e0fb9a79ce8322e0ed1664a2faec68eb29759aa558cfcc3bb147613dbc83d024

Analysis

max time kernel
143s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
20/07/2023, 12:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

USD_Invoice_765765_Payment_Advice.pdf
Size

133KB
MD5

ebc4b42372af7f507404ade01706e894
SHA1

66a91171e7ff40aabc6d7402270a597a3deefa7a
SHA256

e0fb9a79ce8322e0ed1664a2faec68eb29759aa558cfcc3bb147613dbc83d024
SHA512

4bb6e80b19374a8035e9bb3c42bfc6b91beb1269784561772291f7666756969a167f1e1a7f3f66437ebfef4ee5fcbb298d3f5ea5bbbc7a99cf8c83de25d5dfb7
SSDEEP

3072:c8Rh3Afi+h4P/gsNzvXxjstNlr+7KX7XjwMRb:cYqfiUTOXxjstjrwKX7XjwMRb

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious behavior: EnumeratesProcesses 30 IoCs

pid	Process
3860	AcroRd32.exe
3860	AcroRd32.exe
3860	AcroRd32.exe
3860	AcroRd32.exe
3860	AcroRd32.exe
3860	AcroRd32.exe
3860	AcroRd32.exe
3860	AcroRd32.exe
3860	AcroRd32.exe
3860	AcroRd32.exe
3860	AcroRd32.exe
3860	AcroRd32.exe
3860	AcroRd32.exe
3860	AcroRd32.exe
3860	AcroRd32.exe
3860	AcroRd32.exe
3860	AcroRd32.exe
3860	AcroRd32.exe
3860	AcroRd32.exe
3860	AcroRd32.exe
4680	msedge.exe
4680	msedge.exe
408	msedge.exe
408	msedge.exe
4068	identity_helper.exe
4068	identity_helper.exe
1940	msedge.exe
1940	msedge.exe
4224	msedge.exe
4224	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe

Suspicious use of FindShellTrayWindow 53 IoCs

pid	Process
3860	AcroRd32.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
408	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe
4224	msedge.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
3860	AcroRd32.exe
3860	AcroRd32.exe
3860	AcroRd32.exe
3860	AcroRd32.exe
3860	AcroRd32.exe
3860	AcroRd32.exe
3860	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3860 wrote to memory of 4360	3860	AcroRd32.exe	89
PID 3860 wrote to memory of 4360	3860	AcroRd32.exe	89
PID 3860 wrote to memory of 4360	3860	AcroRd32.exe	89
PID 4360 wrote to memory of 2544	4360	RdrCEF.exe	90
PID 4360 wrote to memory of 2544	4360	RdrCEF.exe	90
PID 4360 wrote to memory of 2544	4360	RdrCEF.exe	90
PID 4360 wrote to memory of 2544	4360	RdrCEF.exe	90
PID 4360 wrote to memory of 2544	4360	RdrCEF.exe	90
PID 4360 wrote to memory of 2544	4360	RdrCEF.exe	90
PID 4360 wrote to memory of 2544	4360	RdrCEF.exe	90
PID 4360 wrote to memory of 2544	4360	RdrCEF.exe	90
PID 4360 wrote to memory of 2544	4360	RdrCEF.exe	90
PID 4360 wrote to memory of 2544	4360	RdrCEF.exe	90
PID 4360 wrote to memory of 2544	4360	RdrCEF.exe	90
PID 4360 wrote to memory of 2544	4360	RdrCEF.exe	90
PID 4360 wrote to memory of 2544	4360	RdrCEF.exe	90
PID 4360 wrote to memory of 2544	4360	RdrCEF.exe	90
PID 4360 wrote to memory of 2544	4360	RdrCEF.exe	90
PID 4360 wrote to memory of 2544	4360	RdrCEF.exe	90
PID 4360 wrote to memory of 2544	4360	RdrCEF.exe	90
PID 4360 wrote to memory of 2544	4360	RdrCEF.exe	90
PID 4360 wrote to memory of 2544	4360	RdrCEF.exe	90
PID 4360 wrote to memory of 2544	4360	RdrCEF.exe	90
PID 4360 wrote to memory of 2544	4360	RdrCEF.exe	90
PID 4360 wrote to memory of 2544	4360	RdrCEF.exe	90
PID 4360 wrote to memory of 2544	4360	RdrCEF.exe	90
PID 4360 wrote to memory of 2544	4360	RdrCEF.exe	90
PID 4360 wrote to memory of 2544	4360	RdrCEF.exe	90
PID 4360 wrote to memory of 2544	4360	RdrCEF.exe	90
PID 4360 wrote to memory of 2544	4360	RdrCEF.exe	90
PID 4360 wrote to memory of 2544	4360	RdrCEF.exe	90
PID 4360 wrote to memory of 2544	4360	RdrCEF.exe	90
PID 4360 wrote to memory of 2544	4360	RdrCEF.exe	90
PID 4360 wrote to memory of 2544	4360	RdrCEF.exe	90
PID 4360 wrote to memory of 2544	4360	RdrCEF.exe	90
PID 4360 wrote to memory of 2544	4360	RdrCEF.exe	90
PID 4360 wrote to memory of 2544	4360	RdrCEF.exe	90
PID 4360 wrote to memory of 2544	4360	RdrCEF.exe	90
PID 4360 wrote to memory of 2544	4360	RdrCEF.exe	90
PID 4360 wrote to memory of 2544	4360	RdrCEF.exe	90
PID 4360 wrote to memory of 2544	4360	RdrCEF.exe	90
PID 4360 wrote to memory of 2544	4360	RdrCEF.exe	90
PID 4360 wrote to memory of 2544	4360	RdrCEF.exe	90
PID 4360 wrote to memory of 2544	4360	RdrCEF.exe	90
PID 4360 wrote to memory of 4412	4360	RdrCEF.exe	91
PID 4360 wrote to memory of 4412	4360	RdrCEF.exe	91
PID 4360 wrote to memory of 4412	4360	RdrCEF.exe	91
PID 4360 wrote to memory of 4412	4360	RdrCEF.exe	91
PID 4360 wrote to memory of 4412	4360	RdrCEF.exe	91
PID 4360 wrote to memory of 4412	4360	RdrCEF.exe	91
PID 4360 wrote to memory of 4412	4360	RdrCEF.exe	91
PID 4360 wrote to memory of 4412	4360	RdrCEF.exe	91
PID 4360 wrote to memory of 4412	4360	RdrCEF.exe	91
PID 4360 wrote to memory of 4412	4360	RdrCEF.exe	91
PID 4360 wrote to memory of 4412	4360	RdrCEF.exe	91
PID 4360 wrote to memory of 4412	4360	RdrCEF.exe	91
PID 4360 wrote to memory of 4412	4360	RdrCEF.exe	91
PID 4360 wrote to memory of 4412	4360	RdrCEF.exe	91
PID 4360 wrote to memory of 4412	4360	RdrCEF.exe	91
PID 4360 wrote to memory of 4412	4360	RdrCEF.exe	91
PID 4360 wrote to memory of 4412	4360	RdrCEF.exe	91
PID 4360 wrote to memory of 4412	4360	RdrCEF.exe	91
PID 4360 wrote to memory of 4412	4360	RdrCEF.exe	91
PID 4360 wrote to memory of 4412	4360	RdrCEF.exe	91

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\USD_Invoice_765765_Payment_Advice.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3860
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4360
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=73E18D138CA11E2C945AC1FC8837A16B --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2544
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=F947E5E77D6E0743CA1F268D5C2F7DDE --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=F947E5E77D6E0743CA1F268D5C2F7DDE --renderer-client-id=2 --mojo-platform-channel-handle=1764 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4412
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=FA26ACF94F99FA3B4BC576DBC5D32A23 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=FA26ACF94F99FA3B4BC576DBC5D32A23 --renderer-client-id=4 --mojo-platform-channel-handle=2176 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:3568
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=BA4C1F7FB8CC899F724F79B279186D45 --mojo-platform-channel-handle=2424 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3508
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=BCD46F471522490FA9FC1F1349CBAD73 --mojo-platform-channel-handle=2588 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4404
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D7C35CDD5221BA60A58ED41F896729AA --mojo-platform-channel-handle=2764 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.bing.com/ck/a?!&&p=8c31ba1436b79d3cJmltdHM9MTY4OTIwNjQwMCZpZ3VpZD0zNzNhMjQxNC0zNmFlLTYyNGMtMzE2Ni0zNzU5MzcyMTYzYzImaW5zaWQ9NTE0NQ&ptn=3&hsh=3&fclid=373a2414-36ae-624c-3166-3759372163c2&psq=site%3amoargxzoo.com&u=a1aHR0cHM6Ly9tb2FyZ3h6b28uY29tLw&ntb=1
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:408
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff93c2d46f8,0x7ff93c2d4708,0x7ff93c2d4718
    3⤵
    PID:2096
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,1430232563686235343,14090763859024475900,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2012 /prefetch:2
    3⤵
    PID:5096
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,1430232563686235343,14090763859024475900,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4680
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,1430232563686235343,14090763859024475900,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
    3⤵
    PID:3808
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,1430232563686235343,14090763859024475900,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
    3⤵
    PID:3376
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,1430232563686235343,14090763859024475900,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
    3⤵
    PID:4340
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,1430232563686235343,14090763859024475900,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1
    3⤵
    PID:4440
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,1430232563686235343,14090763859024475900,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4576 /prefetch:1
    3⤵
    PID:4616
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,1430232563686235343,14090763859024475900,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4560 /prefetch:1
    3⤵
    PID:2480
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,1430232563686235343,14090763859024475900,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
    3⤵
    PID:4348
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,1430232563686235343,14090763859024475900,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5560 /prefetch:8
    3⤵
    PID:3672
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,1430232563686235343,14090763859024475900,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5560 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.bing.com/ck/a?!&&p=8c31ba1436b79d3cJmltdHM9MTY4OTIwNjQwMCZpZ3VpZD0zNzNhMjQxNC0zNmFlLTYyNGMtMzE2Ni0zNzU5MzcyMTYzYzImaW5zaWQ9NTE0NQ&ptn=3&hsh=3&fclid=373a2414-36ae-624c-3166-3759372163c2&psq=site%3amoargxzoo.com&u=a1aHR0cHM6Ly9tb2FyZ3h6b28uY29tLw&ntb=1
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:4224
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff93c2d46f8,0x7ff93c2d4708,0x7ff93c2d4718
    3⤵
    PID:3756
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,5183175471838652798,1757684591541806209,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1940
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,5183175471838652798,1757684591541806209,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
    3⤵
    PID:776
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5183175471838652798,1757684591541806209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
    3⤵
    PID:2336
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5183175471838652798,1757684591541806209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
    3⤵
    PID:2044
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,5183175471838652798,1757684591541806209,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
    3⤵
    PID:3640
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5183175471838652798,1757684591541806209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
    3⤵
    PID:4528
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5183175471838652798,1757684591541806209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3124 /prefetch:1
    3⤵
    PID:1920

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1892

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4500

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3792

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2480

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
36KB

MD5
b30d3becc8731792523d599d949e63f5

SHA1
19350257e42d7aee17fb3bf139a9d3adb330fad4

SHA256
b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

SHA512
523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
56KB

MD5
752a1f26b18748311b691c7d8fc20633

SHA1
c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

SHA256
111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

SHA512
a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
db9e08bebfc7f1d3a5ee59e934a5520b

SHA1
841cc1e3cb8191914a0cc4bd10bec6ea0cfebe83

SHA256
869141635ec73cacf8f3390021f2da30bc3fa9c255ada7c967ff626586f8478c

SHA512
c795ae6470250c68a2d430527034eafaaf57ac70d177742af04be3dd35a1b324a0d12f487efa6b1acb5886ad069f98ea2afaf9ee445fce3cf2f305657fc3a3c1

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Filesize
12KB

MD5
db70d63bd77607b2faaf34f22260d0a9

SHA1
d43a40630ece9dca09717574d303850414559fee

SHA256
fd1e2b9735a53a712e939b09dc0745d53ad8ee7db7e40c2726a4bcf7383285fa

SHA512
3a024f7e71d939a3ff841475cb702b80ab52f4b198c451336f457e2063061a161fd5cb38e3e76e50eb592287b681f7c131888715816b1d34fa22d3576762808d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f6f47b83c67fe32ee32811d6611d269c

SHA1
b32353d1d0ed26e0dd5b5f1f402ffd41a105d025

SHA256
ac1866f15ff34d1df4dafa761dbb7dc2c712fe01ac0e171706ef29e205549cbc

SHA512
6ee068efa9fbd3c972169427be2f6377a1204bf99b61579e4d78643e89e729ad65f2abcc70007fd0dd38428e7cd39010a253d6f9cd5e90409e207ddaf5d6720d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f6f47b83c67fe32ee32811d6611d269c

SHA1
b32353d1d0ed26e0dd5b5f1f402ffd41a105d025

SHA256
ac1866f15ff34d1df4dafa761dbb7dc2c712fe01ac0e171706ef29e205549cbc

SHA512
6ee068efa9fbd3c972169427be2f6377a1204bf99b61579e4d78643e89e729ad65f2abcc70007fd0dd38428e7cd39010a253d6f9cd5e90409e207ddaf5d6720d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b2468b267ff0ea23293b557718db90d

SHA1
157abf2c49b3737281530de3880b1637f3cc231e

SHA256
f4fec12606e1b299f9b0fe8afe56c1ed6d3909540734043027ced4288e056808

SHA512
7274f157e4ec9cdd5003f845b73ed7d0065aa2840e4dab3119b54d55cfa114fb0fefcf1ce5a867f735bb07bc2d910551340a049ddf519358eeabfc9392296f4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\17e8bc28-47ef-4a1c-b848-b0cec2f7ce08.tmp

Filesize
1002B

MD5
0cab1729ec81f994ea59346cc1f045f5

SHA1
9f7ac91d0c9725fd3e595d29785aff671f9dac3a

SHA256
87738653da8e1919454f9775515396eda1a506f7ba597cf3d7f475953d6d1e53

SHA512
8902a0874a26d4424dbf3b4c6334a725776d6261f1369997087ea8c4768918a92b5d5d1f0acc1cc8b1f9b7eec5b5ca483e8d34544fee3a109b3a722d5797558c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\68769d79-f5c7-4687-a07f-ad7caef1e0a2.tmp

Filesize
24KB

MD5
5544c64f2a8f49dabc19eb84267b1c9b

SHA1
c5b78d63a8bab1c7b985f7ea2f268d0d7809071e

SHA256
a1fcfee2974a77e76a7431a2069db301861ab42dd41769cead8697f41f5a497f

SHA512
38c80d7c810441fc87beff38929473088cf426b0a25a30820d8a060f493350d99bb8521b314afe00578ea54648fce2aa4e55880a83a4f1048c56307991726565

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
6e50a70a5f23b5422d67706e50dfe44b

SHA1
9e600efac5ddd37b5bc065234c7fde16d3ff680b

SHA256
93616b5084a816137fc92a7e147bdd8d563fbc589b086e388127c96419e7075d

SHA512
fad5dc97e9d044bb71de26fd8c3dcf562cbcf4921a0eb8f85e7f3fe8a073460054ada969b4da8152708fe24b0412f756632ae4063868cee82c8239c973cbca36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
53bbb38e24f71d920d9324027b3464e2

SHA1
28cfe3944e13a550960aa73ed02051794ce9529d

SHA256
ec57b453d820468b97b67bf39b00002015d9d3fd5a5ab529dfe1094d6a06157c

SHA512
35118482127b24d1f5b19e4b84a1ebae5e8501432403066398ba1b27f9f9b1661502cac406ff3c029bbf633a61839844268a3327f93a2d8e7746d60e171e6239

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
814fc6824e59d7be0dc5611920cf7f85

SHA1
809248f815ca82f73b98d69cca2cb70905acf05c

SHA256
1fb4e3c36cbcf0a3e73d9d3b622ec56b8113ac85ab8a4050068804a304443ae3

SHA512
57162aeec4bff3c2814e82ed5a357f88cafed4573e58ed760b5fd4066ed0703d6a4337c9cf6bbb5348d730d865a65824f2c6850bd3aaa53681ba2679932a950b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
4ac7a042dd8ffdc95582c4cd5b5f155f

SHA1
cd6c018bea5b6efc396cec107982cbabe6dcd395

SHA256
431c2b0268eea709c6bf8e12add962c7734109c3ed59467e905dd5a85365b459

SHA512
62369b2dc89d289f3e39f1302e37b2711f0d7ad6cb1e00d5d9d7f9870108a0c7c39268850a84664f068c6544b41aade47b6b4517c57483b1b9397be7c485bdb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
33KB

MD5
ef794bd3c66fe39fc08cbc3850407c3f

SHA1
573751474989f84260264e6d142f587ae061eb80

SHA256
e7bf313e669411cbb62a08f78d1fd8b722f22afcd435edcbbc62f3d8c95bcd51

SHA512
0116d55b48112fbcb2995aadf6414ec05605b81a9043a16e9b7c2205cfbe8e7fd40d7d4a9f606cb38d0b4afa81c93d8ac575ffc1e5da8d9464d30fb53098cea1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
240KB

MD5
33be95a64a6555c441ce872414d832d4

SHA1
734ef92ee88682ff2859c30ccb667210a4845cd2

SHA256
c5e3b6c483f97c5f574042fe33b62280300cf6d1ec44b5e0ce47e7400e807fe3

SHA512
f4dc151401d0128620d81ce5be49f393d2759dc874ca91068228e19afe240fc10294e863bae3c9f419913f8ffda4342f715cab5f9ad4e87cf6ab6d6ced06eabd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
226157d749ab1d84dd1f120ebdb90965

SHA1
a93d2925a065f0cc0c298a3ed7deca676276d0dd

SHA256
ffcf52c21177a23c7a533eac2fca2080c07ad84d944a3a7452226a11d0dc6529

SHA512
b96f42544157ab252f36570b8c4e4ea256170259ebbdf83306e5ff0ae2211c91898282703033fdcbe8032dce9a545091fc29839ac89e106b9c57fcbf89044a1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
226157d749ab1d84dd1f120ebdb90965

SHA1
a93d2925a065f0cc0c298a3ed7deca676276d0dd

SHA256
ffcf52c21177a23c7a533eac2fca2080c07ad84d944a3a7452226a11d0dc6529

SHA512
b96f42544157ab252f36570b8c4e4ea256170259ebbdf83306e5ff0ae2211c91898282703033fdcbe8032dce9a545091fc29839ac89e106b9c57fcbf89044a1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
648B

MD5
66368a16470f8bcb5ad6a2d56c5530b5

SHA1
46ccea2eb6f4870c02fe3554a15fa280eae91360

SHA256
1b855bbf616a06bd88ee59861a361ef8fcdd17fbc7f7d288c81a7bfc85a33ff7

SHA512
00ed3f106ddd04f397e4efcb8431a672ab24dce29391e6368b7c5d6f3ac69db5f74cad16aa54035745265e154122d2c3d423a99fa4a7aa4bfde63581c8f455d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
6e752368ef4de48360f372a9bd01e74f

SHA1
a02e7a3d6806777d08eef658376c279eb7cdcf7a

SHA256
0a1e169ff5ff0c931470ab82e881aa13abdd236bf70ab0694affd76c88544abd

SHA512
24b6d06fb0fbd41a4107e6adc567800e84429cfe6167d4743be8bd9eb396dee860431341d3904fe2fa470513b5ee81a656a644bd4bb20607b476e1e289633afb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
b3afc5e4eb4a8d3ce5ca76c3ed2e78ee

SHA1
e82fc899f304debb5d85ca0819a6335827a9ab36

SHA256
c836ad33a961093c841336a9dc8ddf96b316eb5cd56ebfdbeb351fe53882aabd

SHA512
fb2c9dda8e6d54c6d2eda03fac2f627b91fd8a121d922572145fc637259999590eab972fb28b9c1d5137eb0590a98f408d84561fb167a00807da814882dc47f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
5abf1bbf5cde3bc626816506f646ea23

SHA1
068fc247c1ca79e9afc6d9ec8cf0338488e9a1dc

SHA256
06faf3fdf9385a9309c76a6d42e49daad9cf496602594e83106e2fa5fe076059

SHA512
1fdcc548652d2d13488809022d5c6f96614377b919c0ef559596743fcb05d99257e498562467f8a5810f369da8e786e1f6b4c363d4aa15912611b0e35bd92bd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
8ee3d5c0699ea67bcb364f718e304919

SHA1
00708e8e9267d3e9175ef15e6b1d8d05e2fda656

SHA256
cbea95bb675b36750a64f6f078115cc5e6fb495c71cb322f977213a8649b3e9e

SHA512
1bde366cda0cd2cd5ed10887d742acb29f38f63695f46a7618ddb01910f213907e03dcd4a96484f96dea5f0b88cf4772bb2d833ff0cf3112e6937ba9c76a459c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
2KB

MD5
c298ece9d354f0aad6d81167d761dcf7

SHA1
58429d385385e2da146aae96850d81656e963b9d

SHA256
13e45b0079245effc55641b11fe8a03f898029c6911d32540ee333d2107a0b12

SHA512
79824b4b2e67405ddd4788fe3e1150eaf955e0509a3f1c099d8d94a57f95ff8aa4077cadff47272ca8749b05f1afa7d0858d9a85946f29f573d9b0f27d156b40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
20KB

MD5
f28e258cebcfa782734e6979618e25e5

SHA1
0c73eb744900cf2efc2119024cca194a623f473d

SHA256
436a41875ebf7d26d0993c60e7b04915641ce6c27ca293a2fc8822401b2cde4a

SHA512
65ca89110b56931dcdd69f61933332b610c2b9a104b14f78928875974134213eeb60f9fdbbd194aa12e55429b485b48a71ea8b0c5c887c5c2b1605a4ab433b14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
652083bbf98cc5f9b1d8d27200cead3f

SHA1
39b0f76501a9bd8eaef2d6aae45d7187752eac2a

SHA256
06a682c82444818449b475b12d6b3dbaebd58587efa861cdb1f88ca3b77bbf1a

SHA512
5affb4b2ac6ec64c11d7dd35d25f635a9bbe4aebf41819f7d61d6be853260ffaf094014feec4dc1062113479bef30b8cd2a83d4f56c16831a6e8c34300d3b185

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
675B

MD5
20eba3ca966ae687e030455de214e3c3

SHA1
befe22cd4ba7b2d7dcbf05aa9f2fb0f7f29c7cb7

SHA256
af2c23ffbb9a83c23a5bc60215f9c5440ba6e3a5939f07bc4f6407435e4d2599

SHA512
6ececa56caf8770c4c82adf8856efc0e6c942d0eac113bc7389e956980d1850b7c170a49d304f1116c46a8dffccd28258ac7af8543afab6d1624df0ea37c93b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
675B

MD5
20eba3ca966ae687e030455de214e3c3

SHA1
befe22cd4ba7b2d7dcbf05aa9f2fb0f7f29c7cb7

SHA256
af2c23ffbb9a83c23a5bc60215f9c5440ba6e3a5939f07bc4f6407435e4d2599

SHA512
6ececa56caf8770c4c82adf8856efc0e6c942d0eac113bc7389e956980d1850b7c170a49d304f1116c46a8dffccd28258ac7af8543afab6d1624df0ea37c93b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
54038aee291b59851fb91a3d45498aeb

SHA1
f284e41e53ca78ad25bfce92dea0cafcea9e02dc

SHA256
da295fcd9216247bba67a656a0ff4938ce7b492850f8d672ca37fbfdfa75eb0c

SHA512
be7f0118ff2362050fa428dd2e343a030a0ba237e02337dce7646e3075a8e2843df3786c66585a1f1090a952e7fd6c2ed12ebc5ecfc9b3a11e1606cccc545c92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
54038aee291b59851fb91a3d45498aeb

SHA1
f284e41e53ca78ad25bfce92dea0cafcea9e02dc

SHA256
da295fcd9216247bba67a656a0ff4938ce7b492850f8d672ca37fbfdfa75eb0c

SHA512
be7f0118ff2362050fa428dd2e343a030a0ba237e02337dce7646e3075a8e2843df3786c66585a1f1090a952e7fd6c2ed12ebc5ecfc9b3a11e1606cccc545c92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a4e9cf7c4a3cc5c31faca2dee25286f6

SHA1
287de94f63eedf8f1baf73e3f656faccffa7cc99

SHA256
c6f385e3ef1f00f9f25e3e1426103aa8b2b1aa432aadfc95cc0a339ba0c80485

SHA512
849e5e466fab5a17abc112283ef032e0f24425257ab832a7f064eb867e2c32376649cfe5bf61c92b5c631615fe5775f08ab073da44bc223890821a68edac6b71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8ff7dad37d99fe056257127b7f94ced3

SHA1
f1c5ece8d6f49bd24501f2cdd96cff0e4e36af9d

SHA256
b28976a150a7ef5cd47a7b5473cfe449d73a4a95a68705e4494dfe0307ba4576

SHA512
3da1074205eaa4c3dbee0f907a88d5a695a9ab14293a6e37ac3e221df2cdd48c3587331da472269cc7412621e4497eaca3109f6feffaa436718c163a3da87f17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d1d71810f0e918f180272293e1d020c0

SHA1
23b4c1ea2e0b1c2acbe8625da9c106b890535778

SHA256
d869a1b2ba7c1bf40ec2e9ff9b8428c6a870fd4a961b2010b70cd7c3a0dc154b

SHA512
dec76372c360a293faab5fc39c1eb9be6cd18da6b0d2f12d2e4867f63dd16e27be446312b9801658d040977a89903acc53f04e1337979567838af8789feba4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
23c3036d2073bc820a69e16ceae66b3f

SHA1
9560810d1cbe50178c95c0990ebe47b60023e93d

SHA256
6ebb8aa15e2a9348e18091f22ef5da7f71cdd63a70bdde71464dd861a89d3937

SHA512
6301953b037559cfbe54cb0ca8917a76eda3e701d040c179d44650dac4ff2eb52cd7708b6154e7969c95203ddee244add075636ea08b78b2b77ec18f0b760ccc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL

Filesize
36KB

MD5
0ba17312491d6e86fa366518f52fcbd9

SHA1
093ebd7cfdaca5e4c59d9a4aa0954074b1c62653

SHA256
d7da39185edb6de1400db271e42e6d5ab2f0701d5dcf86ba0efcaaecff53c578

SHA512
86c6fc36a0d2939e87348db3acf6cfb29c4bbf16f71f3c37518d36064ccf69db399d65e403ea8f40798fe5da774a54bcb16823c992513bc05256e0db5d2d6838

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
4b781306eef375e7a60cf1e186ae3d54

SHA1
e9d718868bb4f5bdeb1658da532477159c9e11d0

SHA256
2171b47efeb585994751e106a8014a21fe355109b7de1d032cd7190242e59a4c

SHA512
aa738ade4ba51982fec15d6da8368be77491c0d220b0b0340af52626f6b18478842705472d4fb18d61de9a39e21d5a7e70b53ccc63617ff3147ee9d5a05423dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
137B

MD5
a62d3a19ae8455b16223d3ead5300936

SHA1
c0c3083c7f5f7a6b41f440244a8226f96b300343

SHA256
c72428d5b415719c73b6a102e60aaa6ad94bdc9273ca9950e637a91b3106514e

SHA512
f3fc16fc45c8559c34ceba61739edd3facbbf25d114fecc57f61ec31072b233245fabae042cf6276e61c76e938e0826a0a17ae95710cfb21c2da13e18edbf99f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
6aa6ba3010061a585f390fc288dd069a

SHA1
96b1e6191423517570f283d793cd8cecded2b79f

SHA256
8125734d2b071e2c74f4392525e176f0fbdb9051a65a08518956acdaedc3abad

SHA512
2a43419bb578982c3b423f40a4987f1c517c5ba0dfaeb4ea8db5c3d25242130991bdb814fa764a0eba51c984c46ab458f2cbe11d7fd48ac2a11f6be57271b56e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13334330826175520

Filesize
12KB

MD5
0fd4ac3ec3b0a06e4baa313f5a7679ed

SHA1
0d123135f4e041ead8e65af35a826b09748dd7d0

SHA256
f2299493977ca23a55331ff269093cba46aee25c4043d08c6bdf9800c01dd3b3

SHA512
af32d4977ee9a9d488f26a403b5144216538abc75bb602e3c0c559a11deda8e01ca66447fdd037db848b258ef6ec5a714c60e1a8101e6abe71f9700e675dd74d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13334330826343520

Filesize
7KB

MD5
6cec8c1f1ab982830c2389e78f2db8c0

SHA1
da6e5f474418650b61519b0279123d83550ddb74

SHA256
5d9a0c0142016f8c52a4cfb8475186297eec11546994e7a7fe3a63051f1c8a02

SHA512
1f5c37ed6b5dae14907dac709b635a89fe5ad5f5593c7babd0f2f4f25f8251ccb93a9551daa5e36773c04555d70265371479641943b1743629e61f94a3693072

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
f93e28f9faf20979c5f0704abf9635eb

SHA1
869e6b987d10b32a78469e361ac601adaf843e76

SHA256
3d866cfdf66458342af892360834c3562ba57ae352af1e18f31eca0613a6c7c7

SHA512
88d10ca69f2544e229cff1e00b09053cf35c30a3388ea27f83b34785261234924c64987864411d9b6ff3ee4e8e7d5fdd431cdc1f0a365661458d79132bdc493a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
281f4580f8c1f0370c0173d649a82497

SHA1
1aacb1e71ddcd0681140d3d119c5484c0da202de

SHA256
286655e96097a2eddbb27c0ee0eabd85c94d547c47dad97877e7c25055c2f023

SHA512
a47814096c473c95df5ebc0e9322aa35bcb47f235ae77559dfd6666069d4845c54f9f8fa28242e133b5874d1f2464e75b131f2c16b6810662c18fe68a24a97a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
470050bc695cf12e85328beca8d715fa

SHA1
45f1254f2e26e68430cb55e7e09d9b2032a9fd6f

SHA256
7df9b729a48ae7e94d0aebed9c85aa8d3176808c040edb7319ab02deb245451e

SHA512
43f8b7c35ac9493ec03c67a60edd247a21e809b0cacc1ad1be494e62e334a74310eb4edd5c6d0b39611d7e14c1469647d55d6a56d54a24288a36c77605835862

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
e8be902cc46eae89b831877c4eb98cae

SHA1
30e89723c752b9aeb4e70174819d3938093d79a3

SHA256
199eeaf2609d4e59c33e1a550505bdaa974ad096c586209764185f3a3d0d7782

SHA512
b9add41de51da15a26540d05b03f01679111c444ab2b0950fb78a110896b465632dfada8db4794d3147745a62c54db5bed882aa673758c08677eccffd3f54799

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
50ff576627e737e304805a3af482aa73

SHA1
afb4c3f79ef8edaa474a1a73e2cd797ab91093bc

SHA256
bfc5bbab3564eb47c46f17a46dc973fd1d258a8a10461ca9bb6b9e762a0e702e

SHA512
e136684e53cfba10cf6e46f12ed5141ed998e119306f3a3c801158f7be94e872806615aa67367f2d84b8f4c5f46bd6b89e047ef66562a198e56108765365e398

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
35edaebc0924dcb5ceb9159fcba0a37c

SHA1
b7c47e461b886e50b77836b77029650710e2343c

SHA256
0c392b6afd75c057e0a9ff64e79e81782cf0853e08e06904c05547812ae0c9a1

SHA512
d3402140c5ee3cbad7c7db8d4db21666db6807eb7188cba136c18a4b51704c887c45cd919eeff96c1f03efa6b251d1d5a682dc44e4f54a61d6f1506a75c55fcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
2b172cdd590acccc781f800c83eb45cc

SHA1
269176127707020d92a2e5dbc7c07a38ccd78ebd

SHA256
40b7b8290c5675502b1ffdb4d4ac9bd0b0f2fcd9caf8e5c640999bbbadd88697

SHA512
83072e5afa44e6b31ca2ea3f81e2df20258ef76cb694d19ded344b9af22e760daa8fccd168f66163c27d3dff4cb735a6fa2ac366ab473078734d05c63fb33bfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
206B

MD5
a5ca3a176a4dc7e32b585c60b2145313

SHA1
ae5326adc98e8ac39f74da70ebd37788d8995bbd

SHA256
128967752ef94744acbe3f36ba02cf943cb5333aa0ae10a12f175513390d0829

SHA512
c64db0c362babcc661d803c01deb924bf1d4970e8e250c69ac391bd05abeeeef7d98d167974fca66e14cfe03a95be784c8236ca2fee385c5f7cb4fccf422b61c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
a371793ef5ed16d8c8c8e61dd1f9ccb0

SHA1
fe40b39b067c25d02f992b82770f777c844d9e22

SHA256
555d22ba8cda62be9746131451a5892e9072fbc8911b48a7ec3813e91aaa6751

SHA512
3b0938846f55d6b03a55b9a4d7f69b3bef433001ba76c975d277fd4e65a197063124e460689762bf9289b6563139e0bf7e643d0e8abc9560be7f448f9db26525

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
594B

MD5
9a35b18841e4806729cb6bfa48db08a9

SHA1
32f6b99e4553fef91eab75f7a53a7569e25561f9

SHA256
5bdda28fe599eedf4a0435d3a50912ab615f9885c14982b77fbda6377a7b2d86

SHA512
34027448e44b2c73acab88ac15cef7150f99f3842e43446a0dc0547639c588beb1f77e5cb7ef39fd140f0c9f7103990e837a1429fc0dbaf1d1b25a8234b184f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
12ca2947d2b8f5f57e8c3e0938250921

SHA1
6bc9ef23ff4944109eb364632e11fe5e8adf03ec

SHA256
4632ced342d3bb39aa0545d6bb0cd3f843e58a708c334ce6497a2cbed50be453

SHA512
65f5878a0550223a4f4bf510710e6dd17471c4ac26847008f015d681efb984c863532f45ff71fa4ef329d81a73863098a775c40c9e12149d4b4807e0d290ceee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
1f5d734926903724cf23d4f4fd6b1608

SHA1
a51d57556ef493496eaf5a7a381854ed97ccd2de

SHA256
a9b6c1b86b1faec0ebb80ba8b39ac450cb08d090fab293aeed6ab5bf1985684f

SHA512
d0a00ab84ec3330d408577711a6d03b8394edc292bdb4dd00a4e8dbd82669c0cc463bf04e9b4f843dc4f1cc73eae80006cd58eb685c2d71a6daa717a37a48ac4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
3ba7e0d69cb8af08c1638f33594a2fbf

SHA1
9139556333fad8310dbff6b046c38f81e3c8517f

SHA256
adb4c525d41de058d260933b956b48fcb88848ea1d88fd05d5279f54eb50dbef

SHA512
08b1f1fc1efccb339403d233fc8c4b3ff9e296b7a6aba5abb812036a636dea2357821a2c5542d253100ec490b2011219e8d779c976324fa2cbfab6ba898f2482

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
a38e843295e4b971ec82a0d9e31a0a67

SHA1
ae3287300dadceb6eb2ce6f7249d25f1cdcd98ec

SHA256
4ac4dfeae4e99d7f708fe454c76bf8befe661d7b0da68a09e17c646933aa78d7

SHA512
3de8b35fcf0345c1c2e0331e63369f36f3a1c7467533d3c65ead35dbb520f80e1436356d13516108e0b8a438f7d23fe7a2d49fc2a2f3da0b2036a7d01707e955

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
20KB

MD5
e8e1f8273c10625d8b5e1541f8cab8fd

SHA1
18d7a3b3362fc592407e5b174a8fb60a128ce544

SHA256
45870d39eb491375c12251d35194e916ace795b1a67e02841e1bbcb14f1a0e44

SHA512
ca77d40ec247d16bc50302f8b13c79b37ab1fcf81c1f8ab50f2fc5430d4fabc74f5845c781bd11bb55840184e6765c2f18b28af72e1f7800fe0bb0b1f3f23b24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002

Filesize
19KB

MD5
e3ce979e426e4a349a51baa9515ef750

SHA1
f01511e40be6a2d1f2a912cd82fd47023b3c2961

SHA256
577f842824da7be899ab4cca5906ed3466c6b6f5dff14c3e078fd9d70a6f7ddd

SHA512
4e1aab4f264f022765242a9bcc1e2c7b063d8bad5b343230ccb706c59f0bb553da41dea739330515271fefe80da41d5c29ae5ef4e88c552554c2ee8489be7c08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000003

Filesize
17KB

MD5
6bc4851424575eaf03ebe2efee6073ab

SHA1
2d014fe2feb929d03a46322645a94556ca5c9e96

SHA256
abaded8e235fdf329521806af30a1cc7701eaca3fe2efccb9da760ec6d8e5e4e

SHA512
af3b7d93fa2243475d74d4bd7f918ce2706bf6eca28029b9e49869f5f793e483efaafdfab1fed6306d5fc77a5ed3b27097b27448cd04560bed4df6fa3268ccf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000004

Filesize
17KB

MD5
fc97b88a7ce0b008366cd0260b0321dc

SHA1
4eae02aecb04fa15f0bb62036151fa016e64f7a9

SHA256
6388415a307a208b0a43b817ccd9e5fcdda9b6939ecd20ef4c0eda1aa3a0e49e

SHA512
889a0db0eb5ad4de4279b620783964bfda8edc6b137059d1ec1da9282716fe930f8c4ebfadea7cd5247a997f8d4d2990f7b972a17106de491365e3c2d2138175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000005

Filesize
16KB

MD5
dffb7164984c0c892ad67aff97aab87d

SHA1
df94cce03775263525ecdf1a4f6a55adf2e0b6f8

SHA256
6103cd48521fd7b05920814ed60455f92b327e00330008ec4f161e9bf5135502

SHA512
bc8c4f3643e19b8e2ead7808a433f9b3a07b7c64409b9428ffd5ada52052516bd7eceb77f0d4de1340d0b08b4fb943aeb827667aac9935fc1aa559173daad97a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000006

Filesize
16KB

MD5
4517391bc8c55acdbe1f4c2f0d1c1fc8

SHA1
ac51fcf3271333d222e4cb526431817f48345a43

SHA256
3c82cfe4ef2e80ad0aff5da477f399da7d5c0169968b800b1bd730c7eadbcd8d

SHA512
e85033dd2a4a4038512102052bff9e8a76e7a43d609431d987d436f262e21fcf1e298441cd378590db0742ca65845bd1585a7cba496aebe245a8084dd616e5ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000007

Filesize
16KB

MD5
8feb503d057a1dfc7121b0aa2c7cc10f

SHA1
0d25b47e8482de37b7f615205b8a45162e1049d4

SHA256
e816b1086f600fa2096189c847f34de90dabd33b899de28ce199682eaf17c713

SHA512
a193f820d8719a47d6f52ff9ff2bf76c27ea3611e87a582543c8a55595af25cb3d1bb00913f8c2a4f2ed027ea2749717faf84d75e887f32610dce4d6ce105595

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000008

Filesize
16KB

MD5
a33b3a3fdf5161be5bd861804961f557

SHA1
68a57897f1686a3e62ce9808165e18f31661d077

SHA256
ac33d8bc6d9a5e769472877d7dd3d035f8088274b886b16cb1898b106da48560

SHA512
c94c29a5a9da89044504fe06702f00a7fdd5bc7b85e1733c0cc9a363a812c8d8f95672ea7731643229fa4ae2f1a632c73096d90b63799f5bae7639b41151ccb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000009

Filesize
17KB

MD5
cee822f498eedd3a752cb16a76e4ed99

SHA1
bec6f9c9325134c983a82a16f5bafdd33a9ad84f

SHA256
dae2b9c7bddd3688303dc6a3a9cac80e444c71074bc0986f90f8356ec6a5463c

SHA512
2f55348944aa090fc754d4cf3e66fdc4816b493fdabdd909b3ecab98ade9b00711dd4ed1005d1229ac813f15abdc622fe6bdee948e8c2e846efbe7e3d2e92df4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
bb1890c2634dc528bcac70bc2f0b85f3

SHA1
e91665e98da6d9b5c619e1564517151e334b2e9f

SHA256
f3b17c47f21df7fd15d678b7a60b91e72dcd40813655e7a40acce698c68fb768

SHA512
19b04267e688e02cb20e9c20bcde6d71d4436ae980f47cb16179eeecdcf878d1ca2ea2d3fd4f83d0d03a60c2ade4ed5ac70bed0c000430f9a9fcaa854e10dca5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
4e4148f9e39a950d387fbe9c9aa774ff

SHA1
e91774d015ef54da8a6005884589c8a5594d5a02

SHA256
d37b2594c17601ba116bd9f08140dfcd7456fe10e277fac82db5e1466685cfa7

SHA512
2037a3f01932bc545a42f37cf7bad7307791db0239c6703eb4f2e00abe89d127c96f4efd0418bc701dc95988f032985b28ac2bd3a36db3e65babefed0f9fc896

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
967b72b784832bd7196f923fd9156c8b

SHA1
616c847cf3f6cb3e3bdf5879f2374e2b9199cfce

SHA256
7ccef06d546baf5e1bde856eedcbb86afa2218b62e82aa11065c11f85a9a04df

SHA512
b4334dba7e20b00948b2535b13fb4216a8ff4131e1073d756494584ed1e4d3854b5abe5cf88b7bb8425197c614338fcafb1a2cf6ba74ffc65cb8d9f805c9ddb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
4e4148f9e39a950d387fbe9c9aa774ff

SHA1
e91774d015ef54da8a6005884589c8a5594d5a02

SHA256
d37b2594c17601ba116bd9f08140dfcd7456fe10e277fac82db5e1466685cfa7

SHA512
2037a3f01932bc545a42f37cf7bad7307791db0239c6703eb4f2e00abe89d127c96f4efd0418bc701dc95988f032985b28ac2bd3a36db3e65babefed0f9fc896

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit