e8880198ded988871839dc9cd99eb1f12e99b53d9a6ec0672ca2162455e2460e

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
26/05/2023, 06:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fK-3.pdf
Size

104KB
MD5

aa22f19b5f5757ef3f5387f829d54715
SHA1

f5b94ed2b47f66bebcdb0fa330c2f6dc29bf0544
SHA256

e8880198ded988871839dc9cd99eb1f12e99b53d9a6ec0672ca2162455e2460e
SHA512

2a9c4e138fca2d61d4b1919746c6411cff089601ce79ac2777b084790e192e58ca96bfd73aec9ac62900bcb036b07d16200ae7dfad6b6d6074e1ec753da27d03
SSDEEP

3072:gpRF1uGbXaY8P3QYYYYYYYYYYYYYYYYYYYYYYYYYYYYYkqPcOvL9wpz:gR1uGbXaYs3QYYYYYYYYYYYYYYYYYYYS

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\ae30857f-0d4a-491f-a8b9-e4905f345d97.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230526085148.pma	setup.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 32 IoCs

pid	Process
1548	AcroRd32.exe
1548	AcroRd32.exe
1548	AcroRd32.exe
1548	AcroRd32.exe
1548	AcroRd32.exe
1548	AcroRd32.exe
1548	AcroRd32.exe
1548	AcroRd32.exe
1548	AcroRd32.exe
1548	AcroRd32.exe
1548	AcroRd32.exe
1548	AcroRd32.exe
1548	AcroRd32.exe
1548	AcroRd32.exe
1548	AcroRd32.exe
1548	AcroRd32.exe
1548	AcroRd32.exe
1548	AcroRd32.exe
1548	AcroRd32.exe
1548	AcroRd32.exe
4624	msedge.exe
4624	msedge.exe
1292	msedge.exe
1292	msedge.exe
4140	identity_helper.exe
4140	identity_helper.exe
5660	msedge.exe
5660	msedge.exe
5464	msedge.exe
5464	msedge.exe
5064	identity_helper.exe
5064	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
5464	msedge.exe
5464	msedge.exe
5464	msedge.exe

