cf32d44e254bed7d09dcd3e241ea08afda06faf6cf510c6edeb4e0becda05727

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
25/04/2023, 13:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

CommercialQuotation-ZCQT202306099.pdf
Size

105KB
MD5

a78760c31efc5dd7f945318658323e98
SHA1

33a7a95c5e29f55bf2ce5d83a1e6d67d85e14c68
SHA256

cf32d44e254bed7d09dcd3e241ea08afda06faf6cf510c6edeb4e0becda05727
SHA512

65f3f7a29814c4a218a3c8013280c60ec84d6daab88d018f1ef7c2c7d93af9bbeb745fce63979b6c82b9432653a25e837c59ef24367f58052091cf84a4dbcbb5
SSDEEP

3072:7CWrSet18JSarNm5qW24a1Z865i65DELz:uWrSPWqW24i55oP

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\8aab174d-221d-45ec-8f27-a293f6e2b82a.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230425133054.pma	setup.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings	AcroRd32.exe

Suspicious behavior: EnumeratesProcesses 32 IoCs

pid	Process
368	AcroRd32.exe
368	AcroRd32.exe
368	AcroRd32.exe
368	AcroRd32.exe
368	AcroRd32.exe
368	AcroRd32.exe
368	AcroRd32.exe
368	AcroRd32.exe
368	AcroRd32.exe
368	AcroRd32.exe
368	AcroRd32.exe
368	AcroRd32.exe
368	AcroRd32.exe
368	AcroRd32.exe
368	AcroRd32.exe
368	AcroRd32.exe
368	AcroRd32.exe
368	AcroRd32.exe
368	AcroRd32.exe
368	AcroRd32.exe
2180	msedge.exe
2180	msedge.exe
396	msedge.exe
396	msedge.exe
4972	identity_helper.exe
4972	identity_helper.exe
960	msedge.exe
960	msedge.exe
5280	msedge.exe
5280	msedge.exe
1212	identity_helper.exe
1212	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
5280	msedge.exe
5280	msedge.exe
5280	msedge.exe

Suspicious use of FindShellTrayWindow 6 IoCs

pid	Process
368	AcroRd32.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
5280	msedge.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
368	AcroRd32.exe
368	AcroRd32.exe
368	AcroRd32.exe
368	AcroRd32.exe
368	AcroRd32.exe
368	AcroRd32.exe
2260	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 368 wrote to memory of 324	368	AcroRd32.exe	88
PID 368 wrote to memory of 324	368	AcroRd32.exe	88
PID 368 wrote to memory of 324	368	AcroRd32.exe	88
PID 324 wrote to memory of 824	324	RdrCEF.exe	89
PID 324 wrote to memory of 824	324	RdrCEF.exe	89
PID 324 wrote to memory of 824	324	RdrCEF.exe	89
PID 324 wrote to memory of 824	324	RdrCEF.exe	89
PID 324 wrote to memory of 824	324	RdrCEF.exe	89
PID 324 wrote to memory of 824	324	RdrCEF.exe	89
PID 324 wrote to memory of 824	324	RdrCEF.exe	89
PID 324 wrote to memory of 824	324	RdrCEF.exe	89
PID 324 wrote to memory of 824	324	RdrCEF.exe	89
PID 324 wrote to memory of 824	324	RdrCEF.exe	89
PID 324 wrote to memory of 824	324	RdrCEF.exe	89
PID 324 wrote to memory of 824	324	RdrCEF.exe	89
PID 324 wrote to memory of 824	324	RdrCEF.exe	89
PID 324 wrote to memory of 824	324	RdrCEF.exe	89
PID 324 wrote to memory of 824	324	RdrCEF.exe	89
PID 324 wrote to memory of 824	324	RdrCEF.exe	89
PID 324 wrote to memory of 824	324	RdrCEF.exe	89
PID 324 wrote to memory of 824	324	RdrCEF.exe	89
PID 324 wrote to memory of 824	324	RdrCEF.exe	89
PID 324 wrote to memory of 824	324	RdrCEF.exe	89
PID 324 wrote to memory of 824	324	RdrCEF.exe	89
PID 324 wrote to memory of 824	324	RdrCEF.exe	89
PID 324 wrote to memory of 824	324	RdrCEF.exe	89
PID 324 wrote to memory of 824	324	RdrCEF.exe	89
PID 324 wrote to memory of 824	324	RdrCEF.exe	89
PID 324 wrote to memory of 824	324	RdrCEF.exe	89
PID 324 wrote to memory of 824	324	RdrCEF.exe	89
PID 324 wrote to memory of 824	324	RdrCEF.exe	89
PID 324 wrote to memory of 824	324	RdrCEF.exe	89
PID 324 wrote to memory of 824	324	RdrCEF.exe	89
PID 324 wrote to memory of 824	324	RdrCEF.exe	89
PID 324 wrote to memory of 824	324	RdrCEF.exe	89
PID 324 wrote to memory of 824	324	RdrCEF.exe	89
PID 324 wrote to memory of 824	324	RdrCEF.exe	89
PID 324 wrote to memory of 824	324	RdrCEF.exe	89
PID 324 wrote to memory of 824	324	RdrCEF.exe	89
PID 324 wrote to memory of 824	324	RdrCEF.exe	89
PID 324 wrote to memory of 824	324	RdrCEF.exe	89
PID 324 wrote to memory of 824	324	RdrCEF.exe	89
PID 324 wrote to memory of 824	324	RdrCEF.exe	89
PID 324 wrote to memory of 824	324	RdrCEF.exe	89
PID 324 wrote to memory of 824	324	RdrCEF.exe	89
PID 324 wrote to memory of 824	324	RdrCEF.exe	89
PID 324 wrote to memory of 4444	324	RdrCEF.exe	91
PID 324 wrote to memory of 4444	324	RdrCEF.exe	91
PID 324 wrote to memory of 4444	324	RdrCEF.exe	91
PID 324 wrote to memory of 4444	324	RdrCEF.exe	91
PID 324 wrote to memory of 4444	324	RdrCEF.exe	91
PID 324 wrote to memory of 4444	324	RdrCEF.exe	91
PID 324 wrote to memory of 4444	324	RdrCEF.exe	91
PID 324 wrote to memory of 4444	324	RdrCEF.exe	91
PID 324 wrote to memory of 4444	324	RdrCEF.exe	91
PID 324 wrote to memory of 4444	324	RdrCEF.exe	91
PID 324 wrote to memory of 4444	324	RdrCEF.exe	91
PID 324 wrote to memory of 4444	324	RdrCEF.exe	91
PID 324 wrote to memory of 4444	324	RdrCEF.exe	91
PID 324 wrote to memory of 4444	324	RdrCEF.exe	91
PID 324 wrote to memory of 4444	324	RdrCEF.exe	91
PID 324 wrote to memory of 4444	324	RdrCEF.exe	91
PID 324 wrote to memory of 4444	324	RdrCEF.exe	91
PID 324 wrote to memory of 4444	324	RdrCEF.exe	91

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\CommercialQuotation-ZCQT202306099.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:368
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:324
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=F354195718FCB586A7FBA849666D0B28 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=F354195718FCB586A7FBA849666D0B28 --renderer-client-id=2 --mojo-platform-channel-handle=1720 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:824
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=6B2F675DAF82FD869B3C907DD9731FB8 --mojo-platform-channel-handle=1728 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4444
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=29D9CF98E13C94B8E1ADAAA4125B5563 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=29D9CF98E13C94B8E1ADAAA4125B5563 --renderer-client-id=4 --mojo-platform-channel-handle=2140 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:1276
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=E11BA4D21A1B03026D0188FD42D02246 --mojo-platform-channel-handle=2524 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:820
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=AEC9640D9964F6D47927D7981AC56D72 --mojo-platform-channel-handle=2680 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2016
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=250F74F8BDB5AEDD15651CCD83FE4C31 --mojo-platform-channel-handle=2588 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.zarawa.net/
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  PID:396
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ff8643046f8,0x7ff864304708,0x7ff864304718
    3⤵
    PID:3772
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,1123799064840950277,9429662350147158141,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2180
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,1123799064840950277,9429662350147158141,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
    3⤵
    PID:3724
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,1123799064840950277,9429662350147158141,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
    3⤵
    PID:2784
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1123799064840950277,9429662350147158141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3696 /prefetch:1
    3⤵
    PID:5084
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1123799064840950277,9429662350147158141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3688 /prefetch:1
    3⤵
    PID:5052
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1123799064840950277,9429662350147158141,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
    3⤵
    PID:4764
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,1123799064840950277,9429662350147158141,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3256 /prefetch:8
    3⤵
    PID:2300
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
    3⤵
    - Drops file in Program Files directory
    PID:888
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff7f7b85460,0x7ff7f7b85470,0x7ff7f7b85480
      4⤵
      PID:4936
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,1123799064840950277,9429662350147158141,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3256 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4972
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1123799064840950277,9429662350147158141,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1984 /prefetch:1
    3⤵
    PID:5364
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1123799064840950277,9429662350147158141,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1744 /prefetch:1
    3⤵
    PID:1384
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1123799064840950277,9429662350147158141,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
    3⤵
    PID:5972
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1123799064840950277,9429662350147158141,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
    3⤵
    PID:5956
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1123799064840950277,9429662350147158141,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
    3⤵
    PID:5180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.zarawa.net/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  PID:5280
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8643046f8,0x7ff864304708,0x7ff864304718
    3⤵
    PID:5260
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,550196538679752210,17565171154978208248,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:960
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,550196538679752210,17565171154978208248,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
    3⤵
    PID:1312
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,550196538679752210,17565171154978208248,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
    3⤵
    PID:1084
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,550196538679752210,17565171154978208248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1
    3⤵
    PID:3648
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,550196538679752210,17565171154978208248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1
    3⤵
    PID:3192
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,550196538679752210,17565171154978208248,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
    3⤵
    PID:5748
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,550196538679752210,17565171154978208248,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3912 /prefetch:8
    3⤵
    PID:4688
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,550196538679752210,17565171154978208248,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3912 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1212

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4204

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2260

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
36KB

MD5
b30d3becc8731792523d599d949e63f5

SHA1
19350257e42d7aee17fb3bf139a9d3adb330fad4

SHA256
b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

SHA512
523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
56KB

MD5
752a1f26b18748311b691c7d8fc20633

SHA1
c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

SHA256
111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

SHA512
a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
0db1142df52d1d76a94ca36e0bee94ed

SHA1
c6dd7382564ad383d31152f811f0bd9a2ec6be3f

SHA256
df588490a7597ab0d9adb2184a8c7b786679c48f3a41c765749d1ddfbfefe955

SHA512
84323b4d68ddab0aea31b6efcc0791b6a8cffa3dd8e6c091b4eedf876605ba60d82eb64651fc0e9b090c8b81b14c826dc7f9ae191953a780f0575d5552c85835

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
451f1946fc2a626d5c3a0b944a916310

SHA1
800bf991a873e700a04a19789890bfb8803e4880

SHA256
5c5cc65b3a9d94fbea501efe61067190d54073bd0bd9ffeac6b8e88f58a1b73c

SHA512
0a1713a7fae55f50d8e3aea57baa24950ac84a296d3945f526d1e43af797fe7efb81dc9b7ff6c4ab50fa9b4180bd815313bc0cab8a392372146b1d43bc49a97c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
451f1946fc2a626d5c3a0b944a916310

SHA1
800bf991a873e700a04a19789890bfb8803e4880

SHA256
5c5cc65b3a9d94fbea501efe61067190d54073bd0bd9ffeac6b8e88f58a1b73c

SHA512
0a1713a7fae55f50d8e3aea57baa24950ac84a296d3945f526d1e43af797fe7efb81dc9b7ff6c4ab50fa9b4180bd815313bc0cab8a392372146b1d43bc49a97c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
db3abeebc02ec56124dfddbf454a1764

SHA1
4dd0f096fbaa0badafe5c756e49bf660142b5e2b

SHA256
f656af292fef6c979ae1508805d17db5e306b6cb1ba4e662bb78f091f8ca3e9a

SHA512
6421fbe486421c91271082ea292512a2e4e6e56ed47fe24b9a885f9b4a30fb380a0d5ce0d948420563dc5fb1d62db8553f5bf48e9732e832b493c1429af182af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2e9ef9ffe247b20c0a7b556168ea5626

SHA1
789c7599294ceb181a88440559abab8d07d63432

SHA256
215f46d3cc949c761b5c8ec1ec9465aa9e1574ab4873afbe99fc9755ba7f16e9

SHA512
283fdebca3ee45494287c8f47cc759a2c374d34925c990e4fd94e03d9e9111d2acebe1683b672f8053dde4dfa704bce764630c344d4680960346db7b460d4e50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
462f3c1360a4b5e319363930bc4806f6

SHA1
9ba5e43d833c284b89519423f6b6dab5a859a8d0

SHA256
fec64069c72a8d223ed89a816501b3950f5e4f5dd88f289a923c5f961d259f85

SHA512
5584ef75dfb8a1907c071a194fa78f56d10d1555948dffb8afcacaaa2645fd9d842a923437d0e94fad1d1919dcef5b25bf065863405c8d2a28216df27c87a417

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d2642245b1e4572ba7d7cd13a0675bb8

SHA1
96456510884685146d3fa2e19202fd2035d64833

SHA256
3763676934b31fe2e3078256adb25b01fdf899db6616b6b41dff3062b68e20a1

SHA512
99e35f5eefc1e654ecfcf0493ccc02475ca679d3527293f35c3adea66879e21575ab037bec77775915ec42ac53e30416c3928bc3c57910ce02f3addd880392e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0bbe7b87-56c4-4c32-9c56-c9155890f416.tmp

Filesize
5KB

MD5
8f681ec70283971830207cc5de96d66c

SHA1
0722509a7e743b21a88c972def63617b48037be4

SHA256
1401920b05f1fe70a83c635bb7968a6659b54b16bfacb7c29d1a63bb9528e509

SHA512
781ade42400a1e139f5e93143afc190aebe5ddede6c97f319c2fc4373f3313b3d4fad8f3da42b7c8109f30a2900f38d09b2e132492e58057a9e460869ad60baf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
897ad337d3b7a4e4765a868ef69bc137

SHA1
6338b9cbe012b7f1426981ebf458e451a01213d0

SHA256
079187885aca939b55ab0f60264baeffd12f764e94b066e47b9cdd65710595ba

SHA512
73a3583b8c769711538a65937bf72bb85373f585b57680c7ce2bc604925391cddd4ab823ca8bc7ab8ae08bcc66ead5d4b0b499137c5afdc3d8698da238e353c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
5eadee6baccce958449a07f35aad5845

SHA1
f7c835b5e36f617e47662429501b85ebdd09375d

SHA256
0b05688e0fc296937db0a5aa11e9d24a8044254869a2e6354ed058bf04923ac4

SHA512
f1c3febdde689dae30127693636d684a50a3c034ce21fabfbc3aaf13e4ece84043801e6c32d39923dcac8462b998e95992cef350b168961865eb08a3c72e9a62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
38KB

MD5
8bbccee6f09a95ddb9712d811452e15d

SHA1
edaa9e240ac6d6aee9179b3c86e05ee00cfccf7e

SHA256
df5482dc3d04adc0efe64948984a510d08f423b5e89fd9b760cca72122dfd4f2

SHA512
d0e8326d0fa70c59822975de83e1a01c1ec9e6da2ee518c9ad3a713efe96822d8024c05e1f51dd9c861e3442bcbcb4553f3c75fc4db3dc5f5901803df14e4328

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
76KB

MD5
8e3a2b79afcab9377c26412eea8e8065

SHA1
02ee6c05a4bd9d1c4f903949806e5d1a3a67bbba

SHA256
ff474b0ee5409b7221eec707ba8346bf377a363eb4ea3cf355a0615316e5008b

SHA512
6c26fdd1ef0ede4b376907be8a7c89d7fe11b53b7c08300256026060afe71ee155d5e740c81d0a17a539eac1f52bc57b99d842e84cec86a31490237c3526523d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
26KB

