hxxps://acrobat[.]adobe[.]com/id/urn[:]aaid[:]sc[:]VA6C2[:]6028c7dc-509a-4165-8061-b0bd2debf811?viewer%21megaVerb=group-discover

Resubmissions

29-04-2024 14:10

240429-rgt2psce45 1

29-04-2024 14:00

240429-rbae4scc69 5

29-04-2024 13:58

240429-q9vy2acf5s 1

29-04-2024 13:52

240429-q6gx1ace3s 10

Analysis

max time kernel
65s
max time network
67s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
29-04-2024 13:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:6028c7dc-509a-4165-8061-b0bd2debf811?viewer%21megaVerb=group-discover

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-540404634-651139247-2967210625-1000\{95F8ABDD-94BF-48BD-929B-B883B3956976}	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid process

5068 msedge.exe
5068 msedge.exe
4792 msedge.exe
4792 msedge.exe
3348 identity_helper.exe
3348 identity_helper.exe
4020 msedge.exe
4020 msedge.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

msedge.exe

pid process

4792 msedge.exe
4792 msedge.exe
4792 msedge.exe
4792 msedge.exe
4792 msedge.exe
4792 msedge.exe
4792 msedge.exe
4792 msedge.exe

pid	process
5068	msedge.exe
5068	msedge.exe
4792	msedge.exe
4792	msedge.exe
3348	identity_helper.exe
3348	identity_helper.exe
4020	msedge.exe
4020	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe
4792	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4792 wrote to memory of 1520	4792	msedge.exe	msedge.exe
PID 4792 wrote to memory of 1520	4792	msedge.exe	msedge.exe
PID 4792 wrote to memory of 632	4792	msedge.exe	msedge.exe
PID 4792 wrote to memory of 632	4792	msedge.exe	msedge.exe
PID 4792 wrote to memory of 632	4792	msedge.exe	msedge.exe
PID 4792 wrote to memory of 632	4792	msedge.exe	msedge.exe
PID 4792 wrote to memory of 632	4792	msedge.exe	msedge.exe
PID 4792 wrote to memory of 632	4792	msedge.exe	msedge.exe
PID 4792 wrote to memory of 632	4792	msedge.exe	msedge.exe
PID 4792 wrote to memory of 632	4792	msedge.exe	msedge.exe
PID 4792 wrote to memory of 632	4792	msedge.exe	msedge.exe
PID 4792 wrote to memory of 632	4792	msedge.exe	msedge.exe
PID 4792 wrote to memory of 632	4792	msedge.exe	msedge.exe
PID 4792 wrote to memory of 632	4792	msedge.exe	msedge.exe
PID 4792 wrote to memory of 632	4792	msedge.exe	msedge.exe
PID 4792 wrote to memory of 632	4792	msedge.exe	msedge.exe
PID 4792 wrote to memory of 632	4792	msedge.exe	msedge.exe
PID 4792 wrote to memory of 632	4792	msedge.exe	msedge.exe
PID 4792 wrote to memory of 632	4792	msedge.exe	msedge.exe
PID 4792 wrote to memory of 632	4792	msedge.exe	msedge.exe
PID 4792 wrote to memory of 632	4792	msedge.exe	msedge.exe
PID 4792 wrote to memory of 632	4792	msedge.exe	msedge.exe
PID 4792 wrote to memory of 632	4792	msedge.exe	msedge.exe
PID 4792 wrote to memory of 632	4792	msedge.exe	msedge.exe
PID 4792 wrote to memory of 632	4792	msedge.exe	msedge.exe
PID 4792 wrote to memory of 632	4792	msedge.exe	msedge.exe
PID 4792 wrote to memory of 632	4792	msedge.exe	msedge.exe
PID 4792 wrote to memory of 632	4792	msedge.exe	msedge.exe
PID 4792 wrote to memory of 632	4792	msedge.exe	msedge.exe
PID 4792 wrote to memory of 632	4792	msedge.exe	msedge.exe
PID 4792 wrote to memory of 632	4792	msedge.exe	msedge.exe
PID 4792 wrote to memory of 632	4792	msedge.exe	msedge.exe
PID 4792 wrote to memory of 632	4792	msedge.exe	msedge.exe
PID 4792 wrote to memory of 632	4792	msedge.exe	msedge.exe
PID 4792 wrote to memory of 632	4792	msedge.exe	msedge.exe
PID 4792 wrote to memory of 632	4792	msedge.exe	msedge.exe
PID 4792 wrote to memory of 632	4792	msedge.exe	msedge.exe
PID 4792 wrote to memory of 632	4792	msedge.exe	msedge.exe
PID 4792 wrote to memory of 632	4792	msedge.exe	msedge.exe
PID 4792 wrote to memory of 632	4792	msedge.exe	msedge.exe
PID 4792 wrote to memory of 632	4792	msedge.exe	msedge.exe
PID 4792 wrote to memory of 632	4792	msedge.exe	msedge.exe
PID 4792 wrote to memory of 5068	4792	msedge.exe	msedge.exe
PID 4792 wrote to memory of 5068	4792	msedge.exe	msedge.exe
PID 4792 wrote to memory of 540	4792	msedge.exe	msedge.exe
PID 4792 wrote to memory of 540	4792	msedge.exe	msedge.exe
PID 4792 wrote to memory of 540	4792	msedge.exe	msedge.exe
PID 4792 wrote to memory of 540	4792	msedge.exe	msedge.exe
PID 4792 wrote to memory of 540	4792	msedge.exe	msedge.exe
PID 4792 wrote to memory of 540	4792	msedge.exe	msedge.exe
PID 4792 wrote to memory of 540	4792	msedge.exe	msedge.exe
PID 4792 wrote to memory of 540	4792	msedge.exe	msedge.exe
PID 4792 wrote to memory of 540	4792	msedge.exe	msedge.exe
PID 4792 wrote to memory of 540	4792	msedge.exe	msedge.exe
PID 4792 wrote to memory of 540	4792	msedge.exe	msedge.exe
PID 4792 wrote to memory of 540	4792	msedge.exe	msedge.exe
PID 4792 wrote to memory of 540	4792	msedge.exe	msedge.exe
PID 4792 wrote to memory of 540	4792	msedge.exe	msedge.exe
PID 4792 wrote to memory of 540	4792	msedge.exe	msedge.exe
PID 4792 wrote to memory of 540	4792	msedge.exe	msedge.exe
PID 4792 wrote to memory of 540	4792	msedge.exe	msedge.exe
PID 4792 wrote to memory of 540	4792	msedge.exe	msedge.exe
PID 4792 wrote to memory of 540	4792	msedge.exe	msedge.exe
PID 4792 wrote to memory of 540	4792	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:6028c7dc-509a-4165-8061-b0bd2debf811?viewer%21megaVerb=group-discover
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8797646f8,0x7ff879764708,0x7ff879764718
2⤵
PID:1520

