1380b9e890f04923ae6502340373f758

SHA1
d6bfb31d9a06268969038b992b8b0d20c992954b

SHA256
d7db1b6a3dc36bdcb345399748eec88d52fb9a2373d63326318e6e03301cff23

SHA512
f8907b31fcdeb4887e9a60e5c43088eab074ad5e7df7927b2133ae14ec8cc182b65d2b1b1ab3f0e1fa825ec2fac8bac613ca82a3c3e93b7aa62e1b4e13e45988

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
b85a2ee0f44ccc5189dccb3e627131f2

SHA1
7d234174cf9ada848ad11ea06de0565ee7c1bae3

SHA256
aa2d0b7c29c4293a498a9a9287459c4e103e28ab743b8fd2b64554e39f48e27f

SHA512
928f616db467f69d92341849c74be1d6146149d4179035b82cd0260401724b986350edccfde0414e479baf0509090ee7a88e185c2aba794e0fe80c1e950ffac9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
a720e6922ed9b21967e28eba6b60906c

SHA1
5955b52de207a66530dcfc37fd365d42c87e8181

SHA256
bdf4d08261c19db2180730dad1bb7507ec679a6113dd749ed5d7a01a23833ef1

SHA512
4a68e1a5047f6f62afc0966764a9d6360d43e1a65f9269f4c14718e4bd7a1d2ce3e5bf8d77a1debf12ce454eda48d0e0eed1083dc57f43099a095eb807dd3f82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
8476fc69524f18adaf1332fd12b2a361

SHA1
46938818284feeed22771839088cbf3ed81d5a4a

SHA256
06072e11ccbcbe26062692711fb536ac5c7475fa3af6e799ff9a5bb1054663d9

SHA512
6d29abf6f8b223567d1e087bbf6e03c5872addbd240926333e9be439a356d36195c3a8617a00383b66c627e86e22c36bfe2703dce93bc1172bdfefad8fdf6385

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
eb34f35b5e18a1137bd8194a47d12716

SHA1
040cd01998b2680ca74981c99355f0e1c1c6c301

SHA256
3212d9340fc98529b4e40a8fba75ee0dec873e4849674d5cb7119932f8833f45

SHA512
c6078600ec1ced6411b9465c5f5eca4d7fd70d1368522f424f3ef67dc604592944adb135adee21da540772407562d9d1b85e091c42fe3dc36be960e67aec3f48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
adb8279f2f66c61d37c6afb7d28d2b1a

SHA1
b6c9353beb88257ba17fb44285ad5787c6e3741b

SHA256
92f3fd9cbcfdaefd03810f485b2af357c591e8e70ff4b16dd938b927f193c71a

SHA512
b4be72751d45bdd7756827cd65cf257099ef70dd1eb078cbbc2be70974699eb95926533c734078cb5e2ea3b3ebbe849e58687b05ecbbd9f68e42a67818f479ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
1KB

MD5
7e65948b6f03c76f71c1bf204944b9fb

SHA1
c291420733115b4cb8a549fc538b84039fdcb10f

SHA256
d3304d6729ef917bf1a13e611dfc950bec2ced83b3b3638ee118485a4e23bdd7

SHA512
1a40d4c17dbc960285ae934997d4897beca0c233f7c0549145d3e8985ee63d881c3a5f054c91f28377561954a17587d1624ab0633058d6f768afc08bfd2224c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
5e7398616d4a1d60748b70235e1c1004

SHA1
56065efbcf0d329beb4faebd823c390158dd3e27

SHA256
404d653786b370d2ff415f891f4218f0482a7964f32b6f17392e6e0c93d58d64

SHA512
5f31232d6970a631fce257703188a4112c2da90361e86a2818148bbccfaf33f7dd3235923d4816ba76e6745409d5f64c50371a980103af32defc42694d16a5fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
896B

MD5
5c2e7042ff1f0dafc203fb276aebbedc

SHA1
6d3c31752e6f74ccf02b7827107e8a2a6d148595

SHA256
cc33c256ac005ed73f0fc57703d32f446c6384d6d2464ed9df4d04af2ebc0ac2

SHA512
202a4447f2991b7ed8b376134fcbff81ac57437d953e914630d6aaf7cd5059013ef905c36a993bc35fc3023fc7bce18fed75a378404e2de2e70e4df34d63c53d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
465B

MD5
522083878549ef1b40b378c2c32436db

SHA1
2d71e846122d378301f9dce89c3ac769c19789e0

SHA256
e29653d800c031ffe8bb4dc7f3e03a87c8b43aad8c5dadbdc1c4e5d1db398aa1

SHA512
d2a17a5c3f852fb3f84c786190a4120a8170c3ee3557931ba7273ffe192e318b84a62f5bb0ef5f416226b673c71955e44566745176304dd75c830904099c75e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
20KB

MD5
4a1adc91258a65397e196057805b4bf6

SHA1
7b0f4462a860a2e2a7570cca93240f80dc2b4ed7

SHA256
90ae2a1a6820900bcf2f01017013f46d9713857d7813579194eceab1d6b1419a

SHA512
48f135c69e0478141a0f855f04f78d3c9b2b91621883c85b7e78cc86cf596c3d6d4129a2d79cc52555cf681a254222e2de4279bfcc893b8ebfc76352e3c4790e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
22KB

MD5
3f8927c365639daa9b2c270898e3cf9d

SHA1
c8da31c97c56671c910d28010f754319f1d90fa6

SHA256
fc80d48a732def35ab6168d8fd957a6f13f3c912d7f9baf960c17249e4a9a1f2

SHA512
d75b93f30989428883cb5e76f6125b09f565414cf45d59053527db48c6cf2ac7f54ed9e8f6a713c855cd5d89531145592ef27048cf1c0f63d7434cfb669dbd72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
13B

MD5
3e45022839c8def44fd96e24f29a9f4b

SHA1
c798352b5a0860f8edfd5c1589cf6e5842c5c226

SHA256
01a3e5d854762d8fdd01b235ce536fde31bf9a6be0596c295e3cea9aaf40f3dd

SHA512
2888982860091421f89f3d7444cacccb1938ef70fc084d3028d8a29021e6e1d83eaef62108eace2f0d590ed41ece0e443d8b564e9c9a860fc48d766edb1dc3d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
48KB

MD5
cba49e72fbfcffba913f9f8b83ad12aa

SHA1
ffdca49f7de72a12b8188e22fbe05d209570718f

SHA256
38379b5f542f2e25a1a91b0c23f2e9695d40b95771ac18c32d349a1a86f73fb9

SHA512
c3f25fbe34f56cbb7d956f05ca36b2a99f7c8152a19fb826944a0e17602d45b533653265e909cdc8b34725b283b05674d928220df73bd13d4edca20d0f71d52a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
48KB

MD5
c47a08f4815c35e25e0705061ae1152e

SHA1
1554d53a6f9a6ea395f890e75bbe80c100f0f93a

SHA256
1a722c6229f694413aeb9f59f1d473127447b652b3c1e569d60eb494f692e631

SHA512
0b5bc0c00445647a3bafeca33c9f588f41b6e12c653272703e0e6a89b599fa141be13001b1bb55e9072865ddbbb70f9aad2fb7aab3a2c989ba934b83911df217

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
b70e75b6b0fc504c17baa3998380e094

SHA1
fa2d05c4a55269c7b863514b9116268c3edf5626

SHA256
07562b77cd6abc3b0e7a718edca5a0b7331881e4eb68a2ca1a47243716eedb51

SHA512
2ffa3dee3daa7f9a64d5856a092198114d6bf63e51136294f50a2d0b6d4ea6c2b619f5bd0950b8a95b75031a3dcc9237975eb4027648cec5ac782a5ed21c75a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
47KB

MD5
35ede6caee1f8e7b9d0e850a2ebe0ba1

SHA1
426fac12f73faf44ddcc4de014f5bd1535d16014

SHA256
767645e19947d25bf4ff176cd01b12fe2cf312879339d967d6e09c41840c5f18

SHA512
f24d415b0ca9de480ce315276b981a1dbf1d82f9f4d18b66bee4eb7617c6c823cb46b036c679a08719f20c1b41642f53f8563299cc3d8105eb93202107584c61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
42KB

MD5
a92642f0d28e6a717b3887093d03b008

SHA1
6900b7f5b3c261129d4e1585685071545dbf92b4

SHA256
a1ceb0f5b9e68e7c65664422044987644bcc19b6a61e0580ba1399cfc42c6037

SHA512
a342f962f9a4130136b46237f79fbe0059c3414f2d127c0f612ab3280a0bbfe94e8bf8d4cf2d8dbe675b00314895e68bd259f7f50058684b62e26f8a4c000d2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1

Filesize
264KB

MD5
7c008ed7bdf7e0a642e0520df2cf6386

SHA1
03f6d5c474ef091064e1cd947343f70e327b93cb

SHA256
e16c946f98ab07749a0d3e479a6fb556a875135e3bb668e26f83d1f3edaf698b

SHA512
b3dcd81d5bb0156c332cde5dcc84048f3655a1af5d8ba84cb16d8ea31d0598d510b894dc697ab7bc8a9810d9d3f1889434bedd100d0acef625f517e8f86b84fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.76\Filtering Rules

Filesize
1.8MB

MD5
d7c9c6d2e1d9ae242d68a8316f41198c

SHA1
8d2ddccc88a10468e5bffad1bd377be82d053357

SHA256
f215127185b2ee6b01e12b6ca75d3e5c4e454598dd4aed36124ae13d59afd547

SHA512
7fd14824e9200dd99e1fd2cee402656dc0cfc3d0a60058c5eb05c68e9e65b7f0b47e550fb4d6c2b59eba204dbf3ef9e69dc9723b43a9b3ccd5412d6b77715fc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.76\LICENSE

Filesize
24KB

MD5
aad9405766b20014ab3beb08b99536de

SHA1
486a379bdfeecdc99ed3f4617f35ae65babe9d47

SHA256
ed0f972d56566a96fb2f128a7b58091dfbf32dc365b975bc9318c9701677f44d

SHA512
bd9bf257306fdaff3f1e3e1fccb1f0d6a3181d436035124bd4953679d1af2cd5b4cc053b0e2ef17745ae44ae919cd8fd9663fbc0cd9ed36607e9b2472c206852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5576_1142703946\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5576_1142703946\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5576_1815362639\manifest.json

Filesize
176B

MD5
6607494855f7b5c0348eecd49ef7ce46

SHA1
2c844dd9ea648efec08776757bc376b5a6f9eb71

SHA256
37c30639ea04878b9407aecbcea4848b033e4548d5023ce5105ea79cab2c68dd

SHA512
8cb60725d958291b9a78c293992768cb03ff53ab942637e62eb6f17d80e0864c56a9c8ccafbc28246e9ce1fdb248e8d071d76764bcaf0243397d0f0a62b4d09a

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5576_2110638168\hyph-as.hyb

Filesize
703B

MD5
8961fdd3db036dd43002659a4e4a7365

SHA1
7b2fa321d50d5417e6c8d48145e86d15b7ff8321

SHA256
c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe

SHA512
531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5576_2110638168\hyph-hi.hyb

Filesize
687B

MD5
0807cf29fc4c5d7d87c1689eb2e0baaa

SHA1
d0914fb069469d47a36d339ca70164253fccf022

SHA256
f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42

SHA512
5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5576_2110638168\hyph-nb.hyb

Filesize
141KB

MD5
677edd1a17d50f0bd11783f58725d0e7

SHA1
98fedc5862c78f3b03daed1ff9efbe5e31c205ee

SHA256
c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0

SHA512
c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5576_2110638168\manifest.json

Filesize
82B

MD5
2617c38bed67a4190fc499142b6f2867

SHA1
a37f0251cd6be0a6983d9a04193b773f86d31da1

SHA256
d571ef33b0e707571f10bb37b99a607d6f43afe33f53d15b4395b16ef3fda665

SHA512
b08053050692765f172142bad7afbcd038235275c923f3cd089d556251482b1081e53c4ad7367a1fb11ca927f2ad183dc63d31ccfbf85b0160cf76a31343a6d0

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5576_333005987\manifest.json

Filesize
116B

MD5
d20acf8558cf23f01769cf4aa61237e0

SHA1
c4b21384309b0ff177d9cd3aa4198ab327eb2993

SHA256
3493b321a7fc5e183ed6f223ae55ce962541717d0b332d16bdc7cbcadf7e6f78

SHA512
73d082cbd71f6d0f06c7afc1bf63ee41c9a8e501df3e56f21a551b2d369a0afc8306894c8e0a38d0324e2ac403ec506ac1ecd8e9b61a9cb27134a229ccb13725

Download Submit
memory/2224-2656-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/4520-2623-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/4768-2646-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download