MD5
4a52a58380feee9f711cfcd24146819f

SHA1
9ae2ff4669a9997b8b4c1a12c0b6f19f3569eda4

SHA256
15b0ef99d0199d3b1d6cb2c81d8a2193e725e38fd8829b2c1f70e75e8f091f7d

SHA512
a9ca2bacc370f87310c2cce9f3320d17ac0337066718a80f19cd0d878d06f1d1748b73d62318b134e3465089404afb0a85a4e7fcd49cedde7f536515fd8482e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000067

Filesize
168KB

MD5
3bd9f31f56f7f6c5914bfc5122b24be2

SHA1
c7db1a42c51542313348db7030667fb982d5c102

SHA256
4c8d7e2acd65c95a51e4358f634d4cc98081cddebb3f75f308013c199f6de2a9

SHA512
eeea09c35a2475ffcb4803e8c5e2ef57a724b7c44497dabfbe078c4c343f2765a0e66426460376200a991f4a12dbd876a94e08560f65956173f82bda97dacbec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000077

Filesize
163KB

MD5
109e1354dcad59ff8d3e589dcc09299a

SHA1
bc2cf564c7967a59936c2074b78e124e17439c3a

SHA256
a9f34a49984f7a94c7a522a6d171e470701d34a4b630dcb7ae673e6cfaf2e5ae

SHA512
4a85f37ac35db60a44e729a0ee842e45172657c17c71022dfa73aed445106b833cdceccf94b1735737d5b9c06da8db19a6799186bbf742544c943a4b8de737ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\index

Filesize
256KB

MD5
836b1d4fcf3dc352e5a5ef18ebad8ac0

SHA1
01a69642baf1bec697fda61299ca16d7ce0910f3

SHA256
d1197ef830c92b567184e3fe394c38ef1152e62c5b5905bd4557c1784b7e7008

SHA512
5906d409981006e4168b991d0098891ebe045fc276ec51fb9fa7400f0d32f5e23589e02cd6e8a077f786aafdf3a4a097b5b406cee39e83ee934b2cda5c9e0d55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
445e2460cf58989b46391868d051cc89

SHA1
0498a65cd475290331eb9b3fb96482f1955e1bd4

SHA256
6822009b5ee72a093e2d8c7ea2763d0aa79c150ca30033f43c8beafcf71d05c6

SHA512
69de411bac30c98e2268ec919a24e81a2afab5bbf46d184c929c5b38bdcb5f0ca64c122a5f8ad61e93355c0d6ad6c990befd1d0570a4505b6b6bbfd681255a4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
606c96d2cb0f7467828cbc58ef6542b3

SHA1
1af0a74fa30eae350dea179eb8f945dbab061775

SHA256
51285b86d91269d9258b210976e94d6f89d9d72ef6353989fea4154a5bc59e63

SHA512
042c98f203aa5e5056f6268514038ce628e3a72e28cb244f621d4c3a41bbbbc57734808bfb53aade463f874f51762c2614cfc511aba5900a437463f9ed8c980e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
606c96d2cb0f7467828cbc58ef6542b3

SHA1
1af0a74fa30eae350dea179eb8f945dbab061775

SHA256
51285b86d91269d9258b210976e94d6f89d9d72ef6353989fea4154a5bc59e63

SHA512
042c98f203aa5e5056f6268514038ce628e3a72e28cb244f621d4c3a41bbbbc57734808bfb53aade463f874f51762c2614cfc511aba5900a437463f9ed8c980e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
48B

MD5
445e2460cf58989b46391868d051cc89

SHA1
0498a65cd475290331eb9b3fb96482f1955e1bd4

SHA256
6822009b5ee72a093e2d8c7ea2763d0aa79c150ca30033f43c8beafcf71d05c6

SHA512
69de411bac30c98e2268ec919a24e81a2afab5bbf46d184c929c5b38bdcb5f0ca64c122a5f8ad61e93355c0d6ad6c990befd1d0570a4505b6b6bbfd681255a4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
1dd8bb97265342757e3fc3960925d271

SHA1
dfbd5257159f30553ea8a6450ddb5d05ea11bab3

SHA256
b47d84e090171f0bf0af2682f7720646ba909f266cc03fef0008fc2ff47aa6ed

SHA512
a1ef1b1343634217e25cb675fcc7317ee6662a9d77033f09522d3cf4bc4154720cb2dc051b43adb805f10a6530eb7188fdb048031445d3138e009d6ee88bc527

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
279B

MD5
c6a944c338a50b4e1d29f21e113c39ff

SHA1
d8cb51dbf6ae5198650dfb89a8cc3830bbeda8cb

SHA256
d180c8137654cc3f8f2a7bb188c6f0c627ac55f2ad0878d4fd5730ba980a4f23

SHA512
0fee38f609c999a3aff7714c357e20ce2c2e697564f85ec5545b50fa2b766429e5ba99c493479c87ebcdba9bc5d9a20eb285384eab2aaccf2fbf412dd0243134

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
28KB

MD5
c5d256fd22f0acdaa2a2efc3f9b69d98

SHA1
6887b81195b8d7f0b2dd1c4d786fc9a183e78d4c

SHA256
d5c9138e3be8eace8d2a4be206c55e1b5561e9b8a52fd0d9b63361d41e6d7eeb

SHA512
592d6060a5a0bc3b261469a3522c5e378d5e40d2c97386385546fcd0d032ecd217856a1c4f874258994f5941d802337122ef0192d1b7280f9934f20a04628a1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
d4c17550eb3bc3849cc5cc1f79952247

SHA1
fd2d1e84e6d3522d04b08864312a4853a9fa47ea

SHA256
71de6d0e5a60796cad16a539ba1fc35c26c6872676fdba2750047626df9e3513

SHA512
610306dc6aa47173b0274b7465bd36c03b5ca4f3566016aad1bb4ddf491160b0ff74645bd434734dfea234bba10095eb8a01136734970c82e668c69b89c76b26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
d4c17550eb3bc3849cc5cc1f79952247

SHA1
fd2d1e84e6d3522d04b08864312a4853a9fa47ea

SHA256
71de6d0e5a60796cad16a539ba1fc35c26c6872676fdba2750047626df9e3513

SHA512
610306dc6aa47173b0274b7465bd36c03b5ca4f3566016aad1bb4ddf491160b0ff74645bd434734dfea234bba10095eb8a01136734970c82e668c69b89c76b26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\index

Filesize
256KB

MD5
0d0a3dacf3706a7d741894ac84d77407

SHA1
071ec5a3f02544df3c2fd4a9186bd3131cbe69fc

SHA256
feed146a80ba01a656d2ee6168b40e12b6387eafc6c1ad211fe76c292ec9c91c

SHA512
3ac0cbeb9f19200a6a1dbf0da964526fc55dfe9825a942cd9f4e43313e70e06470b171a6bb5163d02a4717750e2e4570413af4003e80fbcb5286943ad7fbb2a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
5b47d67bffc8e3a17d4eb3bc250386d5

SHA1
4fd2625f3d86afdf3a2b6ffd91bc05f2c456743a

SHA256
77e057e24c50f5379658f35891effe7b6ccd9aee13f72b764311bf44baa40293

SHA512
7c456ab8416e2fbd2d74e50a513943c0637db487ca2cb88e42deb078d290dff1c1370f8333c8f73fce5d1c8905f52e6760ea80305f1958078f2ca8031660ffb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
2KB

MD5
2671d1c199a1848a2ecc80c1113106c0

SHA1
93614f7418eb14eaa300c52eee7764efc98b7932

SHA256
2b98dd7eee4dcf5c93a33521e95cbf5d3e80155c47a17e564875ad7df3c21c08

SHA512
8e79afb114409c0bd4f663363b8ad7548ebc5206b23fc998d1b935fecb5bb98a954d72da6499e6d88be3542f7b99aae7b556cfa1c2a91919eb055720149b26b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
334B

MD5
fa6f74903cb608944e74f1e764f9bbc7

SHA1
8574c47158ce3124525d86377b31c914900e0780

SHA256
8e5f5e15a42dd84581c95f08c972999cf4a0c70840f27be5455e9fc0efabbf6e

SHA512
05c3325ac7e2eddc469d970a1acee1d3e83b960d1cb5db9afcb6bb110c0243c11f6560c8f0a3a703d2452743649ffc63f736c7bc5bef6419760febe165545500

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
dfbcb260c6e414651bf0d2fbfaeec00a

SHA1
1a32331476e5a94a6c771d2b5975c7ac6204a977

SHA256
682379382927cdc6abee2eed37609903d15b903f77b9cd39154532067f20613c

SHA512
644a65dc16d1da895c36e04433f787fef08aab1e14a4e21860ccf8a4c074f752007d000dc617e7780c3be1483ad57ca64bebaac92d8876660e8ec46321b4ccb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
0a924d14e1255482e890fcdb7599daa2

SHA1
649b0b14fefa2a23e2d978c5bde97ae283e1c519

SHA256
45cb6ef4e1d44c1fc98a4e5cf736d4280f6e691ecac0f8b3826f4e37e27486b3

SHA512
9362b295ed67c4aa26177be51c46646c7f96b883c74b12669666c7b78f9da0306d5de9e4380740463be3cdd3cec4d86429110014158ccebb03fca88306c471bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
0a924d14e1255482e890fcdb7599daa2

SHA1
649b0b14fefa2a23e2d978c5bde97ae283e1c519

SHA256
45cb6ef4e1d44c1fc98a4e5cf736d4280f6e691ecac0f8b3826f4e37e27486b3

SHA512
9362b295ed67c4aa26177be51c46646c7f96b883c74b12669666c7b78f9da0306d5de9e4380740463be3cdd3cec4d86429110014158ccebb03fca88306c471bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
e44615931c6746b6fc073a019064d01c

SHA1
579a13a4e3c0d6a286a235e9757cc92bba42a998

SHA256
9408c98a27821a42362bfa2d6d4128a27c58e88e6c608011652b84e88819a40f

SHA512
46d4936f14fa6ab2016ae66ae5ee47eac5f6efda8b81c62d3b733aa9dce4252ec33a0a764f1f8f2d7fca23433aa2dee629d91cf5d174d8b64ac732f334eefc3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6dadd24b9727d63e929101ec8428ff6f

SHA1
91d9d9db277d75d48e1aeb5464e3a66684b957a6

SHA256
2f9c0e7a8291481d4ab203c8f5f757591f761524f37fc230f366afdd63daf6e8

SHA512
512ff5c035dd61f84888ff7fc18633fb5bdc00d7e5ab2333f03f8e9bcbae4f9578d42fea4a740c309ab03f77b95d2555200f751b808ffef86fbffbf7ff481d27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c891a6b3c997e1f6cf8f6ddfbe10c800

SHA1
b7e60eaf3fc364755baaaf90867842b3fde14126

SHA256
9d8f871590b913ad91691b515ccce9851d34bcff52842d8215d1054e9df9de44

SHA512
607be33f16f962058a0f073eea2c5e7967fd803f0c156370cad29aff251a8bc098fc87635ed1e4a8a3a1294c6ce05aca2b8c105ea442073d0ad711495155edfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3f70a9125b35b022cd9c04cbb4a53c65

SHA1
00e6279b070efa278c47190b3a5636f60be0a14d

SHA256
451e8f0198cc8a0002d65a16961d00e2f5e894ad1940ea30a2697f50ffb76e6f

SHA512
cc5d40b0d739bf359480385a4710e2f2dc98f3773ea79060a3fcb80632add0e6c286477083a051a05593b7f28c5b8618293a2a18f7a57ababbf029d1ecbb34d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
336d26f9e48e6cbb269653b8c1a8e789

SHA1
96b01a783fb118d728d6462490e8404c76eb441b

SHA256
f4ae4a4a567a253c011a60240a775a28907d80aebdc7cbef13579f9d623c47a7

SHA512
2c5210fe1d058327e5350836ffe17e6aab19698c5a4d12db9219f876d1a239baf31ff688401e6cac7f5a60b86af086aa0efd23739ab573eb2308ad32490b68ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
336d26f9e48e6cbb269653b8c1a8e789

SHA1
96b01a783fb118d728d6462490e8404c76eb441b

SHA256
f4ae4a4a567a253c011a60240a775a28907d80aebdc7cbef13579f9d623c47a7

SHA512
2c5210fe1d058327e5350836ffe17e6aab19698c5a4d12db9219f876d1a239baf31ff688401e6cac7f5a60b86af086aa0efd23739ab573eb2308ad32490b68ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2f97b8b21b77f1c5341b9958256105f7

SHA1
77392e446ce4f715f32953f7689da52d3f788c85

SHA256
ca9959ddcc9c5c7f045172ba461a9d3f7c04f01672797b881e6cba573ebd0e23

SHA512
a43a39966af8c60d190227abd389ffdb8ade97e199c1a9288454f8a6d8646d7fc3083e27cdff6dcf47bf6c6d0c8832863c7dd37c6116363c7a00442c4df07382

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
69bb17f637555031a9bb2b35214af54d

SHA1
195f5d37dcae45e6c33e14f2bd494d7584af2549

SHA256
e1a8934bcbba4f769578f6ebc427c779af8f0d6b237b51e8ba8b94351eb382b5

SHA512
1865da1b7c5327e6e10f2752737dcdec1f72d9a4f1aa23777b1af96a12f4ea5c31f584250fd12f7a6502addceffeb251256276f2d11f32a4c59a43aac609e7f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
130644a5f79b27202a13879460f2c31a

SHA1
29e213847a017531e849139c7449bce6b39cb2fa

SHA256
1306a93179e1eaf354d9daa6043ae8ffb37b76a1d1396e7b8df671485582bcd1

SHA512
fbc8606bf988cf0a6dea28c16d4394c9b1e47f6b68256132b5c85caf1ec7b516c0e3d33034db275adf267d5a84af2854f50bd38a9ed5e86eb392144c63252e01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
c325881ebe65f710ffde9291a337fa80

SHA1
1ee282fbda5f7c9b49406abfc182cc83148883e6

SHA256
3b769be053cc0fb275a708dbd5e7cca5af41a5b4994385cbd19266e880da9c0c

SHA512
f28ba69ec56f4d1dd8e241cb47d4514ac7f9d9cb177929f1c48dbb04bcc9adea13d95f415dfb4c660eb3c79ad1211ca15459b3c566179365d026ab3e5b4cad0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
298B

MD5
21ede3825e588e666a97d71833512fa0

SHA1
9afe62b9138771b03cb8871ae82e158cb2845f24

SHA256
0f0fdde602e08df27e004d56255344169db19a60f3ba5cef01c6b9e4325ce571

SHA512
579ad353b7d262306eb982ad758351a6e7729658d77751087fce9b657a51734fb5342e21e66b65c79738b93763ae9ad4c5467ec19aeebdf61f8489482eae28e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
281B

MD5
4b6499e9894089649970a7ad411c64b3

SHA1
cef4f302eaec9362b41ee78b4dc87ff1d8f7f099

SHA256
1e5da151abd9cfd200d3acfa211cfc42d47f3b5abae7491c3712d0e0256c22f0

SHA512
e2b11c4c8b9d33dd9295ba862627314e187060ea8c97007b83034d6bc91f72c885cb7a8e63f658e6dadc39c768efe03145a6376a626c0fd8337c126db62e4c74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13326903095718867

Filesize
8KB

MD5
3bc90d3e573105e53f4f2d5c62d71ff2

SHA1
e66e09e4b1a8ee5e860407c82e6eabfc17c32ce2

SHA256
da250d74e25be366cc220a2d59fac9ecf028e2e06289140e38fd55ce08925b70

SHA512
c229f62d7f4726c283bb44b00f7f706d46f86d388072d16af42ac8b5569a6cf030268807befe026456714982d627e82a17c0fa9f3233c4f23d9eaa6a2481e720

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
7dda6b3403ef1dc51016ab0c0e413e53

SHA1
a7f023bf8d0bfff6cfae35fcdd4ba525dc832f75

SHA256
a947b50885e31503de99c9f09b9b40ab18883cace8fe899d2bd4aa983c11c30d

SHA512
afa69442768a5c7fe418cef481f53573e0dfa3fc7ec462df8edfc492cfb0c313975507122be5d4a39c5f91a14e833f941941589d2632ef48bf4ea0764a530d50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
ff2fdcaf0535534b72d9019aefa57fa8

SHA1
866cd6fcfdd1e2efd5623b7548db2db69f854f91

SHA256
f990de305db0a1d1fbe0db1c583bb77c44a8caa30d12773b0f2daa1376c37c96

SHA512
492922f975f910c2d89eee650da14a6188873e5ee5a52cf932cac9a42f578a3f44cc54e788e75ce88e327ed737e39aa4ab53a1d2a2a70053378b259bc8795d01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
25c3ed76b6826de8aa861bf3ceff5bf0

SHA1
5bb9336f274222f319a5d72598bfbfdce6b0df9c

SHA256
d1d7560ada253616fa9a30f3ec9999c21464a749efcc415dfa531e6f5684e222

SHA512
e9cd3f88017d0c9ec93c9fdd8f3e581c89b052133d3b5583670c13239ffa39ec1313d47cfe2b96d258c358ab02973c5f6646ad057598d9e418df48a3b33623df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Top Sites

Filesize
20KB

MD5
f44dc73f9788d3313e3e25140002587c

SHA1
5aec4edc356bc673cba64ff31148b934a41d44c4

SHA256
2002c1e5693dd638d840bb9fb04d765482d06ba3106623ce90f6e8e42067a983

SHA512
e556e3c32c0bc142b08e5c479bf31b6101c9200896dd7fcd74fdd39b2daeac8f6dc9ba4f09f3c6715998015af7317211082d9c811e5f9e32493c9ecd888875d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
088f83679245439ca409d4b2a24a833d

SHA1
60465f42d2df828b4483b00e2b8e447e64c537be

SHA256
62a19e9e7f6cc3b737fae3bfec1fbbcdf536ef3bc04e2fb5821969a3b1ba94de

SHA512
89fdd09406d8df50dd9d619c63bc35d52ca70c65f70c848e0c8c42586996e6050130e82993abc6d0e6c8d9511c7d65fa5cf362877beed63e43cd8b9bb13e1105

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
16b4583f448e56cd1b9591011a3c437f

SHA1
326edb97a7f346d12251353b33418a75832d0e1c

SHA256
d2315f263fd9354111142c5bbeedbb1014b52707ba4ba5ad10be071eab97ea13

SHA512
4404e78e43d198b4126d78373941a023f369dfe3b214138f86703c3e52dec230d04b526b7cf2ce46212ff3dc377e94b3c156962a1ef05dfab238789dcff7b8cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
16b4583f448e56cd1b9591011a3c437f

SHA1
326edb97a7f346d12251353b33418a75832d0e1c

SHA256
d2315f263fd9354111142c5bbeedbb1014b52707ba4ba5ad10be071eab97ea13

SHA512
4404e78e43d198b4126d78373941a023f369dfe3b214138f86703c3e52dec230d04b526b7cf2ce46212ff3dc377e94b3c156962a1ef05dfab238789dcff7b8cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57926c.TMP

Filesize
539B

MD5
36b0dd806f54fb722d58303cafe35aec

SHA1
c551b978fba386299b710f1ff121db6c41cf74ea

SHA256
ca10b0e11716baddefda1613d8593bf723e11d4801cde1961593471c9e3b8c0e

SHA512
2ea08d2b6fa99d032129120f4539ed6d7bca77c72071350a0a338677a8f71c2de9f68769a567b5d8e17015dd70a0c8ee419cb3ddd49a24431f1f1d44e7232b3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
c1dab332a66e43ba7a50b78e1b08305f

SHA1
ebaab13b81a2e3047a71a39ff17b8b1efa08eff6

SHA256
75fc23e5c6dd91ec1f3ad5c46fe867f9ab26a3d0f8f10bc8aefea5e42324926b

SHA512
32958b07e19518f13d36fdfa5d3d0d01ccd1c9d4c6668762d681cc2013adf066996a81b39080c87d85d37d7319a92423cbd029487c75ef418b668b1f4b4998cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
116KB

MD5
f70aa3fa04f0536280f872ad17973c3d

SHA1
50a7b889329a92de1b272d0ecf5fce87395d3123

SHA256
8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8

SHA512
30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
84KB

MD5
3b00eb4e093778a26ba3321018a6084a

SHA1
64318840fc5d9f8a106a4a3f5553334d51a0d00d

SHA256
d1600989069b30a4e74519c7e5148e91740685c0780fbb7da1da7dfefe6c805c

SHA512
2699acc7ca2946ab6e600b1be40473edf10ada0d655c79cd5249771441f2a7b3b125c63b3053ac481283a4f8b88df1feac5b4a19ab4e0d94c332998a5a9dd989

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

Filesize
3.9MB

MD5
8e9aa500e52623f05fc768b78699e0fa

SHA1
9392a5c5dbd9cb44a54962990297b5e0d0954adb

SHA256
6c025f026b851cc1923da2256d2adc8309abaf04d334a8e4fc84ee255ac04f0a

SHA512
85a4f419cc0e336d3436209d7954910ea23b5b68e428ee87e1d3b4af3fcdedf89e39791efe7003d06b5e8766d2f6b07b47957dd0c65637759ccb7d196d75df55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
187B