Suspicious use of FindShellTrayWindow 6 IoCs

pid	Process
1548	AcroRd32.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
5464	msedge.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1548	AcroRd32.exe
1548	AcroRd32.exe
1548	AcroRd32.exe
1548	AcroRd32.exe
1548	AcroRd32.exe
1548	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1548 wrote to memory of 4504	1548	AcroRd32.exe	85
PID 1548 wrote to memory of 4504	1548	AcroRd32.exe	85
PID 1548 wrote to memory of 4504	1548	AcroRd32.exe	85
PID 4504 wrote to memory of 4684	4504	RdrCEF.exe	86
PID 4504 wrote to memory of 4684	4504	RdrCEF.exe	86
PID 4504 wrote to memory of 4684	4504	RdrCEF.exe	86
PID 4504 wrote to memory of 4684	4504	RdrCEF.exe	86
PID 4504 wrote to memory of 4684	4504	RdrCEF.exe	86
PID 4504 wrote to memory of 4684	4504	RdrCEF.exe	86
PID 4504 wrote to memory of 4684	4504	RdrCEF.exe	86
PID 4504 wrote to memory of 4684	4504	RdrCEF.exe	86
PID 4504 wrote to memory of 4684	4504	RdrCEF.exe	86
PID 4504 wrote to memory of 4684	4504	RdrCEF.exe	86
PID 4504 wrote to memory of 4684	4504	RdrCEF.exe	86
PID 4504 wrote to memory of 4684	4504	RdrCEF.exe	86
PID 4504 wrote to memory of 4684	4504	RdrCEF.exe	86
PID 4504 wrote to memory of 4684	4504	RdrCEF.exe	86
PID 4504 wrote to memory of 4684	4504	RdrCEF.exe	86
PID 4504 wrote to memory of 4684	4504	RdrCEF.exe	86
PID 4504 wrote to memory of 4684	4504	RdrCEF.exe	86
PID 4504 wrote to memory of 4684	4504	RdrCEF.exe	86
PID 4504 wrote to memory of 4684	4504	RdrCEF.exe	86
PID 4504 wrote to memory of 4684	4504	RdrCEF.exe	86
PID 4504 wrote to memory of 4684	4504	RdrCEF.exe	86
PID 4504 wrote to memory of 4684	4504	RdrCEF.exe	86
PID 4504 wrote to memory of 4684	4504	RdrCEF.exe	86
PID 4504 wrote to memory of 4684	4504	RdrCEF.exe	86
PID 4504 wrote to memory of 4684	4504	RdrCEF.exe	86
PID 4504 wrote to memory of 4684	4504	RdrCEF.exe	86
PID 4504 wrote to memory of 4684	4504	RdrCEF.exe	86
PID 4504 wrote to memory of 4684	4504	RdrCEF.exe	86
PID 4504 wrote to memory of 4684	4504	RdrCEF.exe	86
PID 4504 wrote to memory of 4684	4504	RdrCEF.exe	86
PID 4504 wrote to memory of 4684	4504	RdrCEF.exe	86
PID 4504 wrote to memory of 4684	4504	RdrCEF.exe	86
PID 4504 wrote to memory of 4684	4504	RdrCEF.exe	86
PID 4504 wrote to memory of 4684	4504	RdrCEF.exe	86
PID 4504 wrote to memory of 4684	4504	RdrCEF.exe	86
PID 4504 wrote to memory of 4684	4504	RdrCEF.exe	86
PID 4504 wrote to memory of 4684	4504	RdrCEF.exe	86
PID 4504 wrote to memory of 4684	4504	RdrCEF.exe	86
PID 4504 wrote to memory of 4684	4504	RdrCEF.exe	86
PID 4504 wrote to memory of 4684	4504	RdrCEF.exe	86
PID 4504 wrote to memory of 4684	4504	RdrCEF.exe	86
PID 4504 wrote to memory of 3916	4504	RdrCEF.exe	87
PID 4504 wrote to memory of 3916	4504	RdrCEF.exe	87
PID 4504 wrote to memory of 3916	4504	RdrCEF.exe	87
PID 4504 wrote to memory of 3916	4504	RdrCEF.exe	87
PID 4504 wrote to memory of 3916	4504	RdrCEF.exe	87
PID 4504 wrote to memory of 3916	4504	RdrCEF.exe	87
PID 4504 wrote to memory of 3916	4504	RdrCEF.exe	87
PID 4504 wrote to memory of 3916	4504	RdrCEF.exe	87
PID 4504 wrote to memory of 3916	4504	RdrCEF.exe	87
PID 4504 wrote to memory of 3916	4504	RdrCEF.exe	87
PID 4504 wrote to memory of 3916	4504	RdrCEF.exe	87
PID 4504 wrote to memory of 3916	4504	RdrCEF.exe	87
PID 4504 wrote to memory of 3916	4504	RdrCEF.exe	87
PID 4504 wrote to memory of 3916	4504	RdrCEF.exe	87
PID 4504 wrote to memory of 3916	4504	RdrCEF.exe	87
PID 4504 wrote to memory of 3916	4504	RdrCEF.exe	87
PID 4504 wrote to memory of 3916	4504	RdrCEF.exe	87
PID 4504 wrote to memory of 3916	4504	RdrCEF.exe	87
PID 4504 wrote to memory of 3916	4504	RdrCEF.exe	87
PID 4504 wrote to memory of 3916	4504	RdrCEF.exe	87

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\fK-3.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1548
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4504
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=7D505511411124710A210B96632231B9 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4684
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=FB9E3F0B5ACD4DB4B541D38E1F446735 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=FB9E3F0B5ACD4DB4B541D38E1F446735 --renderer-client-id=2 --mojo-platform-channel-handle=1764 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:3916
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=1B27969C783111107D249D13096D5972 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=1B27969C783111107D249D13096D5972 --renderer-client-id=4 --mojo-platform-channel-handle=2300 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:1920
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=0BEB3587C6362F69385F9C3ABAC6B39E --mojo-platform-channel-handle=2560 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:336
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=FA7244A284EAEE5EBCA9B2938DDF517F --mojo-platform-channel-handle=2760 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4904
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=9713B1026F10FC684CD9B540B27E152F --mojo-platform-channel-handle=2564 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mortalflix.com/dr/
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  PID:1292
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9c2ae46f8,0x7ff9c2ae4708,0x7ff9c2ae4718
    3⤵
    PID:3648
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,15979936744261251140,6396634321338065783,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
    3⤵
    PID:3812
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,15979936744261251140,6396634321338065783,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4624
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,15979936744261251140,6396634321338065783,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
    3⤵
    PID:4696
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15979936744261251140,6396634321338065783,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3628 /prefetch:1
    3⤵
    PID:1256
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15979936744261251140,6396634321338065783,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:1
    3⤵
    PID:2644
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15979936744261251140,6396634321338065783,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
    3⤵
    PID:1304
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,15979936744261251140,6396634321338065783,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 /prefetch:8
    3⤵
    PID:1932
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
    3⤵
    - Drops file in Program Files directory
    PID:1232
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x224,0x228,0x22c,0x220,0x230,0x7ff753005460,0x7ff753005470,0x7ff753005480
      4⤵
      PID:4184
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,15979936744261251140,6396634321338065783,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4140
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15979936744261251140,6396634321338065783,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
    3⤵
    PID:1996
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15979936744261251140,6396634321338065783,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
    3⤵
    PID:1880
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15979936744261251140,6396634321338065783,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
    3⤵
    PID:5296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mortalflix.com/dr/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  PID:5464
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9c2ae46f8,0x7ff9c2ae4708,0x7ff9c2ae4718
    3⤵
    PID:5492
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,12692683915318281470,4827950409925597467,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
    3⤵
    PID:5652
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,12692683915318281470,4827950409925597467,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5660
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12692683915318281470,4827950409925597467,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
    3⤵
    PID:5740
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12692683915318281470,4827950409925597467,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
    3⤵
    PID:5732
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,12692683915318281470,4827950409925597467,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
    3⤵
    PID:5300
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12692683915318281470,4827950409925597467,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
    3⤵
    PID:1764
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,12692683915318281470,4827950409925597467,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2856 /prefetch:8
    3⤵
    PID:6000
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,12692683915318281470,4827950409925597467,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2856 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5064
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12692683915318281470,4827950409925597467,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3744 /prefetch:1
    3⤵
    PID:2124
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12692683915318281470,4827950409925597467,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
    3⤵
    PID:4752

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2568

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5752

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
36KB

MD5
b30d3becc8731792523d599d949e63f5

SHA1
19350257e42d7aee17fb3bf139a9d3adb330fad4

SHA256
b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

SHA512
523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
56KB

MD5
752a1f26b18748311b691c7d8fc20633

SHA1
c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

SHA256
111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

SHA512
a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
0af05b188a348d3ad23bf922ac8f84b2

SHA1
5989b12fefd5b789933957a3863de19d419c33ce

SHA256
61f936febea68a1977abba16191dc69b25e4c1667e6f7da7301470e182fdb462

SHA512
68d99c18ec736259beec25a33f4780281f5fbc292bbdbae0224fb97854841233bc5a37861fd32f47bc95d5394e2af735efe949b4c5f53e23f327efc4bb3a4cb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cd4f5fe0fc0ab6b6df866b9bfb9dd762

SHA1
a6aaed363cd5a7b6910e9b3296c0093b0ac94759

SHA256
3b803b53dbd3d592848fc66e5715f39f6bc02cbc95fb2452cd5822d98c6b8f81

SHA512
7072630ec28cf6a8d5b072555234b5150c1e952138e5cdc29435a6242fda4b4217b81fb57acae927d2b908fa06f36414cb3fab35110d63107141263e3bba9676

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1d40312629d09d2420e992fdb8a78c1c

SHA1
903950d5ba9d64ec21c9f51264272ca8dfae9540

SHA256
1e7c6aa575c3ec46cd1fdf6df51063113d277012ed28f5f6b37aea95cd3a64ac

SHA512
a7073247ae95e451ed32ceeae91c6638192c15eaad718875c1272eff51c0564016d9f84690543f27df509a7d579de329d101fbf82fed7cbeb27af57393de24ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
963861f184ff6b6cfeb287a47d5739bd

SHA1
9704bcdba03cc7371c7c677be805e4854adfdd4f

SHA256
7581950eed9882ef61ffbaf8cd5dc3da1bf767d2b84f3b282d72ed505462e1cf

SHA512
808ca563f14bc1b8e89a5b468d30e3b29d75b94addf91cc3732bce014790bd2b285d15ce62ea43c2f75eac5be3a81ad64ea4d413838a554f85849bc3dd64096c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
963861f184ff6b6cfeb287a47d5739bd