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,11137465513886809832,10494527904090072703,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
2⤵
PID:632

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,11137465513886809832,10494527904090072703,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2448 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5068

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,11137465513886809832,10494527904090072703,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
2⤵
PID:540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,11137465513886809832,10494527904090072703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
2⤵
PID:1544

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,11137465513886809832,10494527904090072703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
2⤵
PID:1864

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,11137465513886809832,10494527904090072703,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6084 /prefetch:8
2⤵
PID:4392

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,11137465513886809832,10494527904090072703,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6084 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3348

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,11137465513886809832,10494527904090072703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
2⤵
PID:4140

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,11137465513886809832,10494527904090072703,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
2⤵
PID:2224

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2000,11137465513886809832,10494527904090072703,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5612 /prefetch:8
2⤵
PID:992

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2000,11137465513886809832,10494527904090072703,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3416 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:4020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,11137465513886809832,10494527904090072703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
2⤵
PID:3476

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,11137465513886809832,10494527904090072703,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
2⤵
PID:1116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,11137465513886809832,10494527904090072703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3068 /prefetch:1
2⤵
PID:4172

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,11137465513886809832,10494527904090072703,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2252 /prefetch:1
2⤵
PID:4500

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3204

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1228

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
2daa93382bba07cbc40af372d30ec576

SHA1
c5e709dc3e2e4df2ff841fbde3e30170e7428a94

SHA256
1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30

SHA512
65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
ecdc2754d7d2ae862272153aa9b9ca6e

SHA1
c19bed1c6e1c998b9fa93298639ad7961339147d

SHA256
a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7

SHA512
cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
Filesize
27KB

MD5
a397504614991d416479c829bc14ac09

SHA1
9be9a5379325c31a4097f0e0fde168a1148ee695

SHA256
23268d0894d0a2e0ae69d120ae43f07fbea74979eb3e0839dfefb6468ce3da5e

SHA512
85ff4c5fb29eca41c9fdc935b0fc34242ca39976a274bdc4cb82198d4bfa3eded6a35f95f4b638e85a689ab31ccd85cdb9815a824df4738d50a4db9e15e209c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
4KB

MD5
ac2a6f2cf21a9d9ac4b18132c632200b

SHA1
364db5e661fa1691f48322a04e278bb2dc07cf88

SHA256
05b7119dbb6a4d470238a588ba9751275c7bb1e572a7ca90b9a4f2000f685972

SHA512
4d098191a7e21a9aa2c39b502168f5f66bcbed210135d72864d654d7a1d67a93615a903ba12ca69ed06a4c4e6d598998f8ea0a49feb0cf1b235a55aee949e5cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index
Filesize
96B