MD5
88b95ed06342982ddac58178b74f7425

SHA1
f6cc22219bb7f4ff757742e9f7518083d4e9ae60

SHA256
188d9532b91748132c39ac67d2d55c556f8e2b1bc5718e43a17c42ce7bc9c3d8

SHA512
328d98bbb0153bcee89eb2780569af49f8f23f914344a5ac46f5f4151cc57d6167eb8aab9026bc7bbba17a12fb82b7d6b36b222dacd659be90200849bd0bf7f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
279B

MD5
570dfcc74a05504d1af5249c9654d3e5

SHA1
b22b313f92fa98eb0028cbcbc0fa09c03419eee6

SHA256
f97fb13f5dc82d30de4123b2d09b6dac2d2d6a662c376b8d2a410f41d4417bfd

SHA512
db1f556f28f9ec2416827e0b7dae8766c698b92bae48c4f3795ce03b3d296e8a392535ca5668b68affff4e7e5f024cd2d9b758db7a0ee0df1d12f8825b4b8c75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
560B

MD5
07f90eee531f5a03b25eac7586feb943

SHA1
bb7040a141c6c5f5902c7112aaf67d9ee37051bb

SHA256
1536acb75466b008014c4e537ecd4584c6f20de8b48378e61d49033af789a3a2

SHA512
74a50b8e58e416c075faf5779a11bd408b0dbee558df984666db2847605bcea4c464588d4184c9c0d729d506dc79842e7d110951c5d4ca8a8f661f3d62f183a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
297B

MD5
689971838523af94c72adb6fb4f2a478

SHA1
af48a584975beff22aad689f66e19c42e406f77c

SHA256
d794649f859b4f7a7cf66073d60f83ab9469055dcc1866d4cc07bc05a0f5475d

SHA512
a3dd671a0aa95b686934cb8d39447752ccd948791b7a4b01acd698c78b8516887bf252f8ad8a15bcf18a710a4ebc6d30e3ca5b453cfde94f5477ad70594fc6ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
8d44334e4ae21830f3c1e130e8b0ecc2

SHA1
bca3c99aa94e29f804ef54db23515031cf9542f5

SHA256
84e8a1ba36ac149ac92149e449ed9b7d37c3d4cb272e53f2a11c37ac5755d135

SHA512
b17afdb83c0c5d31536f677b1c3c463ff8d303b6981f28662c6662698cdf429391d2fdff39594f6fdd3cf1ef1b1ed35ffa45f57f9af92422d8ce19a49bb5b501

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
9dcbbb5950b09d7bcfca6b1bb674b57b

SHA1
a847c70778a825200f63fa6266a0f33b3fb97906

SHA256
9818286fb1e29ae7b89134361a005b830ac11ac8a8cc502f3a9f095667e7ae9e

SHA512
cfa4c41d76593183dd7a2bf6b3f72021b5f6a5c3f9acb45f0389125a8eb0f36f1ec72616e5adab62f38c6b7a1099aa6712804993a95b2c9935c03734291618e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
c94034c0f165f61034648d1581ffe759

SHA1
599c11db5c0f99b5229deb65a56926cec3a813ba

SHA256
a1c53caa4d5c86c7f5857a57072d08747113e0a87617ce6d306a91a5efa8af7d

SHA512
5fe4029c3fd023af28e6accf648dc9f7427b04cf186a14536d9658b67b71ae4659f0defce792c8534b8787f11eab64837d26f1a2680acca64b1db43a54b5ffe6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
3a221e8890737d62b16464c6cc7aad7a

SHA1
eef655f487ce05d030b36caca0875cd09b22231d

SHA256
614cda8f5672afe7acdba0389c617d1c7e18934736b1ae170b4c557dba1d2f3f

SHA512
bc7890f1c64f566f25fcd728ee47959c394a6b7becd3f5a091922eb71e505c13157524984e160336182ca082aa4c7ddb2be3e01675e838687752c441ca599ade

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
c94034c0f165f61034648d1581ffe759

SHA1
599c11db5c0f99b5229deb65a56926cec3a813ba

SHA256
a1c53caa4d5c86c7f5857a57072d08747113e0a87617ce6d306a91a5efa8af7d

SHA512
5fe4029c3fd023af28e6accf648dc9f7427b04cf186a14536d9658b67b71ae4659f0defce792c8534b8787f11eab64837d26f1a2680acca64b1db43a54b5ffe6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
50f3487d2fc5a41a6694af9225f72382

SHA1
cc0abd56685edd39a0e1eb9df1c53eabdf1fa816

SHA256
9d29147b9974f817e4f145f24d0a6ed4d843a1dc334a55c99aa683ee22a087e4

SHA512
199ff5da0684b263d47dcae8bbd4ee85118d1bf05b31fd4bca34b29e9bdb6d735eef812ec6d555c53a99024055e1077362140218de4721da20e51bce8b6c6ac0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
a98f6360038c81a8ef6aaeab5658f9bd

SHA1
53788cae0610ad1bf6b725e6e9d706cb3ed4cb83

SHA256
0eef7c4d2e51c686eb1d4eaecb220a39fa8dda06bfd60c7a6dbc6893de0d295b

SHA512
ed10e0189c3b08f02f5854b8777a2136d8abdfbd1dc46e743097e7fb4062d0b9ae40fae7c3a582b370d63ceb77c82662e4fbed926964c91a23d6d3a9e9324aaf

Download Submit
memory/368-1085-0x0000000004210000-0x000000000423A000-memory.dmp

Filesize
168KB

Download