SHA1
9704bcdba03cc7371c7c677be805e4854adfdd4f

SHA256
7581950eed9882ef61ffbaf8cd5dc3da1bf767d2b84f3b282d72ed505462e1cf

SHA512
808ca563f14bc1b8e89a5b468d30e3b29d75b94addf91cc3732bce014790bd2b285d15ce62ea43c2f75eac5be3a81ad64ea4d413838a554f85849bc3dd64096c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a4e9872a00851adbf34a69fe2294330c

SHA1
fe817370826b0885bc07241c0eeaac0c9b6aa959

SHA256
2f2138a90d6a1e35dc95c26d0a2ca337c15caa8d789b45724ea947cd1d266449

SHA512
b271a0289b20879e6dd49e26a04459b30018c199d6f527fbde4fbe0cca66e343ab9d0be2dc05e80ed433a125717d59d6a3daf2ef5ae1125d3a89f1154afc8b2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
790c13638eb6b1cad9152e6ebfef3762

SHA1
7ad9afec1a4309dfeac3d9fe7de22bd1c38436b0

SHA256
3264d7839631849e43dc9c18735d008ba0dbfad3d703a186d1628874d5a35955

SHA512
ed03f0bf3528b86a7de2c890e4d4182504631e4ee6fded9d6a0f4843a6fba255123c0b5075ae3869b54be7f381c05cf2eafd8f3c6508e0abf91461a923cf8abe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
0c03a46a4c621d59135e53fecfee69c0

SHA1
2a7372532730bb2ab62e9c0e1f603ffbd721ef4c

SHA256
3741caad19290449bd4d1064acaa7b346bf47c82e49e917b3bf91175a370485d

SHA512
90f6de3841c847b261e1b615c3c49057e32c410e737314c2f93be69f0cce6eebe5389b9cd6dfc6efb193313e33510de0bfb1f1c1e090f5077c420ab780b1cac1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
3274ff509b77dcbdc5924817582df821

SHA1
60bbe5e1b8ca0d573646a3ed81fd58df05b91b3b

SHA256
7b4bfc6fb3aba2e3a4184e45ef3cee0a45d649bc4e4b11c7648aff55ced3275c

SHA512
b39b58ea15716a8e31e6b183f5bcfa6d4b6e8ccd8cbcc3b8cd070437ee623932b09b78481663ef0f53db27dcd683485e8d384a51be621738f2a69b495f62ec59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
1a657725b0e56222957bcfda43808159

SHA1
7d872d673f0bd72041f716aa124ae2c7eb4c32dc

SHA256
788f3673f892fe3ad1eeff968d793648df8ade7ce6875944df258b1c04716b86

SHA512
28f305a7c0993babdce670d1923cd5563255c65e46939963aed0495aac6054a60826916b4728cbc014f407d6af0b59538cbd7e5238100025a8997906e70ed314

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\index

Filesize
256KB

MD5
b1bd1e2b4bc5640fd77005d9a6549d8f

SHA1
17773598fe4a507e20a1d1430d61e10fe017ab55

SHA256
3e32670b95645f948b1a2baa906695b385c08a7438bf0701e6abc9d5a5bddaf4

SHA512
d1101210ca58485dc6b0889d14e582ad0a23324f1c9ae129e32dda9e8c9a7c6b67f5d0ea202746dc9667fa87f4e9a91e1939f36a7dde25f3944ee69fd9ed8575

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
af10925ec7be64f09c14b34ed83082a1

SHA1
512f9d8e8abc5198ae7b27f068f2b1f9db87ccef

SHA256
c63f883bcbaaf40b5eacec5565bea4d5776d0c7df941f15e5765c15340a37f3d

SHA512
56a49d1aba61e381f82bf20a7c4bf099a5de8da66ed8b8f483637a6379110166edb563b1a5e4fd26adb7b0f28a0c8a4fcba14f1c0aad83cc14dad3144731f84b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
48B

MD5
ecfb7991aee22d8645b6a507cf5904e0

SHA1
5b1ff1a6c5d9042ffcbf80c276d966add8c028ae

SHA256
03f26df70eddc1ccab9e38d86bf9806b99b7ba9b5995a2eefb54108a96baccee

SHA512
ac2def99efd9da49b0d9ef8fe21ba449f3978921ba24965909610ddb6d1808a92b3345b4ec3bb2a9dea41d6791e91723c4dd536749e66b73010b846bf1f48612

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
49693267e0adbcd119f9f5e02adf3a80

SHA1
3ba3d7f89b8ad195ca82c92737e960e1f2b349df

SHA256
d76e7512e496b7c8d9fcd3010a55e2e566881dc6dacaf0343652a4915d47829f

SHA512
b4b9fcecf8d277bb0ccbb25e08f3559e3fc519d85d8761d8ad5bca983d04eb55a20d3b742b15b9b31a7c9187da40ad5c48baa7a54664cae4c40aa253165cbaa2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
281B

MD5
bd26bc91a375c573d9c752608323ce85

SHA1
2511d040d0925d8daef33d266987a2c2bca127ac

SHA256
5acfdf9a3477e5cbcd8ab19275c3d5474cc972e6d52a4f255adc9fe6760d4255

SHA512
ff83883052f3a695b69641f89cdcbd22666251194b82a54b2c795ae0c4f48187c5f189ab354f80dc6c926d5798307883ea7adf8dd93039f1bafcfd235d4cd4b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\index

Filesize
256KB

MD5
a6f525d09d5a47283ec0af0ff331786a

SHA1
866e079474cbf3ca23dd30ac551e0cb63309af17

SHA256
47d58ff308456022e631336508bd636b69943cb95b1b3e5551045bc17640f79e

SHA512
818b4342e740cc2e6be0c949709d0557f989118cc8dc5e851296b02f7eade38906a7b05f383a40cc75db0171c013a4d9641d6fee472543d9b2bb9d1ef68358a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
e654ebb71496b37b16a195d0d4ab047e

SHA1
6e30042651709d06bfab9eb15b5a355fd1eae542

SHA256
aa1b4e737dfad7d2ad6d8d1419ee9946cecf6d1d2006b31998710425f8a4dd4f

SHA512
ac70ced3d4c32688b01ad886dad15e6e3a6b97b0824ee71053b29c3f64631b80a96520f4512e1b04497570d74a0d294aad7cff70066b8bda2801c3672a6ef3d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
74ff4701d6ed8dd41e62546753f17538

SHA1
6ee1b2fdf30a2d908018d8bf6fd457326d52a0e5

SHA256
e0f68f193ce6d166a8cca9200a71a3e8e2e830488d8e66682187c39103ea7ece

SHA512
60e5b62ca1cd79bf25df874d40477ab61b6e262569052a824c0c4df7b126433c6ebf83942b655b1aad7b34d2d27595c6a2e8405882280b55bb792d8d35ddc9a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
182B

MD5
7a5c17745071cb031ac10a7464cdd2f6

SHA1
21db29725d072c726894ad54204a87146bffda85

SHA256
6ca28d2b68eff7a7243ce250807a3549afc3ef6e29a1a4826a90a027384b34ec

SHA512
96cf4cf33dbfde83d3232145547c4fcf469deac47bae851fbc515bc2959658eee558892caf968b73e9c6c3b4a0d73ddd358070855d3223c7aa4aaf4719cfd2ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
182B

MD5
7a5c17745071cb031ac10a7464cdd2f6

SHA1
21db29725d072c726894ad54204a87146bffda85

SHA256
6ca28d2b68eff7a7243ce250807a3549afc3ef6e29a1a4826a90a027384b34ec

SHA512
96cf4cf33dbfde83d3232145547c4fcf469deac47bae851fbc515bc2959658eee558892caf968b73e9c6c3b4a0d73ddd358070855d3223c7aa4aaf4719cfd2ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6567bbd9d5a5d2d28aea3506c7efa2f2

SHA1
1304812cc2b71b9a510b5b7c407b160d780b76c6

SHA256
73c05cd974a799a082a4ad332a15e3532ea075ca52a22896c9201fb165e2b57f

SHA512
ffa4e8438a1da29a4b7a72ab0330cedbf3b3a59eeb3a822b77d0cc1144c854f62e33f3dc8f10a7b9bdce81984813296bbee837e3962fbbd926df17390d633d20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
e3096c1cd37da7c464a4ad7d39ed1f26

SHA1
2dd085e7e6d69c9492180b4ab6782c84f053a24f

SHA256
a38ac25f1b1579321dc28f5ab0847d17297fbd3ab902327c8759f82f0be1d6dc

SHA512
12399a5669786efddda0de75777fc519d7dc7eb4eb27652114f5c11fb29d9c7e09344aae127d70976565089eccbc712c92fc072637166bdf0bc8e0b87d6cb56f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5846a5d31de72919528da9b1cfacf82c

SHA1
9a25f734d6213cf6492788b2c0a2a11c53044629

SHA256
99328c062bc3c2fbec0ee74273aa318076ff10b078520f0b98c3fa17959b9018

SHA512
249f581e2f819a2de53b200cec740996043b9f5d0da297ce78f34f35ed1abd405dcd9c849a3886c31112c5b04fc3de93f3ae92507f06984b6c074252d1427f1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
030d1311c54e76780192fc9083e653cc

SHA1
6317ae311d62e83fb8a8665593ab8ce911f61ab2

SHA256
028f37fc618434ff0133727499cc65f38897d390d72491285d3af3df2cab3324

SHA512
dba27cc58d0e9c01c2c7212b90250a350182257f63abff50fdf71d4cb42f34ff6f5eab1da17295b6cdd62111476d6925140c26bd98b353a44e64c9f1572d5754

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
030d1311c54e76780192fc9083e653cc

SHA1
6317ae311d62e83fb8a8665593ab8ce911f61ab2

SHA256
028f37fc618434ff0133727499cc65f38897d390d72491285d3af3df2cab3324

SHA512
dba27cc58d0e9c01c2c7212b90250a350182257f63abff50fdf71d4cb42f34ff6f5eab1da17295b6cdd62111476d6925140c26bd98b353a44e64c9f1572d5754

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL

Filesize
36KB

MD5
0247e46de79b6cd1bf08caf7782f7793

SHA1
b3a63ed5be3d8ec6e3949fc5e2d21d97acc873a6

SHA256
aad0053186875205e014ab98ae8c18a6233cb715dd3af44e7e8eb259aeab5eea

SHA512
148804598d2a9ea182bd2adc71663d481f88683ce3d672ce12a43e53b0d34fd70458be5aaa781b20833e963804e7f4562855f2d18f7731b7c2eaea5d6d52fbb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
1463bf2a54e759c40d9ad64228bf7bec

SHA1
2286d0ac3cfa9f9ca6c0df60699af7c49008a41f

SHA256
9b4fd2eea856352d8fff054b51ea5d6141a540ca253a2e4dc28839bc92cbf4df

SHA512
33e0c223b45acac2622790dda4b59a98344a89094c41ffdb2531d7f1c0db86a0ea4f1885fea7c696816aa4ceab46de6837cc081cd8e63e3419d9fcb8c5a0eb66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
1e79203d0f70092bf25058099947d5c6

SHA1
20d5e2bd3a2ef807207bc3981bd5494c34839c0e

SHA256
decca6fa6de1f0dcc2b46a7c45e62d1754fda43b509d92393c628d56930851a6

SHA512
b06c5cb26083e2ef7a407be262f37d83d9fee4788e30a94ce258639f7c1fb2ccb4e37ca9b77e4fb30c0fa0a9e80f94a5b9719efd2499c87deafc87d260eb0568

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
0a8f60ae05051d78ed12068704ac7bae

SHA1
008536c5eefc315996ae780432aca27f56ac9c98

SHA256
f19544eafb30b4fe2ef957ab041663905a5a5058ff3f1c5d9732737e3f2f1d12

SHA512
13c273347d3fdd6320a5c5496d6202bc7c3e1255b8f892042a36188bf2700f54318b6e6de20e47a759b951a00b8e6ba2b47413ae6d04249c2b09aead77fe6550

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
118B

MD5
7733303dbe19b64c38f3de4fe224be9a

SHA1
8ca37b38028a2db895a4570e0536859b3cc5c279

SHA256
b10c1ba416a632cd57232c81a5c2e8ee76a716e0737d10eabe1d430bec50739d

SHA512
e8cd965bca0480db9808cb1b461ac5bf5935c3cbf31c10fdf090d406f4bc4f3187d717199dcf94197b8df24c1d6e4ff07241d8cfffd9aee06cce9674f0220e29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
279B

MD5
693e161f0dfc4a7fdbdedbc733a5dfa0

SHA1
ef278dde7e5c3c3a171fc1d75cd86fa7e3813716

SHA256
ca3f033a4dce312426c610e6fa7541dbfbf819b08d115eb50232a508957cebe2

SHA512
06864e6595ab1cecdc02f383c21931155e8ebe086dc87296900f7156a35e4b5150e2bdb8d81d5351a81f7fbaa60f51e5163520ed92f6418971f7ebd30b62be84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13329564703883728

Filesize
1KB

MD5
573537ecf34704841715dc7e167398b2

SHA1
b66749f84792a2b3b0a3ad7023b1dd3c5aa34343

SHA256
79b7590fd86ddc17bd258f265dafced89735bcfcea44c590e5eab597a84ad308

SHA512
4b0535bf3adc8e5398801b7cd7797605a7617f6dfee607b18d1a3b4f852a5a65776c56ab74274ebd6b88f1c9413b6eba958d756086cfb27f9c9347618121399d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13329564716198728

Filesize
809B

MD5
3b56202edaf629620884bf33510cc722

SHA1
69c9e7931924f940593f24dfbe89aae89636f323

SHA256
10dad5ac8fb5773663ef5f62629493af20e5e73227a4b63b55ca866e5e6feaf4

SHA512
13284fb05163cd8d287a9c98ed2614c55904f8417ddf2542b010cb4bf777093cef8a5405d713960b65b66585011e567b68c2d09711a830a67ec047dc56f56ed0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
a20ce88847da268492d3d558d0df14be

SHA1
0d2eaee1f27e64ad6ecd4692fcc31e046497b786

SHA256
08330ed2ce61c9240bd54020c2c37b75ae1da35d85a85838a68d4557ecf967de

SHA512
11b17de3304e93e28425930ff986eb65ec8da2227bab9b6c3c53c63a433458663644caeb3d2df1ae4b576536acb9f9590ddddc7c1f0dec8bd71deed583af47d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
cc283a1e22b198ab8cd8f318bc3c7c27

SHA1
4a7c78e9cae789491cb661a3759cecd9afde6b2a

SHA256
6756073445dac81a36c73e87d7749b6f0c71ee2578e854cefd2fd0e2a9f29f41

SHA512
b0655a554027f22ab1daee905959ee48dfdd4b0d33202ebf0cffd06e68ea143ee5f9d0887e213051337a4b01016903bc70757d099b72fd7b339655f7c4c37247

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
21db5897445645e5a609707a231ea853

SHA1
5c8783f5b49ec5c210abbb99af65171f934e7927

SHA256
70a4a8696ebc4baa4e39e4f6928ab56bdc3170b46cd0cfe244f67eee4c19b0ad

SHA512
65634e892b829743a8e78404edc9be2a07bc5f04c44487335fd067d532f80d15700d55b8820604a4e85441c27e5ee0cb74430bd28e34be3539ba1347bea326f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Top Sites

Filesize
20KB

MD5
f44dc73f9788d3313e3e25140002587c

SHA1
5aec4edc356bc673cba64ff31148b934a41d44c4

SHA256
2002c1e5693dd638d840bb9fb04d765482d06ba3106623ce90f6e8e42067a983

SHA512
e556e3c32c0bc142b08e5c479bf31b6101c9200896dd7fcd74fdd39b2daeac8f6dc9ba4f09f3c6715998015af7317211082d9c811e5f9e32493c9ecd888875d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
2723348b00fee93ff0aa616f2a06a848

SHA1
16ba8281e1847d989b41b05eb58140ea4c002aad

SHA256
1cb3e6dcd90ff61ddfb94c5a82883baf093422270530cfcafa1354ddf15edff8

SHA512
17682de12bc935d8282641c9b19454b4fc8e447ccd47f30b1fb099ebcf7f8d8c19636cbdf66b44be6fe60dda966f7b44abc653545b695d7f12040472d1821367

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
116KB

MD5
f70aa3fa04f0536280f872ad17973c3d

SHA1
50a7b889329a92de1b272d0ecf5fce87395d3123

SHA256
8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8

SHA512
30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
f0bf1fa96b2e436837e6866365f12bad

SHA1
4ffafb6adb01ec518bf16b3a006d792e02700f74

SHA256
43470812ffd5a3589ed2a51b18951d5c6cd7c94b8612d171f5b3ae9672a64d9c

SHA512
42688523358b6d052318f106fc3ed38ca73cb2277f70b609c5844c5e080afccc5b2ffeff3a3af6a6d74812db3de739913e8e86758372ccc85fe343fee562a97e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
187B

MD5
3579a1810e931958cfae1c22173d6fef

SHA1
f498845be3120e3d8f3ed952d1292ad61635ec0e

SHA256
4b816f163d6435a0e74aa39e6743afca2df7125e930332659ce05b69093a8a60

SHA512
7e304460909f6e2d8162fedf9e8a61b46cf023b7de388e6c569ffca71cc167c188712ae8c53ab8825652e830cec9f33bd4ae0ebb49733097be5b8d0d13d80e4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
279B

MD5
9f4d23054d489734f0e835793d1163e2

SHA1
bf2e72c60c0587e90f8440d6dbf41efa4f83db7f

SHA256
860c7004fc0cdb3f461848d3cba9d823f499c058e221d0a253852e62f2caa767

SHA512
20bd353c150f847c50453659c3c489833999e7c515f645be119966c2da32ddf08ec91e1e57e1fd69e15b2eafdc998fe6df238635673b6f542f4912105f37695c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
531B

MD5
1035f7adb9bc0ffa84a37929bd62eab9

SHA1
e08e3f30032ac5c95e3aa282d241d63926814110

SHA256
182a7e681a7399b38cdc194fe27e9a9bc179634b33cdf09781858f27b91bc4a8

SHA512
e13f6a1c79811badbed8e211d223108e74c20db27f5c580d55da76e1f2eb02cadd43a391246863a6d266ac1248fce58fd6a827f3cf177bc53cd196cea192351d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
297B

MD5
c689825003bee9c87d27f098b556cdd8

SHA1
2e909594ed09f496592990ad1f42ef2d1e98cdb4

SHA256
7b9f5c1abb9f25fdad2e449cc119e9f7613b55a234e9872ab33bce8ee31484f9

SHA512
fa3be3619096808f6faa940ed19cd17f49f75e019e9f5391d6779af70f1758d01e9683d04f129401836e08aa5774d80850d1ee7aefeb2e20fa943bb927b6c7f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
fa9cfb6f60d6506f4de2bde1d7960eae

SHA1
665a9894e32502f8ce26586681c91a3b9760de1d

SHA256
166234bfa8164f3505292451b08a09657d46effef532bbec13b90101167eba15

SHA512
525737485b729ad8f6312cf6ce27d0ed3f14323b5fedeaa0355504f75a2f762d5eb4658a3612fa428f1073455446cb31421873e512205825d6debcbbc46ee181

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
fa9cfb6f60d6506f4de2bde1d7960eae

SHA1
665a9894e32502f8ce26586681c91a3b9760de1d

SHA256
166234bfa8164f3505292451b08a09657d46effef532bbec13b90101167eba15

SHA512
525737485b729ad8f6312cf6ce27d0ed3f14323b5fedeaa0355504f75a2f762d5eb4658a3612fa428f1073455446cb31421873e512205825d6debcbbc46ee181

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
3b05d6f30317a338be8d6be21555921f

SHA1
918339d1dcd58bf2863a22a72e19e12766873047

SHA256
124d4790b4fd2ef9e9086061d83e0f3a7aa52aeb003770ceb0863b25d89a6aaf

SHA512
760eac07d58f94498f1346d11fab09574190f2870a77e1a8b12fe4c8b188c19da548e2d0fd9e6143b088fa7dd3fce77a1f1d9f5f640c142bc72a63edf5ec435c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
94ca551f7a71d7bfb9eea36750e853d9

SHA1
94bf11153861a67257b87356ad9697bddedc7ddc

SHA256
d20fc8f5e352c486ba71d9d64a153fa48805d3d059bcaac8ad448ee2cc354cbb

SHA512
8912aea4e254cb5425256679eb46e0b541bd0612e802bafbedd4762003b08c2d74f7f3f227899e376367abbfe51d5b941c32a2bea5cd51753facc99f4a43d362

Download Submit
memory/1548-161-0x000000000A2E0000-0x000000000A301000-memory.dmp

Filesize
132KB

Download