e248b01e3ccde76b4d8e8077d4fcb4d0b70e5200bf4e738b45a0bd28fbc2cae6

Resubmissions

03-04-2023 17:17

230403-vtpvasga85 6

03-04-2023 17:14

230403-vr9fxshg7z 6

Analysis

max time kernel
301s
max time network
296s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
03-04-2023 17:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PDFpower (3).exe
Size

1.0MB
MD5

1e2a99ae43d6365148d412b5dfee0e1c
SHA1

33c02d70abb2f1f12a79cfd780d875a94e7fe877
SHA256

e248b01e3ccde76b4d8e8077d4fcb4d0b70e5200bf4e738b45a0bd28fbc2cae6
SHA512

d962f2e4bbeee0183a3b75f26ccc6de273c28fe5a191c83c1e4ea6c84c8f70b535273452e05c5e11e4df725cad3054e346ad0b3d98348718a00a350b87a5fa0c
SSDEEP

24576:sWjYtbXSRxqO8m657w6ZBLmkitKqBCjC0PDgM5A6:sW8tbiJVV1BCjB

Score

6^/10

bootkit discovery persistence

Malware Config

Signatures

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 24 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

PDFpower (3).exe

description	ioc	process
File opened (read-only)	\??\T:	PDFpower (3).exe
File opened (read-only)	\??\U:	PDFpower (3).exe
File opened (read-only)	\??\X:	PDFpower (3).exe
File opened (read-only)	\??\B:	PDFpower (3).exe
File opened (read-only)	\??\I:	PDFpower (3).exe
File opened (read-only)	\??\M:	PDFpower (3).exe
File opened (read-only)	\??\Q:	PDFpower (3).exe
File opened (read-only)	\??\R:	PDFpower (3).exe
File opened (read-only)	\??\Z:	PDFpower (3).exe
File opened (read-only)	\??\Y:	PDFpower (3).exe
File opened (read-only)	\??\E:	PDFpower (3).exe
File opened (read-only)	\??\H:	PDFpower (3).exe
File opened (read-only)	\??\L:	PDFpower (3).exe
File opened (read-only)	\??\V:	PDFpower (3).exe
File opened (read-only)	\??\W:	PDFpower (3).exe
File opened (read-only)	\??\A:	PDFpower (3).exe
File opened (read-only)	\??\G:	PDFpower (3).exe
File opened (read-only)	\??\K:	PDFpower (3).exe
File opened (read-only)	\??\S:	PDFpower (3).exe
File opened (read-only)	\??\F:	PDFpower (3).exe
File opened (read-only)	\??\J:	PDFpower (3).exe
File opened (read-only)	\??\N:	PDFpower (3).exe
File opened (read-only)	\??\O:	PDFpower (3).exe
File opened (read-only)	\??\P:	PDFpower (3).exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

PDFpower (3).exe

description ioc process

File opened for modification \??\PhysicalDrive0 PDFpower (3).exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	PDFpower (3).exe

Drops file in Program Files directory 2 IoCs

Processes:

setup.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230403191813.pma	setup.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\8d5a1df1-43cf-415a-a23e-9ca570e6f50e.tmp	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 9 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

msinfo32.exetaskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	msinfo32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	msinfo32.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe

Enumerates system info in registry 2 TTPs 10 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsinfo32.exemsedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\ECFirmwareMajorRelease	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\ECFirmwareMinorRelease	msinfo32.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

Processes:

explorer.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe

Modifies registry class 64 IoCs

Processes:

msedge.exeexplorer.exemsedge.exemsedge.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\0	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616193"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\MRUListEx = 00000000ffffffff	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Vid = "{65F125E5-7BE1-4810-BA9D-D271C8432CE3}"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "18874385"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\WFlags = "0"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\HotKey = "0"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe1000000020b727b95b45d901009bb92b6545d9010100330e6166d90114000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe1100000021182ab95b45d901690fe7bb5b45d901862a4ebe5b45d90114000000	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000010000001800000030f125b7ef471a10a5f102608c9eebac0a000000a0000000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\0 = 1e007180000000000000000000002f492640692fb846b9bf5654fc07e4230000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12122#immutable1 = "Windows Defender Firewall"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e8005398e082303024b98265d99428e115f0000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000000000001000000ffffffff	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\ShowCmd = "1"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "48"	explorer.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

explorer.exe

pid process

3196 explorer.exe

pid	process
3196	explorer.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exetaskmgr.exe

pid	process
400	msedge.exe
400	msedge.exe
4752	msedge.exe
4752	msedge.exe
3944	identity_helper.exe
3944	identity_helper.exe
4620	msedge.exe
4620	msedge.exe
792	msedge.exe
792	msedge.exe
4700	msedge.exe
4700	msedge.exe
5264	identity_helper.exe
5264	identity_helper.exe
5624	msedge.exe
5624	msedge.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

Processes:

msedge.exemsinfo32.exetaskmgr.exe

pid process

4700 msedge.exe
5372 msinfo32.exe
4668 taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

Processes:

msedge.exemsedge.exe

pid	process
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
792	msedge.exe
792	msedge.exe
792	msedge.exe
792	msedge.exe
792	msedge.exe
792	msedge.exe
792	msedge.exe
792	msedge.exe
792	msedge.exe
792	msedge.exe
792	msedge.exe
792	msedge.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

Processes:

PDFpower (3).exetaskmgr.exeexplorer.exe

description	pid	process
Token: SeDebugPrivilege	1176	PDFpower (3).exe
Token: SeShutdownPrivilege	1176	PDFpower (3).exe
Token: SeCreatePagefilePrivilege	1176	PDFpower (3).exe
Token: SeDebugPrivilege	4668	taskmgr.exe
Token: SeSystemProfilePrivilege	4668	taskmgr.exe
Token: SeCreateGlobalPrivilege	4668	taskmgr.exe
Token: SeShutdownPrivilege	3196	explorer.exe
Token: SeCreatePagefilePrivilege	3196	explorer.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exemsedge.exetaskmgr.exe

pid	process
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
792	msedge.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

taskmgr.exe

pid	process
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe
4668	taskmgr.exe

Suspicious use of SetWindowsHookEx 18 IoCs

Processes:

msedge.exemsedge.exemsconfig.exe

pid	process
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
5624	msedge.exe
5624	msedge.exe
5624	msedge.exe
5144	msconfig.exe
5144	msconfig.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4752 wrote to memory of 4928	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 4928	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 2776	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 2776	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 2776	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 2776	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 2776	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 2776	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 2776	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 2776	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 2776	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 2776	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 2776	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 2776	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 2776	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 2776	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 2776	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 2776	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 2776	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 2776	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 2776	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 2776	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 2776	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 2776	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 2776	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 2776	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 2776	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 2776	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 2776	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 2776	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 2776	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 2776	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 2776	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 2776	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 2776	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 2776	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 2776	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 2776	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 2776	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 2776	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 2776	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 2776	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 400	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 400	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 5060	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 5060	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 5060	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 5060	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 5060	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 5060	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 5060	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 5060	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 5060	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 5060	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 5060	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 5060	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 5060	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 5060	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 5060	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 5060	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 5060	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 5060	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 5060	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 5060	4752	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\PDFpower (3).exe
"C:\Users\Admin\AppData\Local\Temp\PDFpower (3).exe"
1⤵
- Enumerates connected drives
- Writes to the Master Boot Record (MBR)
- Suspicious use of AdjustPrivilegeToken
PID:1176

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://use.pdfconverterpower.net/
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd4,0x108,0x7ff9869a46f8,0x7ff9869a4708,0x7ff9869a4718
2⤵
PID:4928

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,16092057123410337743,16724228771802156255,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
2⤵
PID:2776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,16092057123410337743,16724228771802156255,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,16092057123410337743,16724228771802156255,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
2⤵
PID:5060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16092057123410337743,16724228771802156255,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:1
2⤵
PID:1776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16092057123410337743,16724228771802156255,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3616 /prefetch:1
2⤵
PID:4684

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16092057123410337743,16724228771802156255,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
2⤵
PID:3624

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16092057123410337743,16724228771802156255,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
2⤵
PID:4444

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16092057123410337743,16724228771802156255,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
2⤵
PID:4416

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16092057123410337743,16724228771802156255,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
2⤵
PID:4880

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,16092057123410337743,16724228771802156255,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6720 /prefetch:8
2⤵
PID:4620

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
2⤵
- Drops file in Program Files directory
PID:668

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff7422e5460,0x7ff7422e5470,0x7ff7422e5480
3⤵
PID:5052

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,16092057123410337743,16724228771802156255,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6720 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3944

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4404

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://use.pdfconverterpower.net/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9869a46f8,0x7ff9869a4708,0x7ff9869a4718
2⤵
PID:4896

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,1193565658614446480,10386542114989555776,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4620

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,1193565658614446480,10386542114989555776,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
2⤵
PID:4640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,1193565658614446480,10386542114989555776,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
2⤵
PID:4572

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,1193565658614446480,10386542114989555776,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
2⤵
PID:2988

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,1193565658614446480,10386542114989555776,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
2⤵
PID:4252

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,1193565658614446480,10386542114989555776,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
2⤵
PID:4684

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,1193565658614446480,10386542114989555776,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
2⤵
PID:2028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,1193565658614446480,10386542114989555776,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
2⤵
PID:4516

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,1193565658614446480,10386542114989555776,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
2⤵
PID:4424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2184,1193565658614446480,10386542114989555776,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4800 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4700

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,1193565658614446480,10386542114989555776,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
2⤵
PID:4828

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,1193565658614446480,10386542114989555776,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6608 /prefetch:1
2⤵
PID:1696

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,1193565658614446480,10386542114989555776,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6184 /prefetch:8
2⤵
PID:5256

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,1193565658614446480,10386542114989555776,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6184 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5264

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,1193565658614446480,10386542114989555776,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4596 /prefetch:1
2⤵
PID:5484

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,1193565658614446480,10386542114989555776,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
2⤵
PID:5476

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2184,1193565658614446480,10386542114989555776,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6976 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:5624

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,1193565658614446480,10386542114989555776,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:1
2⤵
PID:5692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,1193565658614446480,10386542114989555776,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6528 /prefetch:1
2⤵
PID:5720

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,1193565658614446480,10386542114989555776,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7064 /prefetch:2
2⤵
PID:1540

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4420

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4668

C:\Windows\system32\msconfig.exe
"C:\Windows\system32\msconfig.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:5144

C:\Windows\system32\msinfo32.exe
"C:\Windows\system32\msinfo32.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Suspicious behavior: GetForegroundWindowSpam
PID:5372

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:4844

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of AdjustPrivilegeToken
PID:3196

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\7c295cc0-d094-48d5-890c-9c960b7771f0.tmp
Filesize
13KB

MD5
87302fd4d6ca65f5fb996b814dc1237d

SHA1
12759b3dca80bc34f4278d4a5bdbd7cf9651bb73

SHA256
860f7659537b6e561e2e381cd679db96e01a781b9e8f971ff85a3ddbd3fd1a05

SHA512
0f40c74b5ea01f0a977d1924947535c17754a099c72490d1aece6710a0ab56a270e104ed9d1baef8c5950f0259a9d99c9439aa6fbe1655b9cd8ed8673f33b5ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
aaeb1f5e097ab38083674077b84b8ed6

SHA1
7d9191cb2277c30f1147c9d29d75fc8e6aa0a4f2

SHA256
1654b27bfaeee49bfe56e0c4c0303418f4887f3ea1933f03cafce10352321aef

SHA512
130f1b62134626959f69b13e33c42c3182e343d7f0a5b6291f7bb0c2f64b60885f5e6331e1866a4944e9b7b2e49fe798e073316fde23927ede2c348ba0e56eda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
6137c2c472f24cc8c4192697350642a4

SHA1
2f16311487e67559548e5a44f21b4c20affebacb

SHA256
469b03395742b09c20c943838ce17c2eef91132fe7af2f3f7f232523b5519a5b

SHA512
bc774c5dd7ebc1d3c6d84b840d19f06155e1350dd6cd5f2aaa844acc8aef9ed4f16509be7a36024f3bf36b65d95c07d452653ce052894d738f4b868648bb2d39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
6137c2c472f24cc8c4192697350642a4

SHA1
2f16311487e67559548e5a44f21b4c20affebacb

SHA256
469b03395742b09c20c943838ce17c2eef91132fe7af2f3f7f232523b5519a5b

SHA512
bc774c5dd7ebc1d3c6d84b840d19f06155e1350dd6cd5f2aaa844acc8aef9ed4f16509be7a36024f3bf36b65d95c07d452653ce052894d738f4b868648bb2d39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
ed491be6d70da7465873e176ec17cd64

SHA1
adc253cd1140dfb2299f54c9a8c60cac1a51a09a

SHA256
d6d0d36f38cc8702bb31857a6f242420074f91178e0d01c82fcad61368fdd4e7

SHA512
6c5703bbcc93d55add79d867107d65e0f5de2932de9903c6da997daa577f40dec19d5d6f1e0292276f7d93581073a1d0144d36941377930d24f4827e72b63c3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
Filesize
44KB

MD5
2551d2b32874625ff928d759bb29d272

SHA1
a9248e17887b3bf19bd7808dbf581c82bc880087

SHA256
5458ba595161b665e350998bc70ce2e17943bf35fc3071b13aca30ad987318ba

SHA512
c0957f7e3ce61aa38ace9056a51a3cf8a9903948856cdc267d9122f3dd0e81060155db1755832090a3fcf14e49cf6c28d474c672a319001b6b9a95473eb9d69d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
Filesize
264KB

MD5
7305fa7d0c5feb882955557010cfe46b

SHA1
c2e1d9871a2decdb54dfa4b9330e49a4156508ac

SHA256
0e14f117528856889aa55ee3ad4253700a488f4a3bdb9c44cd8ce4fd81829d2a

SHA512
76bcc53183a71a9348c663b1370e4ae3a5d992454ee4b110633f676135d2d3ff09748e99cea27621ecfcd105d086ab67150436a0f8e5b284f9ac5cb9912e732e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2
Filesize
1.0MB

MD5
124d5739610b8cab118aedb8acfd6794

SHA1
9d4823fe8e27a588c2a66649264357cf117e0995

SHA256
3933c929f1367d217fab6c0e92d2f1e5471d46bf81aa28fb7947010cd5225e11

SHA512
6bdac0fba09e47b70898e2f37c1e56c794996b0b965bc73bf888cb09854c34ca4ad2e84bd6dee771d6a8c6186942d0f0ff895aaf3652c96bbe4d0f95129b7bbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028
Filesize
25KB

MD5
526a72eb9ddab56cca1b32a23dbfbc46

SHA1
4c1594d776fffb5278dd73ffd3e13f190669809b

SHA256
a5b7171a0baf8cd39c6fd4cd9d63313b522063b7f4d5258842e80f4024f67ac6

SHA512
03a15c9f0b650913bbce52b4837f5c3bff94c18db402798275c8c5d02cb11e18e1d43871c3b57f2c1d8f8eb39873bfceda0f170eecd54c759df7969bfea775e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029
Filesize
123KB

MD5
279902fdbb44fe2c0f3651415a219e77

SHA1
fda4d1bf7fcb58dfad2e88f054c98c7713569591

SHA256
d1176b6bcb6bb60c2351a7dadb07f5729182fde0bad9abe0ea6340ebbf31d885

SHA512
ddcc016ade05ec267c20a98d91269bdb3fa25d8387390fe4692c6883171d8c649db8d2505493ea4075ca9836829809add4cab1147ad423b4a5a090a8bd6a2a51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f
Filesize
133KB

MD5
671233719267b1139c3d46425c71b9b3

SHA1
be146b13878863012699adc66bbbf90c2ddbeb60

SHA256
470a8f7bd9f03807cadadc6e51b8f107b0628e781ef2c56b16fae4ac04e8efad

SHA512
40a2865b2f562f08c3ca22b5d193eab3ca76c6c73a3e401f18d347bf9e218070ba91fd418b38b2df1ea57cac633e3eb40588ef3770f3820074128d75b36631ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\index
Filesize
256KB

MD5
0e7fa05f77e8ee4843c82aedf3dd376e

SHA1
686e4e96e560fc02d04b4bb0703d3c99b773aaad

SHA256
212cd591e30e898706fd15798146e4b1535d027c76e1bf888037919053661a06

SHA512
0e6bcd826563455e8326653f9d0a1859403d557aa2ad6942b196b172e965556930c31c59aea5992a522ae3a80313d8086d4c6b9bda8bf6ad825d4475c22f4313

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0b710d8d95e2dc5d_0
Filesize
22KB

MD5
2da8eff238a4d4d3ad53469d332f9b99

SHA1
ba31b917a520ce7fb51691d6088fcb7807125def

SHA256
6c87d1cc19abe4fb690aced096ae316612613b29cc813d197e71c7d4b5795689

SHA512
cb882f8ddd1e92ac8579cb7f21d3a035f3810c084e33c532c3670f00f81b13b67e3707c66d51a43e92b72f444b1c9d3e36d726d6735c592cf05116168c91fe42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b09cbeb2652ba894_0
Filesize
217B

MD5
84af11609292b73a6bac9ef4fe5787c0

SHA1
9e5bdf99fdc22fcf96a2320f3b8281d6eb6aa98c

SHA256
3662e2c57279a696c88b397aa935de11398fbe654839e93d52bbc2c333e63027

SHA512
2c7681fc2a3ae397336e03c9606fe2fd70ebdac6b3e3420ff5af4e4dea0d98180a330dbc68959464977718b65ababb8e6873dc382594a42fc048b546e251fbf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ce3fb386fbe1d5ee_0
Filesize
43KB

MD5
b29d0b9519b1f4d2e161021324e3a759

SHA1
8fbd3b6ad80b9817c9f93ae7812c7a37e08069f9

SHA256
17aec0c8d4c74dcd65f8198671bb7125028f242634777cc92c7ef36f70e60bfe

SHA512
07f1558315745410caff6696249cae7f0cb8ffac813c30b6b5615dee35dcb78f09cd9128a80454830ef1c7c62b1440dad059cacafdc6f03262c610be26e0c2b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
497a9050e44119f8328f932578aaeb6f

SHA1
17f5c0e276e0bde4ed3aee1fac72c258168f8613

SHA256
7e7aacd55335c5124f2a00ea986c9f0ac66172bb8844e36f79ff84e05e9220c3

SHA512
8e015def08e678308bfd6cd06a9328c7e8079c6900ee7f511ff98f5089df355c09b2cba5caf90736a13b539bb42002402e0babe9ba2ba0bb0a3c6056210e5625

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
2a85b525fc0f8dea0f6d832b9e943bac

SHA1
6514dcdaf414fd1dae2086976ebb46a0695764fd

SHA256
3db88061c3c921864c665e1d9ea13d57d3b7debe810b530e85e332d9cd393325

SHA512
18abbf3505bc0192847faedbc4e5c118e7aaee92e815e59150acc5a69775892e5853ccd8a10b08830392ed8308e2df5d41977dbcf949606669fcd11f4c7233b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
eae9091782030fa70cf4ef7ecbc7c1d2

SHA1
aa750f02b6081aa96346b389c2a69c8e03440cd0

SHA256
b35485b9880f6bad658d92e26aecaa564ce090040c4af1149713c42ad09a53f8

SHA512
f647211605eaf421e9ff40133356312fc059f9f885569daf3c6edb67af324b6fb1b3535d65d5bac667c5a1af19b77e5d7dc1ac1d88b9d8a1821200674d51e2b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
792B

MD5
6f6ee860f69ee116d92af4b276b54c77

SHA1
48fa7ecec0e9503771b610bee4a14698c3ca7aa2

SHA256
a5d5d128dfdbadfd73ec134369b43e89878cfbb508389959699a5742317825df

SHA512
2535e6a1bffc3d9274e76d2cc93d47186859994e27f59fb1e4339880a6a139a1f1de6e4be2b119d0f904f7de1d2147647252ce1313856b075ec8a96b76780130

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
792B

MD5
6f6ee860f69ee116d92af4b276b54c77

SHA1
48fa7ecec0e9503771b610bee4a14698c3ca7aa2

SHA256
a5d5d128dfdbadfd73ec134369b43e89878cfbb508389959699a5742317825df

SHA512
2535e6a1bffc3d9274e76d2cc93d47186859994e27f59fb1e4339880a6a139a1f1de6e4be2b119d0f904f7de1d2147647252ce1313856b075ec8a96b76780130

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
48B

MD5
1c99da275ae90bbdd6e57fb30c8ee824

SHA1
9dec4d05622192b2fb0075dace670925a359babe

SHA256
440f7a41c2677ab3c71f300cdccd95936b08df025e3dd369d28d6897ddb2a6d5

SHA512
83b1d7bb0441ac17fcd00980b70c184b08562cce24828c85b3c612e8cfe1733fd9aa9a5f9a01dd47ea0466708f34864180a31d77d2b296cef3a5bdf0ad1b58a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
ad42c67b243cee83815c32b813fc79bb

SHA1
57d66a977696c6079e4add8ad06a1003ffb9190c

SHA256
406d9076527bdd597104818e6839858922e7532393c72f4120a6caff47f22955

SHA512
7ecac9c14f6332c9f39badeb26a28d0cd1443885a1a0a48b31e1cf898f784f670d1bfa4c6ed3b10de0789d2fda6f47cfeaedbe40e9e64632a972684bf1810585

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index
Filesize
48B

MD5
1c99da275ae90bbdd6e57fb30c8ee824

SHA1
9dec4d05622192b2fb0075dace670925a359babe

SHA256
440f7a41c2677ab3c71f300cdccd95936b08df025e3dd369d28d6897ddb2a6d5

SHA512
83b1d7bb0441ac17fcd00980b70c184b08562cce24828c85b3c612e8cfe1733fd9aa9a5f9a01dd47ea0466708f34864180a31d77d2b296cef3a5bdf0ad1b58a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
Filesize
20KB

MD5
72e71bb10d1f2505b388ea6a5a171d88

SHA1
4c8f72ce98dbf1d4f3f5dae06aba35d5671558c1

SHA256
6d41b954acd2a77b7ae11179c4e40e1086318f38545dc305c9cf9ebf3f463341

SHA512
d57d0b2f399c09bdf5ab9b02f54319b4d8acd6c1e017f14481dbb4c8efc814f0c71821426bf900c2d6283b8274dc61e36acaade02118d081304092c060b207b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
Filesize
279B

MD5
ad31a81540de9acb2a157e74bbf787d3

SHA1
6527a9529b038bceb72232e3e744a2e590f21e2a

SHA256
e3fb4826b3df2e95d31f9a2b63a870dd384db714657728b5d8e0c77b81b68222

SHA512
6b3b656f171cdcb40d6ab61121832b6f836aab9cbb21c851ad92cec33718410e632039192f4c8ecb561a5cef738fd51491e7867d685999d55647c50846563aef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
Filesize
20KB

MD5
bac2f41160b4368a56bd60f797cefad5

SHA1
cb7c70b99d4108f40547ebe117857eee5643ab13

SHA256
0759494df6acf0f5aec408272b947248d7b61aa27331b6a77a1c19eeb988cb25

SHA512
8b3d753e74f69197fa799e4f631d7123aa9d4088008f65727049ee9d1f7c1a4a3197051381dc7f35f2a5147608b265895784970432c0e5d2a7b00b8bf5e4e44d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_0
Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_2
Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_3
Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\index
Filesize
256KB

MD5
1c050715d78901029bd15b80c094e822

SHA1
7abf5d44ab6c4fcb23ed626654e77896c9ca6cb9

SHA256
897bdcb29051ca47c71cd334984480d7de525b7cfdfc257cf98d24cb4f72b090

SHA512
3e8cc397713f39735d2acfa00de81424484b8f8104ee6b0c0654c6f966e2e1b4bbc0a23a14b52a9e60bf394323c670101fb6dca29b33595e7d60e51424af5e4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
Filesize
124KB

MD5
045e2aa71e080e612f5b8f41717c9640

SHA1
96d4536a9349fc6e607be359750a4301f87b86c3

SHA256
9fb6a69bfe5701ab54e8a720eb2a3b2ffee4706f04c827a33f657ad430c16288

SHA512
c77f6f14a26434184ba9fd742d7d14a7609c3eac1012470188de1a347f65433ccb7f11ddd63033348305c27fc09fb2c6a17c0fd68add296738fc0e44da08d0ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
Filesize
511B

MD5
15ade4b4531f2f44a5b324595c2b60c2

SHA1
9773c3a4623f3f0472d3a1f7b260786a86ea1ea3

SHA256
349ff80d7a2f5c00bd81717dc83f417faf0bf5a2065ed484995f840a0bcaa1d5

SHA512
e773481c5df7b81148b700f095b552c93e12aba5443634538f0b0f7c2bffd28b5fe0b30efad30fcc65ed8a9efb50f59afc1fa60223f29bdfa634b64fda1b9c14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
Filesize
1KB

MD5
0722ea28c0c838935c5d8c28b8092d0e

SHA1
31f6ec08b830b10a6875df1dc4d238f15288e53c

SHA256
bc698fcda88215ca80056aeb6eac84fb6f9dacecc7a0a7ef4962894403e8cce4

SHA512
5710b82de193dc7ae0b8036ae9d1e35cfc29a4b70861dceb3b2e862f2fe3383ed8f4f538d8534622d068ce8bfbe6b07864a8c5230d39335e90fc507650fa2afa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
Filesize
331B

MD5
4b890e1d83a91a3c9c4b7d230618b78f

SHA1
31bc585ae68755f84d19ade7803f05d7b877464e

SHA256
9782217259ff7979d3d232424d921102b0cf5946dc26d751676ab9819966489d

SHA512
d25169cfdc279e4bbab74ee1e8a0139c71047aaa4c6506abd3074bf5003184064ac14ba1e1fb8ea588b7175f094679391270dcfbbe180b82f2401e75c9098472

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk
Filesize
2KB

MD5
185982185ca8b94909f356222ae62074

SHA1
183a461ea417d4b25ab7c6ba81bd35c2a8472288

SHA256
b3e21fbb897025046720117715adcc673f80ab0e61c202043bd03f4aca3d9487

SHA512
7efa970f34e8d4ce4aedb91ea3036e1cd549d1c9f48ed65eb918cc68dc4418124f8baef62ec0f7a30033f858013f1dfce86ed7d9beb9bfb5130aba86261f7845

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
10KB

MD5
1eed3446e04e2089325233542330524a

SHA1
a2898aca9b261cdfe6ea563264a0ad1a5b651965

SHA256
d560478b8e8bc6d70515e79fc3656c3010ba9fd583b7a64162e036381d5c1b8e

SHA512
a1498ed693406f32f5401f6295ce62de2b445da05aec4692268e3308f23535d0af04d5a7f972696589464bb193f4656ed62d3ad575bf6ff3310d2606b7f881e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
8KB

MD5
86f63cb524c4413db4b78a7cc7c9a7bb

SHA1
18dd3fd37537c5d7354ed72dcc12d3677c42e4dd

SHA256
b924c1941610238028e6ed13bb5f4e555113a340f5950da315ee020f2cab6cb1

SHA512
4876f96d35b3c7da25b53267f2dd23b59c0dc7d840bc9f0db4ba3e54f374959a24faed43cf6d2c130d3ef282528f3530dcab67bbb27c56433a9672d267a364d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
5KB

MD5
caf7c1bf304a3f33d81cd8ee2bdde9b6

SHA1
c55462924538e527f32f85ad97b46906b93f1904

SHA256
ad9a6521f347d5b54c68b4c2cba8d1a4affce72e198562d9ff92a2a0c1b36a22

SHA512
1e414dc0ec0f65e26a76304bc47f6d30e51a93a92aff57e611bc2a5ed4cdf5e2c50973862a7fa5eb49085dc34a9fcdb91855fbfdcbde37ef75022fa7e8b9857b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
5KB

MD5
caf7c1bf304a3f33d81cd8ee2bdde9b6

SHA1
c55462924538e527f32f85ad97b46906b93f1904

SHA256
ad9a6521f347d5b54c68b4c2cba8d1a4affce72e198562d9ff92a2a0c1b36a22

SHA512
1e414dc0ec0f65e26a76304bc47f6d30e51a93a92aff57e611bc2a5ed4cdf5e2c50973862a7fa5eb49085dc34a9fcdb91855fbfdcbde37ef75022fa7e8b9857b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
14KB

MD5
b3d74f9973821adf5c15bc25e13a0918

SHA1
dbdda3e17dc99a49f399cadbb49a7214c09cee00

SHA256
f2ddfc6e7a4c6e4211508dd2a8c63342158ff3e0b74b80b7716d194ad5d7aa53

SHA512
521202ebba499bdb3df9bb18a0c087dcba59ba649f9c5ceab34c16429df323fe9382d2dbd0a9775b1ef6e468c0f1ae027a262decb2f8b623de0094174af73140

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
11KB

MD5
84f0af5fd746a224b03e451017532322

SHA1
8f8959bc9f6e9fcfcecf1f8dfad8ddd4b47d5042

SHA256
85b0eaf5068e4843f66fc5fc3ca47d489a18e0ecf7a3b033de4c13c58cf1bd05

SHA512
2d983eb96f0391752d8f93a8d0e8796700f501890e12faccfec66c40f1ba9b3c3c34503407b6a76c163dcfef5e44e191b7fe827c2675ac8eb9290a2093941c0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
13KB

MD5
6377bb070029f9e60a90fb70f3cb9980

SHA1
b083e8b6bc7e4ffe647ec4c3377176806016c25c

SHA256
c45e34ab29790f38d8fcd72746e1c95d84878942cc75e3cb4b25690a7fe266d1

SHA512
52b7f423742aaf2ccd3aac0ef62238e4024df82985b180e54a24c07a040df49e83294abe33b820908d261ff3071b6195fdd6de905ff16f0d7a3102e061df35f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
4KB

MD5
c16de8c4331f48d5243f6b20bae568d9

SHA1
e1a1beb8a60e13bbcf94df4236cbdb42e0d27360

SHA256
a2d35214d9db64f5916b31099e7a6f8cd8b673b8e41b6d0757a28ba5c433731a

SHA512
7e49f3d42ba3820130e5dd03ab0a75302003c00573162215a4418966dc58bfd38f8a6e46ad6e030d778d088079d7f90c17a8bcf3b5f2f5b28ff99c74f99cd371

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
10KB

MD5
b6c859a32cf382db79b13a33b306b893

SHA1
1fed948652fdd991a22f18fb351baf9c9bd23fe6

SHA256
ed2923677a3b49970c087926a3485fa5f8c94e4913d85bcc8fc88276c03d1748

SHA512
063f98e4ac97c5df6f811cf0cd690510895b153d84ef7bee63322dce8231ac039b8be4d21f4c8a29b4165b079c561261448bf752bf709df17f1cb5f623eb6864

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
12KB

MD5
47a99a3a2fa44f684ec4ac4ce23df8a5

SHA1
2e898204f5a97993b6263b86e9083fa2698f118a

SHA256
9fa298be692a20d2906f44eb67d9477264de6959860ada508b387469c395c488

SHA512
605c5df8ee96d67c791fe68ce6ed8a98fc5620e326fcc22fdd8bae9ea330c8c40f71c1adf1e2a48ad45a0796e2e1b0c93b59241e111358e3f73a501bded7210d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
11KB

MD5
3f5bd85195f5bbde0b7092b1a7230ba0

SHA1
16ad9be628a5b2b3715d9056aab8ba83c1c33292

SHA256
93a95afc3d8cd2eb872210838501d3c52ec3dbc5ad9ec44bce67682977d9ea1b

SHA512
380082ae774468a0e0b829c05497c06012bd8dbfa50de6ccf10fcd0d860f80da22fb981621ec0dc0566afab14e3cfd955769c0f7cf4392c50d1d380f2be33ad2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
11KB

MD5
3f5bd85195f5bbde0b7092b1a7230ba0

SHA1
16ad9be628a5b2b3715d9056aab8ba83c1c33292

SHA256
93a95afc3d8cd2eb872210838501d3c52ec3dbc5ad9ec44bce67682977d9ea1b

SHA512
380082ae774468a0e0b829c05497c06012bd8dbfa50de6ccf10fcd0d860f80da22fb981621ec0dc0566afab14e3cfd955769c0f7cf4392c50d1d380f2be33ad2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
47e94a96372e6f095b8a3fd7edc48ec0

SHA1
377b68f34e5964ca8be1b1b0c1507dd7f0e5f005

SHA256
15c77bafd922bd085317fd544d0fa129e3b8c814e3ba0d48936366004427732e

SHA512
5bd63de2e831805b723d7ddf1343c3b721ef5b757d9ab01bf8554ef8e29ac2cc09fa104fc85d530f27d66b67280774b3ebbef6729ea3ab61ce8028ab4ba5bdad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
b3a2524f73b869b2a06334d76e2ac7a2

SHA1
71136ffd8347c13eb1a6bbe0438134bee380d063

SHA256
ffd481bda0f1b58618a624d2c11e0b3e5ccb88d55202f5a81ba794debb1c71cc

SHA512
f3dcf2365b3629944137f69e08e4618a1db59dece1e237c56a198825d784580742438987dc8e12da52d2ac1f0d3548fefe27d8e9bee91c16099fd0e5d2a9eeb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
Filesize
505B

MD5
972a6fea49126b93ab6eb89e38213406

SHA1
92a5b8ba4e1d478e5bbe4d4197a95c4094b04cbe

SHA256
ef486293bb5d293cf482b283c9a2c5dcf79573c8bb9090618c7e2a0d7d530019

SHA512
28f531e7ad7e7181050b1be7a6ba063af07f076768db335370a764ff86dabd86a961ac63392034f10443b28e53fc8c3815733577ddfc704e51991be1afec4059

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
Filesize
279B

MD5
2ee26b45dfca63b6c4c2f3272fe6a0d5

SHA1
ef0d58ac8eaab19ef43fa220fb20c102241f2680

SHA256
c76f5269e1904e4ffa5183066a4f2bdf050cd679315ae4f46cc3c7d5482430bb

SHA512
8daaef82ede9b2a6482b155b1f50fd272a51ee3bc1cea1bcfefbc80425c202eb16dbc499112e43aab00d805029e51db7d330b2f937e999d1a73b868ae876db1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13325023095804633
Filesize
21KB

MD5
8aaf77699e85c772b4a94558dc9260dc

SHA1
3ef40831be9000495532c31e50f09a6bfd052165

SHA256
5a59217c5df9f5b72aa771ae096b76f2060ec0511700288a6b0cc86434820e0a

SHA512
1f7099c90c68f7d7872902437bd2afcfc1d3d153fe9305a7813533dedfad92ddbfc2bb683da255729d13fb08326ceb3f6c0e9cb8a5500a1940193340d04d38c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
Filesize
112B

MD5
609c6bdede007acaee8d7775550e34f6

SHA1
b33c458a746d9acb8d7e480d8224e9204ab6e123

SHA256
cf6f204c00b83f3a002042920cfaf0a9237815b4a0e6dd7da00a8b0f6d60f602

SHA512
adb7f26000a2ae29baf43797c715424e10e84775d3bd9a0b5a5b010182e78242fa9062d8a563c86ca63d3e227cf8837e2c89295429cf427200a03c27f8c3f7dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
Filesize
347B

MD5
530561725da6d78db3e1a09892654440

SHA1
8b652d54ca3e8c69de039a3a8673ec6d198e8314

SHA256
a624ebc6d5731d2a2d55dad3f3c04051bff3dd186d573fa15b1085e80b2ebdd9

SHA512
f279219d97ca072509e2d09b03e28a9e88cab94a273f44cdd97af185d590fd0f5f555bd6e854452393f2f811d327b28f9b9fab2d789c203ed3d7f2f80ce5a392

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
Filesize
323B

MD5
b1964cdac11afda63ce419171fc44887

SHA1
0de137902960d5e2d050367fa5ad865176e722dc

SHA256
bb8d17a22072cba99a332e5d4ffda4d0acb274217792b0de7665e4b8ae1743f4

SHA512
59b60c8a1551753962ea1a76784f115f003f705716f137fc097fa0675952cf4abadf8a8676cb117c4cf0b39032705eebf0a6a141484b8a007a390196fb710693

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Top Sites
Filesize
20KB

MD5
f44dc73f9788d3313e3e25140002587c

SHA1
5aec4edc356bc673cba64ff31148b934a41d44c4

SHA256
2002c1e5693dd638d840bb9fb04d765482d06ba3106623ce90f6e8e42067a983

SHA512
e556e3c32c0bc142b08e5c479bf31b6101c9200896dd7fcd74fdd39b2daeac8f6dc9ba4f09f3c6715998015af7317211082d9c811e5f9e32493c9ecd888875d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
c46ad54215b7ecc0fd9cd5a2619e974d

SHA1
17338cc0f183a0526594852bc668596b76b5d6d1

SHA256
daf9da28463fa8bc1fccc4da991127933f5052b5f5f19bf8ab944377ba221f07

SHA512
4cd0de3e91e2d56f9fb14c979beaab5a7fe74d072918b4f959586d130b8d489b94410ca5b978eff783fd6fa0e130bc22e7a1c79c50ddd41537f4b640c8419aeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
85f9da5de5037efac4bf9056d2d1799e

SHA1
e0e654aa1e20ac1edf44b2ece8afc81282af78eb

SHA256
ff49f6627b331932c6e3d00e8c730d9e11f93a9e32c97c6598c1620b3af4bd8e

SHA512
77ba8e248143446108edc80266a28bd16c2fbce29d85f68143633a47568673eb7471a9cd4bd69986685695199a805f4d07d5afbda239203052c09bbf4bcd3848

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
1437ea0698c54ab8db0d3a0e63d06063

SHA1
2668ea72c8f38d9384d98ea7c72ee53d37994332

SHA256
47804bcccd65fe39f8f9ad5968cc86f22b497441a59793f6f197eb74fa8c40e5

SHA512
06e83f6963bc7c5ac3fee01f7548c0abf6f7dc57247d3e0b5fc7777397dbcedad8b2273dcec8f6d8cf933c9b77e1fd60236255c0fc3b0e78a8ac04091fe458a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
17399b11213907f2c9828e49fe7f196c

SHA1
1b1f8f0ef79a92e9b8cddb666028e75b6453bf96

SHA256
350446f5cc01ca0ab579afdc237fce4528ec28f66e72af013a2b3cbce408566b

SHA512
efbb1270adc426219a3d86eff60dbff5f0e73e4445107e9655a283d04b7b7ab74de840299abef1ccb37bf132df3ab0ff74d75f560ced572548fe138a7dac291d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
17399b11213907f2c9828e49fe7f196c

SHA1
1b1f8f0ef79a92e9b8cddb666028e75b6453bf96

SHA256
350446f5cc01ca0ab579afdc237fce4528ec28f66e72af013a2b3cbce408566b

SHA512
efbb1270adc426219a3d86eff60dbff5f0e73e4445107e9655a283d04b7b7ab74de840299abef1ccb37bf132df3ab0ff74d75f560ced572548fe138a7dac291d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5744aa.TMP
Filesize
1KB

MD5
7ca118af7cf10919417c9a6ff5d47bcd

SHA1
2d622694ebb620aa3e551284c552398d1ec0234d

SHA256
6324ec651f424facd43c9762e483848897c84718ab1d131df323d433cd02f411

SHA512
e3c63b4dc714ffc06e7322c0cc27dcbd953b6460a2dcb3ed1650c08cbcedf9575dd4ba63160307078c04bd9b78aad7efd1dd66bf6d9cdde4622e9774a989b770

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
Filesize
128KB

MD5
5c85ebb369096e258c1802d95d148dd7

SHA1
0752bbc07dc5a0a81ee0f93298b838e7111b9312

SHA256
e5d1c936a8b1e1cbc2e07723179554feebb3fde8169434917ca7b95d22e1ea85

SHA512
92f44320f6fff8790faef8906bf011cc5232b1ceaa8bb7baeec9a72effbdfc4b09d02dbc2d83ea6145a25e2a353db0ec4bdd462ddc05d3f04a914e15200ca0ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
Filesize
116KB

MD5
f70aa3fa04f0536280f872ad17973c3d

SHA1
50a7b889329a92de1b272d0ecf5fce87395d3123

SHA256
8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8

SHA512
30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
Filesize
4KB

MD5
d9f84c8cf73422f2ca07d7e7462b9534

SHA1
cff6e092bf5bf1f3f47b7074847e204042a881ae

SHA256
5bf7b14dde109f722782628bbcf3011a23cd2416e7621a62b49ee0333cdec6c2

SHA512
1ea893c62d64304c35b9086e2c7e760716ea5ce220bafb76632670fcd2f97eca5c6693ff98004a861b190060c47c9d97ac92b41e3b1da1a4e8f89d9638548c38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal
Filesize
2.5MB

MD5
a8d4f2a9e83cf917ba44b0e5f0fe77e1

SHA1
cef9c230a607e98d3c2afbfa5f4b5ddfedfc212f

SHA256
c0d4dc8bcfd18dce2e16529cd7940a55556dabce096f773615b9bc826e182469

SHA512
a472d5cbc475476e8c911615093999dee1e830004481ec93c3332ff837622e6b4762ed10c0a0d570bcb34dec5563a83ea11afd82177c77ee2321362ad85aea61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
Filesize
187B

MD5
86898103a977bc44b86aa5953f7b1ca5

SHA1
f9a51290d669773609317348d010fd0b233628bb

SHA256
d51afbb5c7c40b8ddc66a9b9d289c68791cd1bf3a58a653e1fac932ab2fa76b1

SHA512
f2eb65d7523c9cce0d8af575ce024c04d7d7e32d22e63ed0279790c1665e2479f39b9a272f4f16f232f678ed1c25778a1e8b8f9c3ebbcb0e05b7f8febf121501

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
Filesize
279B

MD5
c7221492c867c9a153452826dd0d01e9

SHA1
d5c5eee4aba255e519ad6b4ee83e0e362c6825db

SHA256
8471cda3de42ed7a43dd1e372e181cb3b1a967e1b1db2e394504b0de41cd26f8

SHA512
9aea58afca8d7c0ace3128bb4c6fe6d2715d75d8dcf807781438b148747a0e98f938ad51f990dbc10dcdc933b2e6a18ea1fa5304c846b6970a34f3008b34580a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
Filesize
560B

MD5
69d483cac94e9b2d4586f83ef0e5f541

SHA1
d50f2d63b9e3f71ea2d1dd2296ede83b0a3c39ea

SHA256
4ab9097cfbd1c66d05674c43cc181f87d3eeecedb3419ec1169cb8aeb5b7cfb9

SHA512
c9c4ea52f16923220c45ea9009b8fb53b1751656ae384136beb95c5cd6e2b7c7d57430fb9e0b9b62801e17bdf6e6acf7ae045e8f679795a95c3bb06e2d54d363

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
Filesize
297B

MD5
f1a56a022d2e8a8077d860750b23eb49

SHA1
2827e9b49c01dd975db2ed9c67e33bb83aef07a0

SHA256
c8b76b578e89e0536912130513de62da64b7e531671718e8a0e09659e5eebee1

SHA512
c87083d47ad4e82f13a373057dea76dea3162c2749d16b579ff2671a33425accad85339ce9a140f85e817f01a5c491c3e637cc1abd061944ee693f3c7ba57a9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
f98769923b9e9be1a04343f6a1f0aee3

SHA1
3d52283ee4d76d63e13b52ab31bd1877dcefc0fd

SHA256
55d44af703d885af28f73a04c1555424c9f98e04beac2ad733cd6a155fdb8525

SHA512
1e6a282717318073e4301538072f94c2822c3ef6ae81adbe1a369f1a923a86021c9835578b17dbbeafe97f401f5a0610af79aa6295bf0c27cec43a6ee6b4c43f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
9KB

MD5
b4ef74b74707a2e70917e3cd015b809c

SHA1
2afd6da5ac01791239f9de8bc7232b11f1eacd9f

SHA256
6eaa23788b389ccb2be823ac49b3c0739fe08d4c190a72d427225cd7b4002a31

SHA512
55c112877f960995b55db4d55cdfdf0f3b4f8ba31a1e37dadf37f99ee4aec739c4da4f5fa112c9e85b86362b9b101148213f11db8ec85819f7374b279cc49e98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
323136e3ac7a371901b80dabdced3f6b

