hxxps://downpdfpwr[.]com/download/1636018850881182/fpjghfbaochalkfacjnhbbnmifiajejf/PDFpower[.]exe

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
05-04-2023 15:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://downpdfpwr.com/download/1636018850881182/fpjghfbaochalkfacjnhbbnmifiajejf/PDFpower.exe

Score

8^/10

bootkit discovery persistence

Malware Config

Signatures

Downloads MZ/PE file
Executes dropped EXE 1 IoCs

Processes:

PDFpower.exe

pid process

3320 PDFpower.exe
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 24 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

PDFpower.exe

description	ioc	process
File opened (read-only)	\??\B:	PDFpower.exe
File opened (read-only)	\??\K:	PDFpower.exe
File opened (read-only)	\??\O:	PDFpower.exe
File opened (read-only)	\??\P:	PDFpower.exe
File opened (read-only)	\??\S:	PDFpower.exe
File opened (read-only)	\??\X:	PDFpower.exe
File opened (read-only)	\??\Y:	PDFpower.exe
File opened (read-only)	\??\A:	PDFpower.exe
File opened (read-only)	\??\E:	PDFpower.exe
File opened (read-only)	\??\F:	PDFpower.exe
File opened (read-only)	\??\G:	PDFpower.exe
File opened (read-only)	\??\I:	PDFpower.exe
File opened (read-only)	\??\Q:	PDFpower.exe
File opened (read-only)	\??\W:	PDFpower.exe
File opened (read-only)	\??\L:	PDFpower.exe
File opened (read-only)	\??\U:	PDFpower.exe
File opened (read-only)	\??\V:	PDFpower.exe
File opened (read-only)	\??\Z:	PDFpower.exe
File opened (read-only)	\??\H:	PDFpower.exe
File opened (read-only)	\??\J:	PDFpower.exe
File opened (read-only)	\??\M:	PDFpower.exe
File opened (read-only)	\??\N:	PDFpower.exe
File opened (read-only)	\??\R:	PDFpower.exe
File opened (read-only)	\??\T:	PDFpower.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

PDFpower.exe

description ioc process

File opened for modification \??\PhysicalDrive0 PDFpower.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	PDFpower.exe

Drops file in Program Files directory 2 IoCs

Processes:

setup.exe

description	ioc	process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\682180b0-dcae-4c78-8e5d-6e4b7b720663.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230405171612.pma	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exemsedge.exemsedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

Processes:

powershell.exemsedge.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings	powershell.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

NTFS ADS 1 IoCs

Processes:

msedge.exe

description ioc process

File opened for modification C:\Users\Admin\Downloads\Unconfirmed 165126.crdownload:SmartScreen msedge.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 165126.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 33 IoCs

Processes:

powershell.exemsedge.exemsedge.exeidentity_helper.exemsedge.exePDFpower.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exeidentity_helper.exe

pid	process
1156	powershell.exe
1156	powershell.exe
4332	msedge.exe
4332	msedge.exe
2312	msedge.exe
2312	msedge.exe
4876	identity_helper.exe
4876	identity_helper.exe
2664	msedge.exe
2664	msedge.exe
3320	PDFpower.exe
3320	PDFpower.exe
5996	msedge.exe
5996	msedge.exe
5732	msedge.exe
5732	msedge.exe
5552	identity_helper.exe
5552	identity_helper.exe
3320	PDFpower.exe
5260	msedge.exe
5260	msedge.exe
5336	msedge.exe
5336	msedge.exe
5704	identity_helper.exe
5704	identity_helper.exe
3320	PDFpower.exe
3320	PDFpower.exe
5048	msedge.exe
5048	msedge.exe
4468	msedge.exe
4468	msedge.exe
6012	identity_helper.exe
6012	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 43 IoCs

Processes:

msedge.exemsedge.exemsedge.exemsedge.exe

pid	process
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
5732	msedge.exe
5732	msedge.exe
5732	msedge.exe
5732	msedge.exe
5732	msedge.exe
5732	msedge.exe
5732	msedge.exe
5732	msedge.exe
5732	msedge.exe
5336	msedge.exe
5336	msedge.exe
5336	msedge.exe
5336	msedge.exe
5336	msedge.exe
5336	msedge.exe
5336	msedge.exe
5336	msedge.exe
5336	msedge.exe
5336	msedge.exe
5336	msedge.exe
5336	msedge.exe
5336	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

powershell.exePDFpower.exe

description	pid	process
Token: SeDebugPrivilege	1156	powershell.exe
Token: SeDebugPrivilege	3320	PDFpower.exe
Token: SeShutdownPrivilege	3320	PDFpower.exe
Token: SeCreatePagefilePrivilege	3320	PDFpower.exe

Suspicious use of FindShellTrayWindow 43 IoCs

Processes:

msedge.exemsedge.exemsedge.exemsedge.exe

pid	process
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
5732	msedge.exe
5732	msedge.exe
5336	msedge.exe
5336	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe

Suspicious use of SetWindowsHookEx 31 IoCs

Processes:

PDFpower.exe

pid	process
3320	PDFpower.exe
3320	PDFpower.exe
3320	PDFpower.exe
3320	PDFpower.exe
3320	PDFpower.exe
3320	PDFpower.exe
3320	PDFpower.exe
3320	PDFpower.exe
3320	PDFpower.exe
3320	PDFpower.exe
3320	PDFpower.exe
3320	PDFpower.exe
3320	PDFpower.exe
3320	PDFpower.exe
3320	PDFpower.exe
3320	PDFpower.exe
3320	PDFpower.exe
3320	PDFpower.exe
3320	PDFpower.exe
3320	PDFpower.exe
3320	PDFpower.exe
3320	PDFpower.exe
3320	PDFpower.exe
3320	PDFpower.exe
3320	PDFpower.exe
3320	PDFpower.exe
3320	PDFpower.exe
3320	PDFpower.exe
3320	PDFpower.exe
3320	PDFpower.exe
3320	PDFpower.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2312 wrote to memory of 5084	2312	msedge.exe	msedge.exe
PID 2312 wrote to memory of 5084	2312	msedge.exe	msedge.exe
PID 2312 wrote to memory of 4200	2312	msedge.exe	msedge.exe
PID 2312 wrote to memory of 4200	2312	msedge.exe	msedge.exe
PID 2312 wrote to memory of 4200	2312	msedge.exe	msedge.exe
PID 2312 wrote to memory of 4200	2312	msedge.exe	msedge.exe
PID 2312 wrote to memory of 4200	2312	msedge.exe	msedge.exe
PID 2312 wrote to memory of 4200	2312	msedge.exe	msedge.exe
PID 2312 wrote to memory of 4200	2312	msedge.exe	msedge.exe
PID 2312 wrote to memory of 4200	2312	msedge.exe	msedge.exe
PID 2312 wrote to memory of 4200	2312	msedge.exe	msedge.exe
PID 2312 wrote to memory of 4200	2312	msedge.exe	msedge.exe
PID 2312 wrote to memory of 4200	2312	msedge.exe	msedge.exe
PID 2312 wrote to memory of 4200	2312	msedge.exe	msedge.exe
PID 2312 wrote to memory of 4200	2312	msedge.exe	msedge.exe
PID 2312 wrote to memory of 4200	2312	msedge.exe	msedge.exe
PID 2312 wrote to memory of 4200	2312	msedge.exe	msedge.exe
PID 2312 wrote to memory of 4200	2312	msedge.exe	msedge.exe
PID 2312 wrote to memory of 4200	2312	msedge.exe	msedge.exe
PID 2312 wrote to memory of 4200	2312	msedge.exe	msedge.exe
PID 2312 wrote to memory of 4200	2312	msedge.exe	msedge.exe
PID 2312 wrote to memory of 4200	2312	msedge.exe	msedge.exe
PID 2312 wrote to memory of 4200	2312	msedge.exe	msedge.exe
PID 2312 wrote to memory of 4200	2312	msedge.exe	msedge.exe
PID 2312 wrote to memory of 4200	2312	msedge.exe	msedge.exe
PID 2312 wrote to memory of 4200	2312	msedge.exe	msedge.exe
PID 2312 wrote to memory of 4200	2312	msedge.exe	msedge.exe
PID 2312 wrote to memory of 4200	2312	msedge.exe	msedge.exe
PID 2312 wrote to memory of 4200	2312	msedge.exe	msedge.exe
PID 2312 wrote to memory of 4200	2312	msedge.exe	msedge.exe
PID 2312 wrote to memory of 4200	2312	msedge.exe	msedge.exe
PID 2312 wrote to memory of 4200	2312	msedge.exe	msedge.exe
PID 2312 wrote to memory of 4200	2312	msedge.exe	msedge.exe
PID 2312 wrote to memory of 4200	2312	msedge.exe	msedge.exe
PID 2312 wrote to memory of 4200	2312	msedge.exe	msedge.exe
PID 2312 wrote to memory of 4200	2312	msedge.exe	msedge.exe
PID 2312 wrote to memory of 4200	2312	msedge.exe	msedge.exe
PID 2312 wrote to memory of 4200	2312	msedge.exe	msedge.exe
PID 2312 wrote to memory of 4200	2312	msedge.exe	msedge.exe
PID 2312 wrote to memory of 4200	2312	msedge.exe	msedge.exe
PID 2312 wrote to memory of 4200	2312	msedge.exe	msedge.exe
PID 2312 wrote to memory of 4200	2312	msedge.exe	msedge.exe
PID 2312 wrote to memory of 4332	2312	msedge.exe	msedge.exe
PID 2312 wrote to memory of 4332	2312	msedge.exe	msedge.exe
PID 2312 wrote to memory of 1316	2312	msedge.exe	msedge.exe
PID 2312 wrote to memory of 1316	2312	msedge.exe	msedge.exe
PID 2312 wrote to memory of 1316	2312	msedge.exe	msedge.exe
PID 2312 wrote to memory of 1316	2312	msedge.exe	msedge.exe
PID 2312 wrote to memory of 1316	2312	msedge.exe	msedge.exe
PID 2312 wrote to memory of 1316	2312	msedge.exe	msedge.exe
PID 2312 wrote to memory of 1316	2312	msedge.exe	msedge.exe
PID 2312 wrote to memory of 1316	2312	msedge.exe	msedge.exe
PID 2312 wrote to memory of 1316	2312	msedge.exe	msedge.exe
PID 2312 wrote to memory of 1316	2312	msedge.exe	msedge.exe
PID 2312 wrote to memory of 1316	2312	msedge.exe	msedge.exe
PID 2312 wrote to memory of 1316	2312	msedge.exe	msedge.exe
PID 2312 wrote to memory of 1316	2312	msedge.exe	msedge.exe
PID 2312 wrote to memory of 1316	2312	msedge.exe	msedge.exe
PID 2312 wrote to memory of 1316	2312	msedge.exe	msedge.exe
PID 2312 wrote to memory of 1316	2312	msedge.exe	msedge.exe
PID 2312 wrote to memory of 1316	2312	msedge.exe	msedge.exe
PID 2312 wrote to memory of 1316	2312	msedge.exe	msedge.exe
PID 2312 wrote to memory of 1316	2312	msedge.exe	msedge.exe
PID 2312 wrote to memory of 1316	2312	msedge.exe	msedge.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell start shell:Appsfolder\Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge https://downpdfpwr.com/download/1636018850881182/fpjghfbaochalkfacjnhbbnmifiajejf/PDFpower.exe
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1156

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-redirect=Windows.Launch https://downpdfpwr.com/download/1636018850881182/fpjghfbaochalkfacjnhbbnmifiajejf/PDFpower.exe
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2312

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffa2ba846f8,0x7ffa2ba84708,0x7ffa2ba84718
2⤵
PID:5084

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,13637393909994356867,16255976422265185537,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2248 /prefetch:2
2⤵
PID:4200

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,13637393909994356867,16255976422265185537,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4332

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,13637393909994356867,16255976422265185537,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
2⤵
PID:1316

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13637393909994356867,16255976422265185537,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3652 /prefetch:1
2⤵
PID:1608

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13637393909994356867,16255976422265185537,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3660 /prefetch:1
2⤵
PID:4584

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13637393909994356867,16255976422265185537,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
2⤵
PID:4312

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13637393909994356867,16255976422265185537,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
2⤵
PID:4148

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2152,13637393909994356867,16255976422265185537,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3792 /prefetch:8
2⤵
PID:4800

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13637393909994356867,16255976422265185537,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
2⤵
PID:4032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13637393909994356867,16255976422265185537,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
2⤵
PID:4072

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13637393909994356867,16255976422265185537,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
2⤵
PID:560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2152,13637393909994356867,16255976422265185537,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5928 /prefetch:8
2⤵
PID:3544

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,13637393909994356867,16255976422265185537,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3064 /prefetch:8
2⤵
PID:4208

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
2⤵
- Drops file in Program Files directory
PID:2340

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ff7e3df5460,0x7ff7e3df5470,0x7ff7e3df5480
3⤵
PID:1164

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,13637393909994356867,16255976422265185537,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3064 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4876

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2152,13637393909994356867,16255976422265185537,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4056 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2664

C:\Users\Admin\Downloads\PDFpower.exe
"C:\Users\Admin\Downloads\PDFpower.exe"
2⤵
- Executes dropped EXE
- Enumerates connected drives
- Writes to the Master Boot Record (MBR)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3320

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:
3⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:5732

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa2ba846f8,0x7ffa2ba84708,0x7ffa2ba84718
4⤵
PID:5748

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,7411349855888530834,12248260075597607151,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 /prefetch:3
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:5996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,7411349855888530834,12248260075597607151,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
4⤵
PID:5988

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,7411349855888530834,12248260075597607151,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2936 /prefetch:8
4⤵
PID:6120

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7411349855888530834,12248260075597607151,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1
4⤵
PID:5248

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7411349855888530834,12248260075597607151,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
4⤵
PID:5228

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7411349855888530834,12248260075597607151,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
4⤵
PID:4160

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7411349855888530834,12248260075597607151,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
4⤵
PID:2708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7411349855888530834,12248260075597607151,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4124 /prefetch:1
4⤵
PID:4452

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,7411349855888530834,12248260075597607151,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3776 /prefetch:8
4⤵
PID:5520

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,7411349855888530834,12248260075597607151,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3776 /prefetch:8
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:5552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7411349855888530834,12248260075597607151,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
4⤵
PID:5612

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7411349855888530834,12248260075597607151,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:1
4⤵
PID:1848

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7411349855888530834,12248260075597607151,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
4⤵
PID:4968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7411349855888530834,12248260075597607151,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
4⤵
PID:5640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:http://goto.searchpoweronline.com?c28d9b9d4a55444b0d92fbe08fa015e2=H1xAXFNHX1pbVFQNEQQwBw9cQ1pSQl9fU1lHXFlMXl9TU1QJDB0LU1pWSi4nNikoW1FCX1FCK1w6LEJcUUVcKl1XQi8gN1paUlJCSgIcDgAFBB4zCBBSXg%253D%253D
3⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:5336

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xe0,0x108,0x7ffa2ba846f8,0x7ffa2ba84708,0x7ffa2ba84718
4⤵
PID:1620

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,17565949145043365027,8265882549965314018,131072 --disable-features=msEdgeEnableNurturingFramework --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
4⤵
PID:2272

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,17565949145043365027,8265882549965314018,131072 --disable-features=msEdgeEnableNurturingFramework --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:5260

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,17565949145043365027,8265882549965314018,131072 --disable-features=msEdgeEnableNurturingFramework --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
4⤵
PID:3520

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17565949145043365027,8265882549965314018,131072 --disable-features=msEdgeEnableNurturingFramework --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
4⤵
PID:5664

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17565949145043365027,8265882549965314018,131072 --disable-features=msEdgeEnableNurturingFramework --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1
4⤵
PID:544

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2128,17565949145043365027,8265882549965314018,131072 --disable-features=msEdgeEnableNurturingFramework --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4836 /prefetch:8
4⤵
PID:4648

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,17565949145043365027,8265882549965314018,131072 --disable-features=msEdgeEnableNurturingFramework --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4892 /prefetch:8
4⤵
PID:5772

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,17565949145043365027,8265882549965314018,131072 --disable-features=msEdgeEnableNurturingFramework --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4892 /prefetch:8
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:5704

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17565949145043365027,8265882549965314018,131072 --disable-features=msEdgeEnableNurturingFramework --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
4⤵
PID:4404

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17565949145043365027,8265882549965314018,131072 --disable-features=msEdgeEnableNurturingFramework --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
4⤵
PID:6068

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17565949145043365027,8265882549965314018,131072 --disable-features=msEdgeEnableNurturingFramework --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
4⤵
PID:220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17565949145043365027,8265882549965314018,131072 --disable-features=msEdgeEnableNurturingFramework --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
4⤵
PID:4312

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17565949145043365027,8265882549965314018,131072 --disable-features=msEdgeEnableNurturingFramework --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
4⤵
PID:5156

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17565949145043365027,8265882549965314018,131072 --disable-features=msEdgeEnableNurturingFramework --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
4⤵
PID:5580

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17565949145043365027,8265882549965314018,131072 --disable-features=msEdgeEnableNurturingFramework --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
4⤵
PID:5592

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17565949145043365027,8265882549965314018,131072 --disable-features=msEdgeEnableNurturingFramework --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
4⤵
PID:2580

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17565949145043365027,8265882549965314018,131072 --disable-features=msEdgeEnableNurturingFramework --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
4⤵
PID:5976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17565949145043365027,8265882549965314018,131072 --disable-features=msEdgeEnableNurturingFramework --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
4⤵
PID:4932

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,17565949145043365027,8265882549965314018,131072 --disable-features=msEdgeEnableNurturingFramework --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3952 /prefetch:1
4⤵
PID:536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:https://www.pdfconverterpower.net/thankyou?tyid=178BFBFF000306D2QM00013D660CAC54930
3⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4468

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa2ba846f8,0x7ffa2ba84708,0x7ffa2ba84718
4⤵
PID:5608

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,9099237395121162244,12596120552042685945,131072 --disable-features=msEdgeEnableNurturingFramework --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:5048

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,9099237395121162244,12596120552042685945,131072 --disable-features=msEdgeEnableNurturingFramework --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
4⤵
PID:3544

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,9099237395121162244,12596120552042685945,131072 --disable-features=msEdgeEnableNurturingFramework --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:8
4⤵
PID:5756

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9099237395121162244,12596120552042685945,131072 --disable-features=msEdgeEnableNurturingFramework --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:1
4⤵
PID:2088

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9099237395121162244,12596120552042685945,131072 --disable-features=msEdgeEnableNurturingFramework --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:1
4⤵
PID:2808

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9099237395121162244,12596120552042685945,131072 --disable-features=msEdgeEnableNurturingFramework --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
4⤵
PID:2504

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9099237395121162244,12596120552042685945,131072 --disable-features=msEdgeEnableNurturingFramework --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
4⤵
PID:4648

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,9099237395121162244,12596120552042685945,131072 --disable-features=msEdgeEnableNurturingFramework --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5652 /prefetch:8
4⤵
PID:6060

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,9099237395121162244,12596120552042685945,131072 --disable-features=msEdgeEnableNurturingFramework --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5652 /prefetch:8
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:6012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9099237395121162244,12596120552042685945,131072 --disable-features=msEdgeEnableNurturingFramework --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
4⤵
PID:4852

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9099237395121162244,12596120552042685945,131072 --disable-features=msEdgeEnableNurturingFramework --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
4⤵
PID:2996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9099237395121162244,12596120552042685945,131072 --disable-features=msEdgeEnableNurturingFramework --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
4⤵
PID:636

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9099237395121162244,12596120552042685945,131072 --disable-features=msEdgeEnableNurturingFramework --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
4⤵
PID:5168

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9099237395121162244,12596120552042685945,131072 --disable-features=msEdgeEnableNurturingFramework --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
4⤵
PID:2168

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9099237395121162244,12596120552042685945,131072 --disable-features=msEdgeEnableNurturingFramework --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
4⤵
PID:4876

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9099237395121162244,12596120552042685945,131072 --disable-features=msEdgeEnableNurturingFramework --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
4⤵
PID:2880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13637393909994356867,16255976422265185537,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
2⤵
PID:424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13637393909994356867,16255976422265185537,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2648 /prefetch:1
2⤵
PID:4800

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13637393909994356867,16255976422265185537,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3784 /prefetch:1
2⤵
PID:4188

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2232

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5140

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5492

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5296

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
aaeb1f5e097ab38083674077b84b8ed6

SHA1
7d9191cb2277c30f1147c9d29d75fc8e6aa0a4f2

SHA256
1654b27bfaeee49bfe56e0c4c0303418f4887f3ea1933f03cafce10352321aef

SHA512
130f1b62134626959f69b13e33c42c3182e343d7f0a5b6291f7bb0c2f64b60885f5e6331e1866a4944e9b7b2e49fe798e073316fde23927ede2c348ba0e56eda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1db53baf44edd6b1bc2b7576e2f01e12

SHA1
e35739fa87978775dcb3d8df5c8d2063631fa8df

SHA256
0d73ba3eea4c552ce3ffa767e4cd5fff4e459e543756987ab5d55f1e6d963f48

SHA512
84f544858803ac14bac962d2df1dbc7ed6e1134ecf16d242d7ee7316648b56b5bc095241363837bf0bf0afd16ca7deebe7afb7d40057604acbf09821fd5a9912

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
6137c2c472f24cc8c4192697350642a4

SHA1
2f16311487e67559548e5a44f21b4c20affebacb

SHA256
469b03395742b09c20c943838ce17c2eef91132fe7af2f3f7f232523b5519a5b

SHA512
bc774c5dd7ebc1d3c6d84b840d19f06155e1350dd6cd5f2aaa844acc8aef9ed4f16509be7a36024f3bf36b65d95c07d452653ce052894d738f4b868648bb2d39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
6137c2c472f24cc8c4192697350642a4

SHA1
2f16311487e67559548e5a44f21b4c20affebacb

SHA256
469b03395742b09c20c943838ce17c2eef91132fe7af2f3f7f232523b5519a5b

SHA512
bc774c5dd7ebc1d3c6d84b840d19f06155e1350dd6cd5f2aaa844acc8aef9ed4f16509be7a36024f3bf36b65d95c07d452653ce052894d738f4b868648bb2d39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
75b2aaa35305093c6b15357f06824159

SHA1
56ab4361e2268e11e7533787da5e46c61634ae90

SHA256
642dcbd39bfb5151245dc56121697df6f3b945e1e8f8af52e29926d65d5535ee

SHA512
2e8a80a636cc3dd1d9760642937ee469bad16855be9d07d7d68503c30d0812e12cc1bb7c821ecca5c23299d99e43738e1ae5aa513e59f1ff0b18f6c5c76eed25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
223237b7a0e7ed6ce4cb45c2e1015d24

SHA1
d7edca756d3d74a44ead1e2bcb4628af3dc2dc87

SHA256
5ca0c580332968ae7dbd50113cd4d9b2f60d947f26e6b7750bba2c86a44bc3b2

SHA512
d521c727c22d2454df10b210f033773bd514368a590971f46d71854714ffcd4462cd45fe9d16787b307261797668d8cd591b6c6ad687836c2f9ee5fe1c5cfa34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4744318e5fe32cba46b383ffea79688e

SHA1
47f7e9c4d01dd12f33aeeac674fc1e718c610e60

SHA256
fd35ea80b48e2c68ca91310e4b2f18862397955704ea44c3df70519dd70fb392

SHA512
67cc0fd71f423465c1bd5f26dd6b1758b6ce1221749aabe78df0e8b7ca8c4ed0d8a6185ce1ab608389ceeb9fe8dede2d531eab27ced2246b908782c2d308695a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4c990eca-d30c-44f0-bc8b-003ceee04e8d.tmp
Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
Filesize
44KB

MD5
b67713ae84a511dbb6cc61af38939c12

SHA1
b699aa642bec307e63f3be2f0b503f6f5c928827

SHA256
6fa7e9ef435a7582038e8d98bc7a013f2a9151e18ad44949242071ad36287b2a

SHA512
3be437e9da466b2e9c1c0c6e3bb357e921b442c10cc843726d5e30e5d516d0845a544e4ca34debecb5b4c576c85417d53fb3f27f687a329921987e1f0219d903

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2
Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\index
Filesize
256KB

MD5
d34980f6f7ee8510ad403c2062e93eb3

SHA1
53a89b1f9b3c6f29d755f9a60048cc848f257607

SHA256
11e80addd279a039873779389f07dd8b42a633b598beb1cc7c28ffa987af8d12

SHA512
c1b94f00ec3fa80201c1deae3b79ad449ef37258a9dd538f7114a19de136d8a4360346f34066a353dd11a62f41a2e713d62c7b3f344dd4868ae555013f38293f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
168B

MD5
1af5f6cc7818770af9c068bb503c76b7

SHA1
882fcb36f36bd9144468bd9bba899c430bb29d53

SHA256
865321a339ab4f424ba373f0d098d8744e820e7b8977317dde6a64a7f6609cc8

SHA512
d474611740434f6fc4fd9b92872ef8c738862b43e5094afb5d8e785b50820f9d765eee37a1bb87fdff225a0802df7e3a24e08b6aadd4d9207eede6d50c3e2182

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
48B

MD5
e8d074848f859394dce0146791e43af5

SHA1
ef006d4334ad4be2030f7391bde82a332d7c1222

SHA256
252c18a3c6843b87d45486ecd48cc079cf6f3e73afc2db026dc62407e5c80b6e

SHA512
28700d00aa09c2911704755cbdc0a1a8417e0e5c787912c6f81b364b191ae73453c25bf884f464d65dc3241e6ca4f6cd5e8c1dd71d19a312db6e846653af5a62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index
Filesize
48B

MD5
e8d074848f859394dce0146791e43af5

SHA1
ef006d4334ad4be2030f7391bde82a332d7c1222

SHA256
252c18a3c6843b87d45486ecd48cc079cf6f3e73afc2db026dc62407e5c80b6e

SHA512
28700d00aa09c2911704755cbdc0a1a8417e0e5c787912c6f81b364b191ae73453c25bf884f464d65dc3241e6ca4f6cd5e8c1dd71d19a312db6e846653af5a62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
Filesize
20KB

MD5
49693267e0adbcd119f9f5e02adf3a80

SHA1
3ba3d7f89b8ad195ca82c92737e960e1f2b349df

SHA256
d76e7512e496b7c8d9fcd3010a55e2e566881dc6dacaf0343652a4915d47829f

SHA512
b4b9fcecf8d277bb0ccbb25e08f3559e3fc519d85d8761d8ad5bca983d04eb55a20d3b742b15b9b31a7c9187da40ad5c48baa7a54664cae4c40aa253165cbaa2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
Filesize
281B

MD5
8b58dec32daef600ac710fea2c4924d2

SHA1
b6b0dd266132997823aeeffb22c2e52df1fd6ebd

SHA256
76dbab330c0247fc014080c56f60544d9d198d75a242828125eaa3e613ad152b

SHA512
bf3fc3c35a313ddf8d88ed35024953f5cd77599595b30ed43a00d6ef725a94ac77a471af50c3cb7394121c2de63b155a37c31318a5454ac37850fe68eb70fce3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_0
Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
f02d822e3efda12e87e8fbccd5e43a35

SHA1
969be62e2e71fed74fe6f466cbf9eb52425ddd17

SHA256
006b98bd42941a626d43528aee144f754057f44773fb2b9bf563b6ad80d3157e

SHA512
9ee5b5a0b1bbb45c6bfe15677b3fb0c279f8811736a9c58ac8e90a94a07254df8094d20a698d4f1065b85f1f140b2f4aa448ab6d8dfb0690d3aee6c365b71458

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_2
Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_3
Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\index
Filesize
256KB

MD5
e02086e0b74a1cec6d97e05ac76791cb

SHA1
bb207b9acdfddf65b66ab6474ad16d0d162a6367

SHA256
508c5d59a68d10c4e8454f4358b321fdb4c7796c62eb041d3117ed5908e0985f

SHA512
9d385ea9df73efecea9e0fa0eeae3f8d34ed19e3ef8ec203fee1bbe9fdf7b2029aac4672b904bdebb877fcd8038b3903a73dd4319d00b2592bcba62825e9a751

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
Filesize
124KB

MD5
d836d23993fd214753d4d496800cb127

SHA1
73438aa59a7023a8f315f15a491f513bb1393b43

SHA256
c62748386b02d2162f49d426987fb883b065aea47fbb5037916b440e577f509d

SHA512
4b886d26fcd0afc83404a6c925e0862a2da180a86fbedc20b3844b1e236cff999eeb784f3e9681e752667cebd1d4d7260377b5b4963e31eba1aea59ef9a6d4ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
Filesize
334B

MD5
e385d88f25101a1af0edbaaba27a78a0

SHA1
9d03bfd1753d52cb666401a4d05675d81bfc6556

SHA256
4fdf491fbd3bf1fdb0404f10b4a4889eec86db3ca7bb9a995646542b224d8ff1

SHA512
395cf93e3b76c3a8a57005eb9574a80377c2dce22959dc868175d032a0e4f36e30648ea2bbe2f11a556882d92dddff35fde688eabee8ce9790564f4929f1f440

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk
Filesize
2KB

MD5
0d0bdd0c9094a905273dc9291b349a5a

SHA1
d1492e8aeda8aced93e316fe46f446e4a72a2beb

SHA256
3dd49aebb677ff4aa497a155b67f37d2594d18b11543ce74748d7a69de843d17

SHA512
278d69ec71121598c8440eab94347774a62d737467600fbc07fb27c73dd379e8cfcde1d2ee2d8d856d467347225f2e9c6447d7742bcdef5178625afb3e56bf30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
182B

MD5
8df4c10311f09ff15f9c17a27a65efae

SHA1
0981eaafd030a10e6d7be35332d428fc58501851

SHA256
e0b8bdd8825dbf4e2ce54c421d02dc234af99ca4a277cb9fdb08cdc6688d6116

SHA512
30d8f81e56f90c8efdbfd7f9fcaa7a2c41c1c3ab0cc779f2725735441c02d00607fd74b53c717d16134f1c075e2741f76fa6c6b78d086d9830f034dc50ffffae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
269B

MD5
d9ddb983695a5189ed1c69025116ff8b

SHA1
16384d8e9025ed5d3eab01ab85e08cffd15641cb

SHA256
7158e07e9e284a3d28e8c13f66b2655d3306f32f41a086c7e5686dfd7ba75e0b

SHA512
d89eeaf8ca4a2acfeb4f8ad880306d1a048d4608d670fe30e85f49c9f65d205cf398b1b2ffca2e2e4ace223737fdc5a29bee633f952853b3ac1a444a854209ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
253a334bcce3de1ddebef3b0367c65a8

SHA1
6254ee82c24ecbd8ac8342675660f4c3296a8a5d

SHA256
ad8d505526cdb5db48021800fddcf03632dc40a3a0b4f5c2cf06f7b44685284b

SHA512
34cf6e882428d4eea617cedfe61b6e6aa0b9ca3d170f84aa436c230a458a1f51780f87a18ad314b9b3e7a96e63914d772435031ebe09c7f3524193f49618b3e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
ff8b188a5af99d2ac5e00ad8267e07e6

SHA1
6d1b86e2fb8b7c75ff83914ed886accfbc8235f4

SHA256
227cc71e3dc678cf13558af5fd16bc802ec092c83271e6b19421c866d19da109

SHA512
205695d6345a70f48f45d6387e36af95b9a313bd9f60a73cd95e550a26164336945c7524b1b2a7a8e77bd806a5480985fbbb9430ee971dfe3db275a50e1cf954

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
4KB

MD5
2e1fb7e8cd2685466407bfd3c8310aff

SHA1
cda7d7e9de1f95ef2e5d14ba6d643b225a021709

SHA256
c697f00b36b254351045d455a59b5c6eda9f69bb8bce5e2e461f098013601e8c

SHA512
e3a2761644c2c2a9d94f9f8387ba896bf103daa368e685e75e03386aa387d72e555d8ac2665b2fbb33c40bdc096afc5b20d07d3b0326e51c94f28df506226a4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
c42bc58e55299979c2c76d571fc60bb6

SHA1
eaf8b2b91eb2a8122732a47fa9da9c4ec55c8c6f

SHA256
6c730655471f0f482a5951e204f2225e18940e33c690a4525e209ae120a09534

SHA512
5b566d1626fc7963576508ceae2ad7c7c8af1b4577b56790dbc89e2e7908f62e13c4e8890ba9c28e283181362f7ad30c41173bfb4f3a4c9485f335fd242a8d18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
3488e98ac6f665d2f89ab21540bcd476

SHA1
a844f3d9b3967da70610826a83ebbf7feeb3b193

SHA256
5562d7f816ba037cfcbd1c08f3dea075b6f9cd43dfef0a34fd11842433888a2a

SHA512
bca806b03043ee6b1948238ff78b573184172d08a53f518bb7653b2c307c3ac41a5bb18136cb6fa7a228ff403d8405e35e697225b0c639ae97747f74b4f74a64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
186b8fdf48e721323ba88073549e8151

SHA1
5d9008087ec968f070b4c9f61fb083e5fb5389f5

SHA256
37e4b2f8c34cdc64ddfc6d0f519749804a1f4543f50faca81997751d9eb63d20

SHA512
c9a6cb97dba36925c0d6606e4999fbb600d602a3654597b96bc7a96079322d9c42fbb7ea64e776e445244c8ef799a4b19d89414cc43d6b066186939b32013954

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
d5c66802f27febbc8849be9f7e92216c

SHA1
efa8d945db8cb23f492bbe3eee53efb2e426bb7a

SHA256
e97e2d7c41bc587092ad727b1e6c0c3f9cf3aec53e92c254871b48e92833be4a

SHA512
547ee521aa84a64b77d19ba01421aeec829e98c4403167056caa80f9b2d4c6e1367e64dcfd16ab35eb921cf621308acf0f49dd0fbc25307ceea914e3c2b93d1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
08d2474cc742057c256592c28aebdc62

SHA1
373ecc50bfed6fb6978f4504da8caa287aaec79b

SHA256
e6fca60a376a6de5af614e0e4c462830bd890684c312be681d690cecbb8f4535

SHA512
82f08d55128756c6da67197314d3d886e8f4cc5e0faf126031391c3e29f1c5a426855c547351819f171dd2950a264db7f6b8a6cbd2c1e12ed11630a621abf7af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
a1524886ddac8894e47c91336a6fb7ca

SHA1
16d6beef86aa5a8f9e930208df6db0f6826cd731

SHA256
57634e6061bca210427deb7f1647be818b2287f5a90ff3603b85bcbe174e338e

SHA512
802af4997fc1e30ff7311ebc1b4612ee7b7c703aff0de6090fb34081fd6c9b88b418259089c3bea02ca9e0da39a446a60201cadc3d4ce3328d0b5c43787fc699

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
5af433dd819d38b23396ae6e7d770446

SHA1
edc2b28ea8da085a4be8c9ebeed80a849f225dc8

SHA256
a69e8b946af5ab68fb58b9b826327fd8ec2760d389a1930faf9a0b3c6590b382

SHA512
2f71b2fb8372a1978ddfce2891b75c8cbdbe52333fbcb4d89e386479fee76e953733cb04764580832fc6e308bab9fc87a7456b8be30571d5ab5759d9376bf74b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
10KB

MD5
56a6c63d30679efb26f15ea88ab5d686

SHA1
de7ce3dcff3e855388641ee2e5ea61d7fe5962e1

SHA256
b2806aa1a994ba86812fc277aff259539c41a05af8d42f2ee5ac267ede72ef89

SHA512
1f1837c484e8a0aa3447ab9fb75fa0f946b99fa813d4a357ba2da6178f8dc4ef0f7dd88e5640a9a3cd73c7a6d6460cc2cd3ec3059e9188f0889c29dc370ca50f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
6728821bef11d533c80fcfbb5e1b8d09

SHA1
f3fde336977ce2167e341a222ff8465f6719ca26

SHA256
22e8b5f9b0e3e9282f09334d27f4374527d9d0e538908c54d8c64a66088db674

SHA512
33ebf0a1c854bd89b38ae4d51b3fdf10bcb90e0e2c15c5f72622a034f7d9c2583c7bc501c5afbd248d0a261a7e54ec159f2e9fd91b6d9a6f686d789c13b31cb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
6728821bef11d533c80fcfbb5e1b8d09

SHA1
f3fde336977ce2167e341a222ff8465f6719ca26

SHA256
22e8b5f9b0e3e9282f09334d27f4374527d9d0e538908c54d8c64a66088db674

SHA512
33ebf0a1c854bd89b38ae4d51b3fdf10bcb90e0e2c15c5f72622a034f7d9c2583c7bc501c5afbd248d0a261a7e54ec159f2e9fd91b6d9a6f686d789c13b31cb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
88ddee04a98da2ca32514aa872af7511

SHA1
86b0d3f4bb62d5bfe4c56d89fa36b81ffba9bc68

SHA256
e98af7d20fc51f0bcef58622794bd4811bbd1b80bc838bc112703da17ff57c72

SHA512
d5b0957a98f16b9f3115cdb00359eaae616eda68e69f173c63ce7e3c3011eaad44890d519e99cba7f98ffdbaea714ad0867e202c9e2130552f315d5f81ac9347

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
4d2d7018d522a304c6d161ef44b6f4b5

SHA1
568c7d6e9397ceff9115b5358939062bf367ab26

SHA256
fb3fd2975bbdfccb434f4af8ec845f14f6bba6b3ce9b66f6d3a11a84bce4abfe

SHA512
c92599f8a4fccde453da9646e8a294281e9cd902b50ad08f8ee7b417903ad3da6ccf423ef8534ed17263708d42f167488b21d8aee63c8caa4ae9eb74de1c252b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
47e94a96372e6f095b8a3fd7edc48ec0

SHA1
377b68f34e5964ca8be1b1b0c1507dd7f0e5f005

SHA256
15c77bafd922bd085317fd544d0fa129e3b8c814e3ba0d48936366004427732e

SHA512
5bd63de2e831805b723d7ddf1343c3b721ef5b757d9ab01bf8554ef8e29ac2cc09fa104fc85d530f27d66b67280774b3ebbef6729ea3ab61ce8028ab4ba5bdad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
b3a2524f73b869b2a06334d76e2ac7a2

SHA1
71136ffd8347c13eb1a6bbe0438134bee380d063

SHA256
ffd481bda0f1b58618a624d2c11e0b3e5ccb88d55202f5a81ba794debb1c71cc

SHA512
f3dcf2365b3629944137f69e08e4618a1db59dece1e237c56a198825d784580742438987dc8e12da52d2ac1f0d3548fefe27d8e9bee91c16099fd0e5d2a9eeb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
25KB

MD5
9ac5520b1f91d4f01469a684f73c6142

SHA1
d0841f533b571a8a1476ef09b46d74431c0ad793

SHA256
835db844de04ef68556f2ab66f6eb75da839bf1d9b7ce24e76d92efa996d3c8e

SHA512
005ef111fbddae03e967238b0e534b51d9d09a5f2fe7bec963e887e1e0e3ee41427079e18afb8cb2e401d7ba606c2e26450f2c87bd50b5ab4bb281ca6e10627c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
Filesize
308B

MD5
4e7982b86b3d7d916b7722aa3b3f0669

SHA1
ce4e874903cb71d9012cc7654ca7a6ba5e4f7efd

SHA256
cbee1100a2c9add47776b7e416b58a809f6feb9fe458bef8185b0c176b5db340

SHA512
c4dda8b36e90a327061dab901730f47fc23cca129b02a157f1ed0c566a1d6dddf272a4e74d3acbf14eb3a7fac0820387a584db9e19ca299724ed7f3030f891bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
Filesize
281B

MD5
e15eac5c391cec81de7370877a935d90

SHA1
6b56eedf6ad53b63fcb2132435e13c6aebc84262

SHA256
618b428dd2c5c8ffe976affd1279a975db33b72d6bebdbd147107145b5c39304

SHA512
afdf56fef7ee82c69d03e4dc8c3ead1e9cbc36b3905366202b8edb7793116ac5c4c3e1a558180d2cb956953975b9b876c4701f7229ac64c5a5a925b2a978f2b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
Filesize
347B

MD5
0e4bf81559e3e15bfbcf968d4bb57b1f

SHA1
aa1cf6abc99af1cd357137574c10d6623724755e

SHA256
7589ef12a3a662e0403a598d13d146c1ae434c37466a840ff8e9cce59e1aca0d

SHA512
23c8bb14f842b07bacfc2080f6c7263b24bff2faeebce69df89fdbe632d3f6164292a16c6ce1b04ba546f069f3deb32be614d1cb39483c223c8e3c0ca93df216

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
Filesize
326B

MD5
aaa877f004b3fd58930860b4b9d9ffea

SHA1
40a073c51d4dcb43fd7c7e7bd3e8a3978a4cda99

SHA256
6aefe495c147ed6c11eabf4ab0cfe79e340c2c36f898d05dfb79966e491d9e97

SHA512
4733056a132f57400a649ba1b17d92c1960a182dce5b7093819e518b2a59819589d5c8feda263b87ae5330545261076f445c102facc2066fd6cbbb4c72aac544

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Top Sites
Filesize
20KB

MD5
f44dc73f9788d3313e3e25140002587c

SHA1
5aec4edc356bc673cba64ff31148b934a41d44c4

SHA256
2002c1e5693dd638d840bb9fb04d765482d06ba3106623ce90f6e8e42067a983

SHA512
e556e3c32c0bc142b08e5c479bf31b6101c9200896dd7fcd74fdd39b2daeac8f6dc9ba4f09f3c6715998015af7317211082d9c811e5f9e32493c9ecd888875d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
Filesize
128KB

MD5
5d59f9fab6bdf8d1e547f6e7e48934fb

SHA1
744f134988d7575727f6a09267720252d6758b9e

SHA256
47590bd8ff567741e3af5953609dd9d03c7d72e494fcfc40f71bd5cab11155c0

SHA512
429d6af04ac20fad99ef9e8faa72f636f95c7b52066adff5b05ffcd781400b6acbe31028f10620fb669ecf1c59b0c6f2d92fb34fee2b109a7b609fa774fbfd40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
Filesize
116KB

MD5
f70aa3fa04f0536280f872ad17973c3d

SHA1
50a7b889329a92de1b272d0ecf5fce87395d3123

SHA256
8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8

SHA512
30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
589c49f8a8e18ec6998a7a30b4958ebc

SHA1
cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e

SHA256
26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8

SHA512
e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
Filesize
44KB

MD5
ae6466003eb8d9ef333eaa8e29179a4d

SHA1
10eb023e2d94fb6cb0a9130cfbf7c99793d13e96

SHA256
a2500bb4b9091110312d0ec429097029d8b61c293d93f57918bf4ca6f56ddacf

SHA512
37432b5d43bd6bfc1e4d845ee5d52e85a497ec89eab71239323ad7d48f0861f5bc1ac1fa42d0ee4b664c42ba70dd5457a0bdf0adc901d5572823dd2b36cf8a8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
Filesize
3KB

MD5
392b98af7787995e75511dc00bf40b96

SHA1
0d02d60aee571e095d260a8da57840499381f851

SHA256
0ab59ad3bc8626796ef121a8ce96ed2560e13c6c3ed5cc3f526233e32163437a

SHA512
b990dfeadf6b784ad104b741645842df586843d4463b0c39ab7c50636d495a4112272426a92180ccfe3c4cca27b2f6fcfed5e6090596f58b140025fcc3efd3db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
Filesize
281B

MD5
202995988cd73554272bbdea1197c96e

SHA1
1592a0bdd8fabd67de516b36afcc504de70fe37d

SHA256
8e8bec85d7c2b8cc24c9c5856c330280bd1a7d4b3f45c051edd5987d894652d0

SHA512
bc66ae35b739b4d9afdd8796f21d07d3c742b2089514426df0d20a907ac5c09a729beb0877f86c439ebc656974801ede0fc9e5c8ed86b1ede105584f815ac50e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
Filesize
531B

MD5
ab863439c9f8478dc396057d885ed26a

SHA1
233de80912615fe2b317c6c52dc3191ec3fdac81

SHA256
e2b716ab6087cf49da5c527eedb651d5091cdb5bee86c346e66f49af8a171531

SHA512
10b7154fdb9d75103e73e72be18d00b8a9127a2e7d9d67460711ecb5e812632dca95bab205080e8b2e17860d8480b1f269b96192d9410060c1264234cf2e1c32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
Filesize
299B

MD5
9fab3168b388ccbc65959edc7ac78c09

SHA1
19a8e3edaf6175a4e520ac7420bfecc4071fb776

SHA256
7b749fb52e70cbe49e5033d7af59909b62db3b0fa489b387d3a97d8a53252aa1

SHA512
b5aa31f905b75f4197dfdd3f7196b109ad44ad8b8a63ef1993f2696e4dc44a9d8f7ee86eda15045065fd60af162929801dd01e4ea5b6d86ce0f5ea98b7079ec9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
Filesize
264KB

MD5
aefaaaf26e0b65ce917270716553a582

SHA1
56aaec99109f8da4ce17d89ca2c9be3937aa1aa6

SHA256
be90ef58c5331f26156b8d75facdbd3581731b564f8c8204fd61a199c47ae85f

SHA512
663e98a3d267ac0a03e8fa7007dea549ea235f38024c36c2e3c06c6542672ba23e05363f8c63dcf09c26adbf11515402196cf74252a4ab89ff059ad7f1a3a4d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
Filesize
264KB

MD5
aefaaaf26e0b65ce917270716553a582

SHA1
56aaec99109f8da4ce17d89ca2c9be3937aa1aa6

SHA256
be90ef58c5331f26156b8d75facdbd3581731b564f8c8204fd61a199c47ae85f

SHA512
663e98a3d267ac0a03e8fa7007dea549ea235f38024c36c2e3c06c6542672ba23e05363f8c63dcf09c26adbf11515402196cf74252a4ab89ff059ad7f1a3a4d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
9KB

MD5
a82b8e2f63042f866f89f7defb7b7653

SHA1
4cff748c5ab3b35d90684a78ffce085864e38d57

SHA256
63e697b57a1b5656ae92b3f9a35218869dbdb40952afc8de7f826974dd8e3a9b

SHA512
e7f31d50e526bc8ce0a0e6d6e811e320ae2e2069bb8c8e05d5a8d71163760e26801e3a2ec8c0a2f25a6821e729bece68e3b698101bebabc54be9f963f4a5a49b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
d762d8073fb1ce0eefd958e03dd12596

SHA1
866ba7bac65c1c23466bbdccb0ed126b7a1c0a06

SHA256
5b2faf05e31c7f91754299cd600c2acfcee60404ac8c35cabec1bdd7dad01545

SHA512
ac3436a653aeb5f0ffb96885724d62651ead75ba49635708b026d737907a9bc6dd1f1806bd7120d7d39392e5e9eb294869c7c200fe3544e83f710d8b83e86896

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
8dc98f0035b565ef170badb6ba286313

SHA1
8f60637b159a6af02ad9dc23045fe22f5bbc867a

SHA256
8d8396c1639d173452336db0f1c78387eb221b3b0a7531a38f1faf67c1b69a80

SHA512
a466297b4061f1f3a526c7ab70f12f3ef6b1a6d778235e1fc8f9042af74b10f351a476323ec2ba8232a31cde20b585248724d8afb0b252e53fa766a006892ab9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
089fbb2cc3ea63c368a354358ff85f2d

SHA1
80af68ec0e9873253d694c3e3dcc53824ad42e59

SHA256
d73c34d726e6b6f0902184837e311e8d24ebd4dc2ff5ffcbc67789eba7483d59

SHA512
2a292d7522ff0767b7cc51f9deaf1fa8580c01a9404fe913c5eb88b66ecc73fa39cfea0ea6272d61e9d68c775a21dc5ef4b929fd71c267553157b2c67eaf0138

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
a33adc493316f8c7fb10bb70c617f0d2

SHA1
7721e285186b817f73f0dbc48c5a7e895981a2d9

SHA256
443bede1e84210234da8ba254088dc1ca099967b271fe531af565a140a38ec31

SHA512
f817b2666856d2c7661f571b16e9995db984135efa569e81ac75018e41e3f288b59835f7c2448f3d5e9924ccbd85b7bddc2716b32b4dbf49b870b4d4230e3674

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
3d0c5ab9aede71d28de0ca8c32f53691

SHA1
e903213ed2899fc8cf46bd89d87cd4065ff22ac5

SHA256
abbdc527bb3b8f61149fadebab8100e700314a0f5661d8d38732b70374e02e2f

SHA512
d6f9a9fba311518360f7d64219a333bae87adac904b9caf22ca76329a7794f46cea977edfa572e11e595f4ddca8c30de7064f2aedeecde97ff323c366b77870e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
c628d19c69890da03f709df6a25a64f5

SHA1
c74f0faa8f9b114b8dda35bbfdaa0932e8780871

SHA256
5fe6c2c59780a21eab88cde3efbaa84eee98ed4dabfd101a89a1b3f61057e757

SHA512
451df9bbf153282e1856c8470ca65eef254e1f8d4ec0d2d5e10af9595d14a67f6bbadeffc7c36549fc51ed9daf936f5ddfa6d8368e06ce690ad282deff4000d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
Filesize
264KB

MD5
69d156d4b38750692afbd089749b15d9

SHA1
68ac2f668ba9eae0b0c8137b2f92096470c7b77f

SHA256
7367a2dc6ea0cbe689d639ac3570b04dd43a8c64d080d4ce3352615549aad7ba

SHA512
eaba813cdc732d186c3e81040b868198eba60b31bf5429171834bc89a6cce75762c10500710dc1a368e07fd2ff45b97ba8896f5e50d237df2910db4c3fe24ae0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
Filesize
256KB

MD5
9d042efd5a8182aefcbdc07082fa916f

SHA1
70dc3ec7fe912fc511b74ef41690c50ce3a56df5

SHA256
36e81bfe75bc6c91bee9a69d257bb97e6a1e6a0b9b6a6dc5ddb0c49d6f369614

SHA512
3e37692f24b8e86bbc0e77eaa95e073708c0cb35b2e59b8e1d9e232756951f32ca8b11de2e8d7b8915f50d4070504f639fd36f93ac7645c01ff971e11ae029aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_drdmtano.4rh.ps1
Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
3KB

MD5
35a8ae588ea79e14fa3dd205fab434aa

SHA1
0b74383e5b0449d77bfd64e7dc3fd20f113f5d87

SHA256
edd9affd1112ae298250bab19630907afb5c78ddd2f5250ae92e4f5da7594bbd

SHA512
4ecbc5cd047672380e205785ac2c9d6729bcc05fa56cc6b7222c8cabfff0f0d9f5fd20fb074af6c6c3cc32b3b9b8aba89fd5e4f2d420504275a3181c16adb09d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
3KB

MD5
3ab07f46747e145e98a6946420815927

SHA1
973f6fc1272b265c5ce5dfb467dcb83a64a45315

SHA256
5e2e991112f4fad53d206dce0882f8a54de4f7a72857b1b2363e8511ee78cf8e

SHA512
f6e41561ac3bf9cd63fcf65d52fa3b56bd12cade0b5652a248cc1abe2e38d8a84ad1488d3e3afd9964e8c2b5661fd1722f1236cc6d06e576998c797bd42b61d9

Download Submit
C:\Users\Admin\Downloads\PDFpower.exe
Filesize
1.0MB

MD5
1e2a99ae43d6365148d412b5dfee0e1c

SHA1
33c02d70abb2f1f12a79cfd780d875a94e7fe877

SHA256
e248b01e3ccde76b4d8e8077d4fcb4d0b70e5200bf4e738b45a0bd28fbc2cae6

SHA512
d962f2e4bbeee0183a3b75f26ccc6de273c28fe5a191c83c1e4ea6c84c8f70b535273452e05c5e11e4df725cad3054e346ad0b3d98348718a00a350b87a5fa0c

Download Submit
C:\Users\Admin\Downloads\PDFpower.exe
Filesize
1.0MB

MD5
1e2a99ae43d6365148d412b5dfee0e1c

SHA1
33c02d70abb2f1f12a79cfd780d875a94e7fe877

SHA256
e248b01e3ccde76b4d8e8077d4fcb4d0b70e5200bf4e738b45a0bd28fbc2cae6

SHA512
d962f2e4bbeee0183a3b75f26ccc6de273c28fe5a191c83c1e4ea6c84c8f70b535273452e05c5e11e4df725cad3054e346ad0b3d98348718a00a350b87a5fa0c

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 165126.crdownload
Filesize
1.0MB

MD5
1e2a99ae43d6365148d412b5dfee0e1c

SHA1
33c02d70abb2f1f12a79cfd780d875a94e7fe877

SHA256
e248b01e3ccde76b4d8e8077d4fcb4d0b70e5200bf4e738b45a0bd28fbc2cae6

SHA512
d962f2e4bbeee0183a3b75f26ccc6de273c28fe5a191c83c1e4ea6c84c8f70b535273452e05c5e11e4df725cad3054e346ad0b3d98348718a00a350b87a5fa0c

Download Submit
\??\pipe\LOCAL\crashpad_2312_VZORUBQXSIQYWVJD
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\LOCAL\crashpad_5732_FZIHLYILACCOUSSR
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1156-145-0x00000246E75D0000-0x00000246E75E0000-memory.dmp

Filesize
64KB

Download
memory/1156-143-0x00000246E75D0000-0x00000246E75E0000-memory.dmp

Filesize
64KB

Download
memory/1156-144-0x00000246E75D0000-0x00000246E75E0000-memory.dmp

Filesize
64KB

Download
memory/1156-138-0x00000246E8290000-0x00000246E82B2000-memory.dmp

Filesize
136KB

Download
memory/3320-372-0x0000000003040000-0x0000000003050000-memory.dmp

Filesize
64KB

Download
memory/3320-366-0x0000000003040000-0x0000000003050000-memory.dmp

Filesize
64KB

Download
memory/3320-354-0x000000000AB00000-0x000000000AB66000-memory.dmp

Filesize
408KB

Download
memory/3320-351-0x0000000003040000-0x0000000003050000-memory.dmp

Filesize
64KB

Download
memory/3320-806-0x0000000003040000-0x0000000003050000-memory.dmp

Filesize
64KB

Download
memory/3320-341-0x0000000000D70000-0x0000000000E7C000-memory.dmp

Filesize
1.0MB

Download
memory/3320-364-0x000000000BC90000-0x000000000BCC8000-memory.dmp

Filesize
224KB

Download
memory/3320-838-0x0000000003040000-0x0000000003050000-memory.dmp

Filesize
64KB

Download
memory/3320-365-0x000000000BC70000-0x000000000BC7E000-memory.dmp

Filesize
56KB

Download
memory/3320-352-0x0000000006300000-0x000000000682C000-memory.dmp

Filesize
5.2MB

Download
memory/3320-367-0x0000000003040000-0x0000000003050000-memory.dmp

Filesize
64KB

Download
memory/3320-370-0x0000000005CD0000-0x0000000005CF2000-memory.dmp

Filesize
136KB

Download
memory/3320-371-0x0000000003040000-0x0000000003050000-memory.dmp

Filesize
64KB

Download
memory/3320-550-0x0000000013150000-0x00000000131E2000-memory.dmp

Filesize
584KB

Download
memory/3320-972-0x000000000E0D0000-0x000000000E146000-memory.dmp

Filesize
472KB

Download
memory/3320-985-0x00000000068F0000-0x000000000690E000-memory.dmp

Filesize
120KB

Download
memory/3320-373-0x000000000A680000-0x000000000A688000-memory.dmp

Filesize
32KB

Download
memory/3320-612-0x000000000DF00000-0x000000000DF0A000-memory.dmp

Filesize
40KB

Download
memory/3320-549-0x0000000013560000-0x0000000013B04000-memory.dmp

Filesize
5.6MB

Download