MD5
55be4b16f74528806c711b24e5813e58

SHA1
4d34af6a6a63c388d44e5656d9f1824748ef68f7

SHA256
3f7a57031051990effa03fbfa6e6accfcdebf7dc0b52713f0a2dff02988f6884

SHA512
5717bfc095603f361a42c0a2955f49e92ddc72882e66be60c00bb1c26baf3cd5e9c9254cf066fced9bbacb64876a164e74b63e45eaa00293fdf3948744ecd6e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_acrobat.adobe.com_0.indexeddb.leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
e40d638dd273f7a6dc6d3c5184542371

SHA1
06710edb97c17ee5bd3bd7ffbd67223868c0aef0

SHA256
56a420adb43e3a8118e5ba3442cb630ab36c0a3596305a29acebd940d4c02f7b

SHA512
8def2cf156c7b183f47e09e5c5c0b26d5a966dd3dd99e8ae3000ede990c948b1fd849d8fd94af7af998649600ad3b1bb9125d2c143102e6281da815484f7e7fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
f5d5c05013f366fa36450778a880c018

SHA1
68a331232922326d5516e948837ac7fe1b35694e

SHA256
5d3ec79928653ed0d3a382e9f5683348f35f7ffa8e7cef7237bf8121cda37406

SHA512
17829beeb4d6f288efb7efe870006457f1b7db83b312d2a7bf9e7504dde077f7a54df68d2fa5a078a23bee6941efbe8c294bf31e332e415c0ed864a45651d3c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
00d1c3fe7b9b0eac2fd79b7221c6ef07

SHA1
2289cfc14334e47f831acc3df6d43acf6f01a4cd

SHA256
5746c04932e854e7e79a15f6aa9274f45ae7f24b544c781c0a9eddb27d636a04

SHA512
6402b625c117a9f8faeb1f7d47dd4022980dbe40ace2d9d5a0ff92d76eb36d421d97b8d1a3cec736c4a2387fb8b81cfb194079a2fef67a4ecdc7c29d3057b5ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
d4deee9b0355f22207ebae1112bd5f57

SHA1
336f8d2bec13b837534c64e536ab3b84cea941d8

SHA256
5e9433c5fa25ef26e8864e03f941c27a904c0fa3533134f56073e12dbb59b280

SHA512
21dc1635ae87aa9f129b7397154ddb77cc796fc025a2d59b5a16b60314a19393991f8fbac44d4147eb26179fa3f391bad518d3b27dc2a12c5bac9b5976d57553

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\7b539bde8ca0807396a791d6ee4db1189d0e5380\aa7c7f0a-4cf3-4365-888c-05a3e482a675\index-dir\the-real-index
Filesize
72B

MD5
25c735cac0d17ffe9b9011a4ccb8e7ad

SHA1
b35797ccd8c302f6a679197c8395f705aeebe91c

SHA256
9233fb469e67a89ad989eb59602d3cb641a184cff536cfa95304acb6a01353d6

SHA512
1a2c0e56dc3b00e62b589baf8d9819ff3633906ed09d7cc753a2aea2fb12852e4cb0765a716f86b2c28afbc692f72d4046eb41c7679465ee2efd1db7fb43cc8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\7b539bde8ca0807396a791d6ee4db1189d0e5380\aa7c7f0a-4cf3-4365-888c-05a3e482a675\index-dir\the-real-index~RFe57b064.TMP
Filesize
48B

MD5
da733444312b7425a347976eb219a049

SHA1
d9fab4a45174e5e35ecdcab7112e03d8083a87ad

SHA256
0a1e07a8b90557f42f307723d492095206f8fe3da58f6ef06ca342a75ed43a4e

SHA512
8e6bdbb3c20c1f0737c67cb0bf52677b21d08b02d1da77eea14ebdfd4646c22dbdf76773e40531836182fdb84939dacb8459949d4eef82987fd77e6a40b57447

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\7b539bde8ca0807396a791d6ee4db1189d0e5380\index.txt
Filesize
129B

MD5
01ee0cb141a149f262882554046ddf0e

SHA1
b20e856b01ed0d0f574e47406ac86f24a04cc53d

SHA256
23c6e152073fbd8a1dfdcebdf61e66e55d7607e9d40bdf0423e86c942fc71790

SHA512
56ab1614cce17ab873148be4ab058c686e9f01ec7ab369a2042081170a144b98b50aac55a2b267b74f01e9e0728a25ba7facee5d19b7e16d70797c54b6a71a11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\7b539bde8ca0807396a791d6ee4db1189d0e5380\index.txt
Filesize
123B