SHA1
2f55ef50cb6bebeb866c4c3eb9b2a5e873b8f525

SHA256
d1a670395067e4d50b71f5a70a9dafb0d75c409bf64e2e0018fa108ffdc87c3a

SHA512
3834fb3020c9cdc3242af2ff7f3b32bbdb30303aa7419262a67233d85b49bf7cc3677da52972a0de8ccd69b38d52f36eb751fd1f47179aa65c46f441da1e4d0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
4c9687f479faa5de49442eb14b80cf38

SHA1
9fea73e6690c99f3b44330e173839892d08c3fe8

SHA256
0644997f20dda239a14a21bc73b04e49332619e8bff34d213cd2770418e5be78

SHA512
fc121881bb743f5e7407627e055e4e3163b19b5599645369a49cc100854dcf1d470744558353e22cccb3f196570dab2f60bab1235ba8becc806fb64059b48409

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
4c9687f479faa5de49442eb14b80cf38

SHA1
9fea73e6690c99f3b44330e173839892d08c3fe8

SHA256
0644997f20dda239a14a21bc73b04e49332619e8bff34d213cd2770418e5be78

SHA512
fc121881bb743f5e7407627e055e4e3163b19b5599645369a49cc100854dcf1d470744558353e22cccb3f196570dab2f60bab1235ba8becc806fb64059b48409

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
e1ff7f786bc2dec26f9bf2764a3f2433

SHA1
1f3ab3011f69fec780acbe040f09d67b21a7d955

SHA256
f7f6e176e3d32ff5deb621997797ce3fd96df22a2cee855b006fccf36139c894

SHA512
6c6e8b049ce2fe4f8fd26f3dbae2a32296349cbf6a5b8ea4911a3b00244676d912209ae75ca34d1dc8b83b9cf7eccfb53d094fbe3011d9817e9e78726d07af87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
12c198ed6328849cd80204056d5ab1bc

SHA1
15f1d382d4ff706c3a83b84206b8d7faf4736d1e

SHA256
be26197e967600d8eeee6024b452429ac6eb58adb488621a0be1135977d9b1cb

SHA512
c0a5b49cc18277d7187446bcaaf6aa6b4c60b78f7c3514432cf25c5926ba521a2af5bb9299e8b2badb48ee32fab2f9fc714e09b6c757cbc0e41ddeb7187b8e0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
Filesize
64KB

MD5
b17223e59994f60c5833030795f2bcac

SHA1
66f5f5caf68849cfe574cbef7f8278dacdafdd5f

SHA256
49fdaa4ee215c3a142144184d0e82964efb4c11c7d8ce726c5806bfca13888ca

SHA512
c7aea16c9327e9c19860c4a1487a94cb7edc8953d57aef9617a6d9accd645eb3fecf5e81f0eca6348f9dea86077d55d00546fc270bcd5d5cb9d8c864d9bf0003

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
3KB

MD5
36d1e1a855403cb16f5ec78bb220eca1

SHA1
bfb742ae7fe6b16054f31a182518441ceeb7289e

SHA256
c2c0f56fced0fc6305e757f8ad662477bf3d417a6d0841d52dc796be8b1449f8

SHA512
31817b6f924f7ff2f0276a624ff1716060049f78e916cd622ec19bacc3d5131ae42a766929897ce8f32e02d3f0e66672e951f2bec31324915ef4fbc6578ddb5e

Download Submit
\??\pipe\LOCAL\crashpad_4752_ZQBWJEUJWIUYDEST
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\LOCAL\crashpad_792_LLHJCVQIJYIZLKPE
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1176-145-0x0000000009C70000-0x0000000009C78000-memory.dmp

Filesize
32KB

Download
memory/1176-134-0x0000000004D50000-0x0000000004D60000-memory.dmp

Filesize
64KB

Download
memory/1176-135-0x00000000057F0000-0x0000000005D1C000-memory.dmp

Filesize
5.2MB

Download
memory/1176-133-0x0000000000260000-0x000000000036C000-memory.dmp

Filesize
1.0MB

Download
memory/1176-137-0x000000000A700000-0x000000000A766000-memory.dmp

Filesize
408KB

Download
memory/1176-157-0x000000000EC90000-0x000000000ED06000-memory.dmp

Filesize
472KB

Download
memory/1176-138-0x000000000A690000-0x000000000A6C8000-memory.dmp

Filesize
224KB

Download
memory/1176-139-0x000000000A6F0000-0x000000000A6FE000-memory.dmp

Filesize
56KB

Download
memory/1176-142-0x0000000004D50000-0x0000000004D60000-memory.dmp

Filesize
64KB

Download
memory/1176-143-0x00000000051C0000-0x00000000051E2000-memory.dmp

Filesize
136KB

Download
memory/1176-144-0x0000000004D50000-0x0000000004D60000-memory.dmp

Filesize
64KB

Download
memory/1176-158-0x0000000011040000-0x000000001105E000-memory.dmp

Filesize
120KB

Download
memory/3944-616-0x0000024426C00000-0x0000024426C61000-memory.dmp

Filesize
388KB

Download
memory/4668-1032-0x00000239503B0000-0x00000239503B1000-memory.dmp

Filesize
4KB

Download
memory/4668-1037-0x00000239503B0000-0x00000239503B1000-memory.dmp

Filesize
4KB

Download
memory/4668-1036-0x00000239503B0000-0x00000239503B1000-memory.dmp

Filesize
4KB

Download
memory/4668-1035-0x00000239503B0000-0x00000239503B1000-memory.dmp

Filesize
4KB

Download
memory/4668-1034-0x00000239503B0000-0x00000239503B1000-memory.dmp

Filesize
4KB

Download
memory/4668-1033-0x00000239503B0000-0x00000239503B1000-memory.dmp

Filesize
4KB

Download
memory/4668-1031-0x00000239503B0000-0x00000239503B1000-memory.dmp

Filesize
4KB

Download
memory/4668-1027-0x00000239503B0000-0x00000239503B1000-memory.dmp

Filesize
4KB

Download
memory/4668-1026-0x00000239503B0000-0x00000239503B1000-memory.dmp

Filesize
4KB

Download
memory/4668-1025-0x00000239503B0000-0x00000239503B1000-memory.dmp

Filesize
4KB

Download