5afb01cf9eeec5f1a72dd74355090452920b222efb4ea9bcf391a8dbf3843ad5

Resubmissions

23/01/2024, 22:53

240123-2t11wscbe9 5

23/01/2024, 22:47

240123-2qmdbsbgen 4

Analysis

max time kernel
286s
max time network
304s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
23/01/2024, 22:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PDFSuperHero.exe
Size

4.9MB
MD5

0b41df409946ee29b1204070b0345644
SHA1

66098385dd358993899714860e5dc103127963e7
SHA256

4210bd4762062676cfa261855cf15927e75d7f5d603daf1706b90db4887e9606
SHA512

a8434d439fca4d9da0d147c93cb04d44a04f6a93416ad3a59c8aa86b8832aaedd90065354bb6edd3b6ed4f04ed7d2a13b305786a3dcfa1f75f667fdb24fc2c86
SSDEEP

49152:CqepDZ6KxlsiYJuONuAlrXKGRV6FFkWKxlsiYJuONuAlrXKGRV6FFk4wJbnfUqAM:iRZSwmc

Score

5^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Control Panel\International\Geo\Nation	PDFSuperHero.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2864	1736	WerFault.exe	84

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 53 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 = 3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe1100000068c81fe4552fda01ba9dc1e7552fda014449f1e7552fda0114000000	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\NodeSlot = "2"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe1000000048661de4552fda01212bdc27612fda01314c651c4f4eda0114000000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\MRUListEx = ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Local Settings	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\NodeSlot = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 00000000ffffffff	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	msedge.exe

Suspicious behavior: EnumeratesProcesses 21 IoCs

pid	Process
1736	PDFSuperHero.exe
1736	PDFSuperHero.exe
4564	msedge.exe
4564	msedge.exe
3676	msedge.exe
3676	msedge.exe
1736	PDFSuperHero.exe
3800	identity_helper.exe
3800	identity_helper.exe
3384	msedge.exe
3384	msedge.exe
3388	msedge.exe
3388	msedge.exe
236	identity_helper.exe
236	identity_helper.exe
1672	msedge.exe
1672	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe
4428	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	1736	PDFSuperHero.exe
Token: SeBackupPrivilege	3632	svchost.exe
Token: SeRestorePrivilege	3632	svchost.exe
Token: SeSecurityPrivilege	3632	svchost.exe
Token: SeTakeOwnershipPrivilege	3632	svchost.exe
Token: 35	3632	svchost.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe
3388	msedge.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
1736	PDFSuperHero.exe
1736	PDFSuperHero.exe
1736	PDFSuperHero.exe
1736	PDFSuperHero.exe
1672	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1736 wrote to memory of 3676	1736	PDFSuperHero.exe	98
PID 1736 wrote to memory of 3676	1736	PDFSuperHero.exe	98
PID 3676 wrote to memory of 4032	3676	msedge.exe	99
PID 3676 wrote to memory of 4032	3676	msedge.exe	99
PID 3676 wrote to memory of 2964	3676	msedge.exe	103
PID 3676 wrote to memory of 2964	3676	msedge.exe	103
PID 3676 wrote to memory of 2964	3676	msedge.exe	103
PID 3676 wrote to memory of 2964	3676	msedge.exe	103
PID 3676 wrote to memory of 2964	3676	msedge.exe	103
PID 3676 wrote to memory of 2964	3676	msedge.exe	103
PID 3676 wrote to memory of 2964	3676	msedge.exe	103
PID 3676 wrote to memory of 2964	3676	msedge.exe	103
PID 3676 wrote to memory of 2964	3676	msedge.exe	103
PID 3676 wrote to memory of 2964	3676	msedge.exe	103
PID 3676 wrote to memory of 2964	3676	msedge.exe	103
PID 3676 wrote to memory of 2964	3676	msedge.exe	103
PID 3676 wrote to memory of 2964	3676	msedge.exe	103
PID 3676 wrote to memory of 2964	3676	msedge.exe	103
PID 3676 wrote to memory of 2964	3676	msedge.exe	103
PID 3676 wrote to memory of 2964	3676	msedge.exe	103
PID 3676 wrote to memory of 2964	3676	msedge.exe	103
PID 3676 wrote to memory of 2964	3676	msedge.exe	103
PID 3676 wrote to memory of 2964	3676	msedge.exe	103
PID 3676 wrote to memory of 2964	3676	msedge.exe	103
PID 3676 wrote to memory of 2964	3676	msedge.exe	103
PID 3676 wrote to memory of 2964	3676	msedge.exe	103
PID 3676 wrote to memory of 2964	3676	msedge.exe	103
PID 3676 wrote to memory of 2964	3676	msedge.exe	103
PID 3676 wrote to memory of 2964	3676	msedge.exe	103
PID 3676 wrote to memory of 2964	3676	msedge.exe	103
PID 3676 wrote to memory of 2964	3676	msedge.exe	103
PID 3676 wrote to memory of 2964	3676	msedge.exe	103
PID 3676 wrote to memory of 2964	3676	msedge.exe	103
PID 3676 wrote to memory of 2964	3676	msedge.exe	103
PID 3676 wrote to memory of 2964	3676	msedge.exe	103
PID 3676 wrote to memory of 2964	3676	msedge.exe	103
PID 3676 wrote to memory of 2964	3676	msedge.exe	103
PID 3676 wrote to memory of 2964	3676	msedge.exe	103
PID 3676 wrote to memory of 2964	3676	msedge.exe	103
PID 3676 wrote to memory of 2964	3676	msedge.exe	103
PID 3676 wrote to memory of 2964	3676	msedge.exe	103
PID 3676 wrote to memory of 2964	3676	msedge.exe	103
PID 3676 wrote to memory of 2964	3676	msedge.exe	103
PID 3676 wrote to memory of 2964	3676	msedge.exe	103
PID 3676 wrote to memory of 4564	3676	msedge.exe	102
PID 3676 wrote to memory of 4564	3676	msedge.exe	102
PID 3676 wrote to memory of 1728	3676	msedge.exe	104
PID 3676 wrote to memory of 1728	3676	msedge.exe	104
PID 3676 wrote to memory of 1728	3676	msedge.exe	104
PID 3676 wrote to memory of 1728	3676	msedge.exe	104
PID 3676 wrote to memory of 1728	3676	msedge.exe	104
PID 3676 wrote to memory of 1728	3676	msedge.exe	104
PID 3676 wrote to memory of 1728	3676	msedge.exe	104
PID 3676 wrote to memory of 1728	3676	msedge.exe	104
PID 3676 wrote to memory of 1728	3676	msedge.exe	104
PID 3676 wrote to memory of 1728	3676	msedge.exe	104
PID 3676 wrote to memory of 1728	3676	msedge.exe	104
PID 3676 wrote to memory of 1728	3676	msedge.exe	104
PID 3676 wrote to memory of 1728	3676	msedge.exe	104
PID 3676 wrote to memory of 1728	3676	msedge.exe	104
PID 3676 wrote to memory of 1728	3676	msedge.exe	104
PID 3676 wrote to memory of 1728	3676	msedge.exe	104
PID 3676 wrote to memory of 1728	3676	msedge.exe	104
PID 3676 wrote to memory of 1728	3676	msedge.exe	104

C:\Users\Admin\AppData\Local\Temp\PDFSuperHero.exe
"C:\Users\Admin\AppData\Local\Temp\PDFSuperHero.exe"
1⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" about:blank
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3676
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc527a46f8,0x7ffc527a4708,0x7ffc527a4718
    3⤵
    PID:4032
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,2658473260847076675,10134137079646772332,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4564
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,2658473260847076675,10134137079646772332,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
    3⤵
    PID:2964
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,2658473260847076675,10134137079646772332,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8
    3⤵
    PID:1728
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2658473260847076675,10134137079646772332,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
    3⤵
    PID:1920
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2658473260847076675,10134137079646772332,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
    3⤵
    PID:4760
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,2658473260847076675,10134137079646772332,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 /prefetch:8
    3⤵
    PID:4100
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,2658473260847076675,10134137079646772332,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3800
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2658473260847076675,10134137079646772332,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
    3⤵
    PID:3112
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2658473260847076675,10134137079646772332,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
    3⤵
    PID:2768
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2658473260847076675,10134137079646772332,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4528 /prefetch:1
    3⤵
    PID:3752
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,2658473260847076675,10134137079646772332,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
    3⤵
    PID:2944
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 3380
  2⤵
  - Program crash
  PID:2864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 1736 -ip 1736
1⤵
PID:3768

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4740

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3124

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://portal.pdfsuperhero.com/#pdf
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc527a46f8,0x7ffc527a4708,0x7ffc527a4718
  2⤵
  PID:948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,11133231483662548153,2062220483548881256,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:3784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,11133231483662548153,2062220483548881256,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,11133231483662548153,2062220483548881256,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
  2⤵
  PID:2576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11133231483662548153,2062220483548881256,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:2452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11133231483662548153,2062220483548881256,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:3752
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,11133231483662548153,2062220483548881256,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 /prefetch:8
  2⤵
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,11133231483662548153,2062220483548881256,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11133231483662548153,2062220483548881256,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
  2⤵
  PID:2564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11133231483662548153,2062220483548881256,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
  2⤵
  PID:1332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11133231483662548153,2062220483548881256,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1
  2⤵
  PID:3336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,11133231483662548153,2062220483548881256,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
  2⤵
  PID:1480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2084,11133231483662548153,2062220483548881256,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:1672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2084,11133231483662548153,2062220483548881256,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3052 /prefetch:8
  2⤵
  PID:992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,11133231483662548153,2062220483548881256,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5360 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4428

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:384

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4248

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3632

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eb20b5930f48aa090358398afb25b683

SHA1
4892c8b72aa16c5b3f1b72811bf32b89f2d13392

SHA256
2695ab23c2b43aa257f44b6943b6a56b395ea77dc24e5a9bd16acc2578168a35

SHA512
d0c6012a0059bc1bb49b2f293e6c07019153e0faf833961f646a85b992b47896092f33fdccc893334c79f452218d1542e339ded3f1b69bd8e343d232e6c3d9e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2fcb3a65ae29ab102d08e07bb7d66593

SHA1
585002977ce88f0c311e51438988359eef61466f

SHA256
d5f8e0d32682a1796fdcde4206283673955602bd5f697adb888e87633ca7b7ab

SHA512
2e687bb1250cf558f4474b860df04bc051c66cae5eed7fcd895d4296dfb2a89bd07598bb917edda64d20131ffb373ecc3599dc9de01fd9f739d5491839b9c690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
4a29dde073f8ba74fd82babe867510b6

SHA1
83333707dfbd76bac237e8a987c5d52d462d5508

SHA256
eae6f4ee623460140e2b1b1e9abacf5c87d5653d9ba53dbb3a79a94242ae834e

SHA512
bb530051ea02eee983741f1bf53774e032e20b06dcac20fde3b1daf533e31bc3c1922c24950172ca90515ba33fe3f6163077a8716bbbb86a65214e4e6618e7c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
3d77518d097ad448a28ef899e46356f3

SHA1
5ba68a28413313241e1ba16300506631eea54981

SHA256
8a703bfde64c0b0be95132bca055eac51e079332084f0debeb9c3408a67268d9

SHA512
42774bcbd018e7d9ecc76f3192503efebde26f56fe06678ad744b93388fd0317c0216ade02be8d82edd2d1ef011f7ba9a098ab2e2743a01b2f563ddbdd73c86c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
3b0cdf799f9585b13f7cb2ea0cb29b37

SHA1
14afc047f54fbe2fb1181b3e2188df6575b77328

SHA256
e63093c9da3b33340d9d441ee21e29dac97392ec293a93667ffcb62b27bb3da7

SHA512
902c14a3bf84a846235acf6ed76fefa7f8400fb969ac017a5d5c3c2b804c3bcfda70c4e8a61dda6500b1e80d4a4c60395aeb04a82aed8d3a8b3ba6b79eb4f5d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
fae1338d1f6aa83415ae0f344b13d34e

SHA1
bafdf664699af1cdf0159eb2612f5c47139ddcfb

SHA256
19ffe3512358c88aaabe44b997c1bd9f6237ebef034ba5c1d067d9c7b444aff6

SHA512
6274e171716cce20130aefdfd4eb0dc60aefb614cbab96975d491de0c4664b20d133857c2939fa82f60fbd40eba31f1b9d0b5730282905174ab006e2665d78a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
a007d6bf4bb1406b314007fc77cda21e

SHA1
fa468e068f09b360d43fbf471e2f7668b9759354

SHA256
4b3b955dfd84cdd3b93279d324fbdca63a9d996a18335308f0f403ba9f130d3f

SHA512
703110e25404c7a574f69408cad1b92c670edb22af708b17ee7453443c592f295de3dc3213b535ef0b41476b7379683cd1687369a56927a33f9332e5f275e64b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
853B

MD5
9649d2855c99562e9083118b7dc80dad

SHA1
4126b1c0ee485f14085b43c4cc3099e69ca9da92

SHA256
7367783e15a076242ac6e1408277c13c7bc3822bace4fcac1c49825755f737ba

SHA512
4c1dfc2d116f4f20b4c6ae758315f465643b99f421ecf2271089275e704add9a149d79ab2f2337b84ce081afa3568b2167ebf3e7f8026c1ece0d92760c833d40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7b7dbc9aa6c327e70a497c0d24b919f0

SHA1
35679b6368f7903a801d0dc956f22b78fdc1a13a

SHA256
18a6c15db8348e0e8d8b1dec1d53793512b237f81a4a15a9be69ff9aeb6b116d

SHA512
b0d9e807aef62d6fdaef8977d33853d7a7e8cfd6e939fedc45aa3fe848a3e2fb9ca6a3a406327f01ac1b9057503453b84a267b11461bbc97acf8aa9a479a438b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4a175043bb8fa47e45ec3b18dc0c6585

SHA1
d371a1ed4f23262cff2849508c6b36c14bb88b68

SHA256
eb0e63c5fdc67bed7eae14a1470328845000483da90ec8dbdca1cadab4c7503d

SHA512
2711b9b2552b3679fe3e8b0a0f2200029cd631fd51cdf0957521310ce7716e775d5d2549d508237d5d16c4fc9f24032b2b85e1e3fdb025a91bbb376248ff9f0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4130ac8766e7447bb7f77a665bfeaaec

SHA1
5112c840ea09af867abcdbae02c5c6b74a8e9461

SHA256
f862b4d17014833ea287cdf14299dbf77c46591a4a9a74d9a8f2c3316a03a93b

SHA512
d03273222ccc1eee079b111ef2c54a943adefcd11d6c40b3be7d39d186629cbbb9f33ae18aed59bd63ee8806acc3d3f5e150d88d1a2d1a68dd99865582361f5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8df4bd9eea9389fec7b1c4dc9c9072bf

SHA1
30103fdbbf893cf03e75b0a40ec3e458db96141f

SHA256
2756f058dcde95870d04db4b09218bf3b2cf87e5163509615e786db6a6328d85

SHA512
80bb9ce2d3627d5c7ef2396ed82db2fc30d533f2d0fa2f5801cf0bfa0809f1e142f4456a6e0d9a211c12e7a6b279a36c4379d000cc09c848650146a0d680da08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4776a1c776339217d3e3af9cf0ad049d

SHA1
8928a2dcb5182631d4d78ceeaf1baae9472e1f22

SHA256
41105e8643c37fb40c563642b6d850f433aa15e9eeb5c6052f350ef65724abe4

SHA512
2c71ae2ca4a6cd6737ac0bbf5939ef941a8c7eaa6890c702a2c757117c445971539458d906ace2f0c503a74d5dfab52b3df57204855566d1a18e9aa71e354514

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b1d227efb954ddb3ac4b6bc2d7d74139

SHA1
cf88a12adde10d9a67fba2fa9d21fade57b7387b

SHA256
f63812ab46cda08dd645003d17e5cddaa4a3dd2143a9ffa4bc80488a7eca5595

SHA512
b16850154b2b3ae7b9cf2b0184c5554518b97e383bc8bd024216cf52ac438143948010dc55a2fff5535db14c1ce1f05976546d50e3e6ace21fd948ee291a6fae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f3bbd00f3828376f236c67abf03cb69f

SHA1
6cc2c17b30ffb46d718eb14f174b697bfb61758e

SHA256
72f13039faf2d899bda4fceb8d327620a0b5d61afc25ac17db3cc06f02d10c9b

SHA512
7e491a56215cf72c3f4fbd918b651941042f757933c99e2f9a939b264539dd3069935ef343c638d3760efa4d6ff30de7333fe106e422121eda1e2f1d968431d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
2bbbdb35220e81614659f8e50e6b8a44

SHA1
7729a18e075646fb77eb7319e30d346552a6c9de

SHA256
73f853ad74a9ac44bc4edf5a6499d237c940c905d3d62ea617fbb58d5e92a8dd

SHA512
59c5c7c0fbe53fa34299395db6e671acfc224dee54c7e1e00b1ce3c8e4dfb308bf2d170dfdbdda9ca32b4ad0281cde7bd6ae08ea87544ea5324bcb94a631f899

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
c5c698cca1a90202ac910ef6667a9d99

SHA1
49550076e0e210e345aa89ed9a8522d7c6352fde

SHA256
921db7bc9f20c5ea1f38224ff96043be6e88b341f8d7226f147a98232e81e36b

SHA512
c5bf235f4063aaa03ccd1ae3277903c71c31860bab13e7ab201e6860b3f419bd18140e9ed47a4317004d27ea2a7078c4fa56f2ee6d5de77b04ccd47c46181d6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
156B

MD5
fa1af62bdaf3c63591454d2631d5dd6d

SHA1
14fc1fc51a9b7ccab8f04c45d84442ed02eb9466

SHA256
00dd3c8077c2cca17ea9b94804490326ae6f43e6070d06b1516dfd5c4736d94d

SHA512
2c3184f563b9a9bff088114f0547f204ee1e0b864115366c86506215f42d7dbf161bc2534ccaee783e62cc01105edffc5f5dabf229da5ebd839c96af1d45de77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
892050d2cbd8bf27e41d5d44d9a20304

SHA1
fd30972eada93bb5080af813f4e6affd5303769d

SHA256
a62436ce3d6e542cd91d71dfc55c3519fa303ec25a9fcafc84f2a83379aabf18

SHA512
88f1862af8c53c1d31ef728cb7565d3007d787e6b32727d9b4f8dec566b05a96dfabe9065528d0d64d170135c915f224766f9a354870907352759c3091aa6463

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13350524041646885

Filesize
3KB

MD5
5a89e6999bccc6bfb62847deca007108

SHA1
ce7566ef423ad2485e118b2e96ddaea3d1dceea8

SHA256
fc54528ab9e4dd428e97f46874aa6f4d74e2ce3629ad7ed5101363084bae7d81

SHA512
9370b56a97ffe6d6410a223afa1922360d3c82aed7911a6c643f99f33a88631af2de4996cc0f15e4fcad706925ea1d6c37c558cc84c8e8832529616f628f91b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13350524042021885

Filesize
2KB

MD5
3912ec85d0866da51c91ba6877abc43d

SHA1
06e4bade06948f2a39955b0a27ae483e7b5dd5c7

SHA256
3722b9dd557b2489681b5fa07f3e5a12ee8715e46ce6cfe0470fc6904169327c

SHA512
05ba48635ee801781d0a59f4de6c5565e0a7eecfa7590366e4d435ba58f9c36d24f8ad3d364389f249e5bb67fabda5fd3f94fa9b912dbee84846bdea1784ad9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
5488e6c20f4c450a4cf81a4be4bcdd68

SHA1
bc381bb9ef267ee63296723c73a32689614facf8

SHA256
ae3bcc0018aca3f1ea2e7985238e462d5889fdb04543dbac4e69933a99d6137e

SHA512
d18c5fdeccbd8f01c223b0f7d957e9d31eaa154e93d6a1927c3768cac404ffff672235afbb81cd8b4127bd2348068df56445746124595cb148d3322a2aaf3fe5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
c1b7a21d3342efa27e47ab614b4fcec7

SHA1
3be25b099e27f57e7dc9a543a8e9fc23a6264d0c

SHA256
8a406ca0e393bcdc82f0bc6260b2e780a30e653e4806fa0072f7267c1c32cedb

SHA512
0e483ce1458512067cf6985dcaa4c3ee70b0a872b4fe0332fc6294a4bdc925c3eed039014c73c2a335199c9362ad535642e76516d05ae731cabfaf30eb7fd6ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG

Filesize
136B

MD5
5c3586bdabb01a27221d8154a662f6dd

SHA1
24b8169f1134c86d46371c4b9fb037ece0184d6f

SHA256
693401f867073caf004a403572ee7b78468cc4908b85c3dd5eeae8841eabfc82

SHA512
da26ea17b87c9ece6c41dd7c34d259e9ab99507e9b3bbf3a98f7056dbcc522bc762a1f6121a68a32c056668e3a8307c02db2ad1c0f12a742b95fc52fbd12ee1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004

Filesize
50B

MD5
031d6d1e28fe41a9bdcbd8a21da92df1

SHA1
38cee81cb035a60a23d6e045e5d72116f2a58683

SHA256
b51bc53f3c43a5b800a723623c4e56a836367d6e2787c57d71184df5d24151da

SHA512
e994cd3a8ee3e3cf6304c33df5b7d6cc8207e0c08d568925afa9d46d42f6f1a5bdd7261f0fd1fcdf4df1a173ef4e159ee1de8125e54efee488a1220ce85af904

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
9b62d601e8e6fe2d9b12169a56efa1fd

SHA1
a6cc5c27a0ad11ef97ef426681eecc786c5f56e8

SHA256
2fcf0ca02e9a85ba6856397eeae0347c11b25624887611682cb0d70648425272

SHA512
f2739fdc70954e2083a835ab7985d25308d982509eaeae3a908a2d044dc75a3dcfb2384d4549f5504cf10ded9f648a8ecfd0034d6cd311b8fdece160358f6e38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
206B

MD5
9702b71d43e4fad1b826c860768593ed

SHA1
115d42eafd684d5ea828a5eba6dbf52bbdbc1795

SHA256
ef524b88dfd02dc597d903a237c44b96991bf18853a1d08d774467b721e2efbd

SHA512
2289342a0ee9260200f91da315327b69f9b64580f709ecd7be5335ea13bb9cceb1964f64af98e6af9460a9e35cad6c044cdeafcfb924e01d118f288063fb1f4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
0cc12ff33340db914b12e7e80c92cfad

SHA1
cebe5391da689c9794ed776ffcc5e0443b75b537

SHA256
bf3a004e8f44e7c2060e55bc2c5fbf8969357c00cb4fae7b9f95d56c8b18c9cf

SHA512
f326680a9ccd9c4c456a6f88107559ac580e69bf552c2b3cb4ad4b7038303ea391ae639129e071db01945d761e13aa147584ca02d8594c0e2d5fd5b5e5e8b57e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
594B

MD5
3b3498e235fdf541ac71ead2f9d3f3b1

SHA1
ad9e49bc4f4e5c210c2d9d308f534aa3c4c3c5b4

SHA256
33c598816e7e25d59dca1cdf6f198773ede36a662b7787c030b9a6f49f7f345a

SHA512
75358c0b7c084492d087e9a0fbf4b185483b5008cdb67ee2a28a06acaea3837f908926cb255f1065ed548082045bbb74446856f0282fd99919907e93cbdb935d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
8d85b75b2892b6ad5dca81094ff43aa1

SHA1
c65659806e20957f0a9fecf4b93902b826d4f806

SHA256
dd7906bdac84f0d2e2b3e7453d8460aa26eb218af7ef73900c94d009d09d907f

SHA512
25e9076dd022ed8275ac13b74ff7e1519e5b18a8fe31fc8918ec9083de783bd1cbc0a335d2a3f5b1a33d8678f1d46545d4d29199f1dfa54ec470ed7330e847fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
df3f7ffa277ebaaa9a6dd0d49fef2765

SHA1
041b28c006be22a94d09402220e231ac8369e8d9

SHA256
1d3a008e65efe09eb26c9440a7f2ac96829eddda363a5d4fb2591fab56631bd1

SHA512
4d5ea5ad05e60436f52ca90e1abda33319d3c9b17cff0b92ca84651c8c4d19ebbc0f91256a893d9dd927bbc0075662446acd01ba4f71c7ccfd7b97fd373c547a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
11bda5748647b49e124f31aaa919739d

SHA1
17aa821d0e3d83d27afa539176fc34c6c5c655c1

SHA256
8e248fb8588f4e2a4519b67a4e82b339ad0754e96ba53404ef07a529a5d9dc2d

SHA512
ee202206371e8f72ba90a5bf6cd78900362221c5fa3d256bc264b2328227d3f6c5463cc3210586402c3f8d41b6c9a49bf2d2d76841c166fab1704f34a5ff2d86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
413c31384e951789a55d4c1166bcb4d2

SHA1
245e8f1828add3f887e3be2c0d78fb5873db77ec

SHA256
8ab517f69aac08ae25c5a9d9687ebf97c8429a3970a3f1a887426b371651e231

SHA512
c9ca4c45ce8780dce381424fe69a129688c8e3579ef19b0989f3130deb76f3ef01a3bb150eb3ccc64f4a4f2a26a15bc9f3a6b33c7fde8ebae71905e182682502

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
17KB

MD5
913728da90cf90d8e78af59c60b47c3d

SHA1
f42f2a545d4fcaf4f76d0f060f52e33a47df7f1e

SHA256
b0b478f9aa6aaf8d5811e296047ae1f8ee07f4c4998fe9d7b960755ea1fafb82

SHA512
3af86e053dd56aef03e6f967a49b1a0d492616a71e2e49090e0c8e5cbe58ff37ccc55e91f06bf34096059a49f3de84b0bca587f3f17c366f97c0f7a0fd17c974

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002

Filesize
22KB

MD5
1ac9e744574f723e217fb139ef1e86a9

SHA1
4194dce485bd10f2a030d2499da5c796dd12630f

SHA256
4564be03e04002c5f6eaeaea0aff16c5d0bbdad45359aef64f4c199cda8b195e

SHA512
b8515fb4b9470a7ce678331bbd59f44da47b627f87ea5a30d92ec1c6d583f1607539cd9318a5bccf0a0c6c2bd2637992e0519bd37acdf876f7a11ed184fb5109

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser

Filesize
120B

MD5
a397e5983d4a1619e36143b4d804b870

SHA1
aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4

SHA256
9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4

SHA512
4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
889274bce8ae29543f2a259677b6883a

SHA1
f53a646e9fae9d00a2c099739700a0510a638816

SHA256
802329a6e103dbafe10a060642917dc75bc78dbd60e63bfbb7b8fbea1b2949b6

SHA512
e10209d882a2f9eedabf0de2965a1403c979e4923a4d2d6f925a4a328a51a6e11a6dd163aeebb63d8d7e4d81e1aacb573270792d5f2e7374b93023f5126a8c36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
76d1d170758b42aca1ebb94fd84553ee

SHA1
1b59cb6c158ca2b93d7d550ab660ef40771d203b

SHA256
75870b797804140b87b3aa8f11bf8f4584e294af46eccf6967fe2eb0eabcdf2e

SHA512
b729d1360b6a50dfe0405e24bcd80e81edfcca0b8d00295ba3e9ae49bfa67339aeb1e77ab949ef8b62b87e199b0a2c3199ed658746e63c57bf28f628d0206102

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
960625debf39f2bf7fe6c718d47c8a63

SHA1
f68c5c7ba8a6ddad79fa0af05ba3827766e5c8cb

SHA256
7e613db6a6c03366868ccd2fa6a517b275e755f239d820d1fdf23a90c44a74ae

SHA512
a14e02ec879f8b8337047f7b9741ae3a6b4a2ba411a56b24d101b0d66d062da187a39187bd5990dff750b3f7d335c302a6bd07e23439f406bdffc890bbca8879

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
4B

MD5
bde218822c8cc90a03e5f206caa0e81b

SHA1
72c41f15211c553b09a13f7b1197de25cad70bdf

SHA256
ad3754af122c4888465dc09d54100b76e5ac8a7864f560384e696adb604ad325

SHA512
ec44cefadc0b701ff3d5f735af424742a143853d172dd7825069e0ca53876938901d82e88c60a687dcf47d2134bcf608d551d0e1ba6a328c7ee423753709b256

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
e33f2ac8ded0954551ad76731e35f411

SHA1
34cb24a046001ad581acd7e351ee402e418577fb

SHA256
25cc53cedcefaa54cccf6facd1fe34f718a0d1ad9f492ce44209bf0e2cda9d50

SHA512
88f8acf4471b98368774a00819d3cddd2f04de3264230e461a7b50efa6b45ec73ab0d05977fb7e36d3bb4f39b204cf8a3eac7d65efd77fd683a4b8f7f6b35443

Download Submit
C:\Users\Admin\Desktop\PDFSuperHero.lnk

Filesize
1KB

MD5
af6b4d9d768bf933eb88fb7761263c27

SHA1
64c13b2dc8493855dd98d371bd5ff70ba0c9182b

SHA256
0509e071aadf9e8915ebbe02a2847f9baf21ad44918e66b1a583b7b142388c06

SHA512
ead7f35fde65573e4c7c07b0c67e409d8ac896da0739b9eaec31c74e70bf505e3c2b60121e7d185c7ebe0d4ed20f3fa12c69b79bda337b1b4673e161b3c9275e

Download Submit
memory/1736-30-0x0000000005160000-0x0000000005170000-memory.dmp

Filesize
64KB

Download
memory/1736-0-0x0000000074FA0000-0x0000000075750000-memory.dmp

Filesize
7.7MB

Download
memory/1736-12-0x0000000074FA0000-0x0000000075750000-memory.dmp

Filesize
7.7MB

Download
memory/1736-14-0x000000000BBD0000-0x000000000C376000-memory.dmp

Filesize
7.6MB

Download
memory/1736-11-0x0000000005160000-0x0000000005170000-memory.dmp

Filesize
64KB

Download
memory/1736-9-0x0000000006D20000-0x0000000006D2A000-memory.dmp

Filesize
40KB

Download
memory/1736-8-0x0000000005ED0000-0x0000000006224000-memory.dmp

Filesize
3.3MB

Download
memory/1736-13-0x0000000005160000-0x0000000005170000-memory.dmp

Filesize
64KB

Download
memory/1736-7-0x0000000005160000-0x0000000005170000-memory.dmp

Filesize
64KB

Download
memory/1736-6-0x0000000005520000-0x0000000005586000-memory.dmp

Filesize
408KB

Download
memory/1736-3-0x0000000005070000-0x0000000005102000-memory.dmp

Filesize
584KB

Download
memory/1736-2-0x0000000005720000-0x0000000005CC4000-memory.dmp

Filesize
5.6MB

Download
memory/1736-49-0x0000000074FA0000-0x0000000075750000-memory.dmp

Filesize
7.7MB

Download
memory/1736-1-0x0000000000130000-0x000000000060E000-memory.dmp

Filesize
4.9MB

Download