MD5
8ae9e8d6a1182d6ba4386485d0a44c58

SHA1
d93ea7b30d9f7cd5fec963f97d7d7c98b7b00a5a

SHA256
86b9423103805a69ba393220e3c38cf02bb8c659d2f6dd5b8f46098657df2d9a

SHA512
04d8e5cb4e655fdefa7105ee1ede69c38ea10f78f3d7742850cd4c943b20eb449e2948adc90b37520b10576d9d0a65b9b2877d4755b822e73e2537819755186d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
72B

MD5
392349f13ab2316332e34a8017c149e3

SHA1
654894be9cf78ca5cf605ba03d2f8701824ce19d

SHA256
8962be7e34e8472246df4445fa89b8f86cc10294422aee5f124beae00fd71b78

SHA512
81668742ba2b7b64208f8dff38b66c70dec98ad63c1284388d6fac7070ca5dff54cc4fc151ee755be925c6b5663f4841be02951ec29147d9e9d97a92d06782ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57aff7.TMP
Filesize
48B

MD5
d7850185b67577379bda744a47997ffc

SHA1
b2f67779a734e0c4533f0778b9c129f904789cc2

SHA256
cb38a5be634d9e9a14a0abc55f5e37ba89fc7c9f4c083cbea2d6ddc88418ccc5

SHA512
bdd8d60b4decd5de74c002f8651276e2bbf95ce9202480bac7ddae2394c6e04a2809a22bd5e72716c6bca738d7ea704bd48f80bc12d6bff445b1280414413ccf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
3KB

MD5
c3f64d794e75d3e72b72047fcdf59ae4

SHA1
e18ea56e0f98d9f81e9f45b97687b192ca2339c6

SHA256
3d74985fb393f135b96844d81110699d30d0f4387e7d98cd7fc30510d31d20cd

SHA512
00ff3081f7b7d3c2c2a4bfcffb30c93b2ebe7c42af02399979338f145cee15a91211ae7a00e75ca7bee779f1a69a1ba6051cf1ec808c11c2087a58553ba180c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
3KB

MD5
a007016952bcbea67033c2a29b55a68b

SHA1
0b9c4f1a97c54ce86f52c86614928d61d3f79e75

SHA256
53c66a880963008c0e03a3f66a0c0d5bc8cf7585869e53c1d88857768b0ca9ef

SHA512
5523ca8cef3765404166cc9ac3c85a1ec80dd6d1625ea0bca3641ba345ef68aeb978c92d4c61440247b6dafc3ce824a75c74c01fd76ad63daa6ac62770eac163

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
3KB

MD5
93d3d116d72b89c9999f5a2881bf331e

SHA1
38cd45fcf8f52dc638efc4d6aa9de608d25aff39

SHA256
e59f4587a78f987a951d7ee6be2e92f8ddceb13b96dfacf633588a48dc3d0d3d

SHA512
b1cd47a5baaaabaf78c1d0b09ab00f8a175e8f1c14b00a6a9637daf7dd5bb1091831ae315bfbd074c112dbeb3c175668c898ac62b3bb55971829536e4604ecee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
3KB

MD5
5d917da9b9d19213ae0fa6e274e6f7f4

SHA1
4219f012d61d1185d4bbd94dcd933a1650b11c18

SHA256
42e8f313ebcc74cdeb4bf4ca4d2f7c7046299636aba52f0f2a1b11ed8845b1a2

SHA512
8c606dc44947617e29af46b880e4acd950313e82e517c5ecdb2b6d964a676edcd975ee6257a6376ea9abebbbf108f6ae8ac1118114026ea0bbb60816ae78e57e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5789f0.TMP
Filesize
1KB

MD5
76ba131a4e94988fa816474dc986b0bd

SHA1
59de3207006fdf06a50698c75ec056edc78a26c4

SHA256
25fe2b38862df0f96ddc4bbfbb629947a0092a4c3cef1cb099e39567487b2a2e

SHA512
080d8b3d7f66765d5bf8d2297c0ef4159bbaea8635a3dcbfbc0da84210602a611e35e13fde785f0d371920e78bd088a1a793c211254ce1bd4bca22ef7f25102d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
04efaf8c88a2a2370ad692325a5b2239

SHA1
a47fd499cc0488815eb1171ebebfebbb9860ebf7

SHA256
17049ce811f485f70dfdaf0f514f1a9e6aa33e025b06801e7d084677e0849bee

SHA512
75ff2bf68410c3fb9f37f4c19aacd808f607bea4f12382305d32e7a4ac5058a82b7bb0de3478fc76f672d34c3412b7be7b9ebc4096e9437a5721eff7394994b6

Download Submit
\??\pipe\LOCAL\crashpad_4792_AHBJDRVEDITJSUGD
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit