hxxps://acrobat[.]adobe[.]com/id/urn[:]aaid[:]sc[:]VA6C2[:]d4e63487-9789-4453-8d1a-19f054ef02ae

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
30-04-2024 15:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:d4e63487-9789-4453-8d1a-19f054ef02ae

Score

10^/10

adobe phishing

Malware Config

Signatures

Detected adobe phishing page
phishing adobe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
3020	msedge.exe
3020	msedge.exe
2272	msedge.exe
2272	msedge.exe
4928	identity_helper.exe
4928	identity_helper.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid process

2272 msedge.exe
2272 msedge.exe
2272 msedge.exe
2272 msedge.exe
2272 msedge.exe
2272 msedge.exe
2272 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2272 wrote to memory of 760	2272	msedge.exe	msedge.exe
PID 2272 wrote to memory of 760	2272	msedge.exe	msedge.exe
PID 2272 wrote to memory of 4192	2272	msedge.exe	msedge.exe
PID 2272 wrote to memory of 4192	2272	msedge.exe	msedge.exe
PID 2272 wrote to memory of 4192	2272	msedge.exe	msedge.exe
PID 2272 wrote to memory of 4192	2272	msedge.exe	msedge.exe
PID 2272 wrote to memory of 4192	2272	msedge.exe	msedge.exe
PID 2272 wrote to memory of 4192	2272	msedge.exe	msedge.exe
PID 2272 wrote to memory of 4192	2272	msedge.exe	msedge.exe
PID 2272 wrote to memory of 4192	2272	msedge.exe	msedge.exe
PID 2272 wrote to memory of 4192	2272	msedge.exe	msedge.exe
PID 2272 wrote to memory of 4192	2272	msedge.exe	msedge.exe
PID 2272 wrote to memory of 4192	2272	msedge.exe	msedge.exe
PID 2272 wrote to memory of 4192	2272	msedge.exe	msedge.exe
PID 2272 wrote to memory of 4192	2272	msedge.exe	msedge.exe
PID 2272 wrote to memory of 4192	2272	msedge.exe	msedge.exe
PID 2272 wrote to memory of 4192	2272	msedge.exe	msedge.exe
PID 2272 wrote to memory of 4192	2272	msedge.exe	msedge.exe
PID 2272 wrote to memory of 4192	2272	msedge.exe	msedge.exe
PID 2272 wrote to memory of 4192	2272	msedge.exe	msedge.exe
PID 2272 wrote to memory of 4192	2272	msedge.exe	msedge.exe
PID 2272 wrote to memory of 4192	2272	msedge.exe	msedge.exe
PID 2272 wrote to memory of 4192	2272	msedge.exe	msedge.exe
PID 2272 wrote to memory of 4192	2272	msedge.exe	msedge.exe
PID 2272 wrote to memory of 4192	2272	msedge.exe	msedge.exe
PID 2272 wrote to memory of 4192	2272	msedge.exe	msedge.exe
PID 2272 wrote to memory of 4192	2272	msedge.exe	msedge.exe
PID 2272 wrote to memory of 4192	2272	msedge.exe	msedge.exe
PID 2272 wrote to memory of 4192	2272	msedge.exe	msedge.exe
PID 2272 wrote to memory of 4192	2272	msedge.exe	msedge.exe
PID 2272 wrote to memory of 4192	2272	msedge.exe	msedge.exe
PID 2272 wrote to memory of 4192	2272	msedge.exe	msedge.exe
PID 2272 wrote to memory of 4192	2272	msedge.exe	msedge.exe
PID 2272 wrote to memory of 4192	2272	msedge.exe	msedge.exe
PID 2272 wrote to memory of 4192	2272	msedge.exe	msedge.exe
PID 2272 wrote to memory of 4192	2272	msedge.exe	msedge.exe
PID 2272 wrote to memory of 4192	2272	msedge.exe	msedge.exe
PID 2272 wrote to memory of 4192	2272	msedge.exe	msedge.exe
PID 2272 wrote to memory of 4192	2272	msedge.exe	msedge.exe
PID 2272 wrote to memory of 4192	2272	msedge.exe	msedge.exe
PID 2272 wrote to memory of 4192	2272	msedge.exe	msedge.exe
PID 2272 wrote to memory of 4192	2272	msedge.exe	msedge.exe
PID 2272 wrote to memory of 3020	2272	msedge.exe	msedge.exe
PID 2272 wrote to memory of 3020	2272	msedge.exe	msedge.exe
PID 2272 wrote to memory of 3180	2272	msedge.exe	msedge.exe
PID 2272 wrote to memory of 3180	2272	msedge.exe	msedge.exe
PID 2272 wrote to memory of 3180	2272	msedge.exe	msedge.exe
PID 2272 wrote to memory of 3180	2272	msedge.exe	msedge.exe
PID 2272 wrote to memory of 3180	2272	msedge.exe	msedge.exe
PID 2272 wrote to memory of 3180	2272	msedge.exe	msedge.exe
PID 2272 wrote to memory of 3180	2272	msedge.exe	msedge.exe
PID 2272 wrote to memory of 3180	2272	msedge.exe	msedge.exe
PID 2272 wrote to memory of 3180	2272	msedge.exe	msedge.exe
PID 2272 wrote to memory of 3180	2272	msedge.exe	msedge.exe
PID 2272 wrote to memory of 3180	2272	msedge.exe	msedge.exe
PID 2272 wrote to memory of 3180	2272	msedge.exe	msedge.exe
PID 2272 wrote to memory of 3180	2272	msedge.exe	msedge.exe
PID 2272 wrote to memory of 3180	2272	msedge.exe	msedge.exe
PID 2272 wrote to memory of 3180	2272	msedge.exe	msedge.exe
PID 2272 wrote to memory of 3180	2272	msedge.exe	msedge.exe
PID 2272 wrote to memory of 3180	2272	msedge.exe	msedge.exe
PID 2272 wrote to memory of 3180	2272	msedge.exe	msedge.exe
PID 2272 wrote to memory of 3180	2272	msedge.exe	msedge.exe
PID 2272 wrote to memory of 3180	2272	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:d4e63487-9789-4453-8d1a-19f054ef02ae
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2272

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb8a9846f8,0x7ffb8a984708,0x7ffb8a984718
2⤵
PID:760

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,13525718250915784647,14871796182154798242,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
2⤵
PID:4192

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,13525718250915784647,14871796182154798242,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,13525718250915784647,14871796182154798242,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2936 /prefetch:8
2⤵
PID:3180

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13525718250915784647,14871796182154798242,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
2⤵
PID:4272

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13525718250915784647,14871796182154798242,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
2⤵
PID:2536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13525718250915784647,14871796182154798242,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
2⤵
PID:3648

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,13525718250915784647,14871796182154798242,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 /prefetch:8
2⤵
PID:2752

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,13525718250915784647,14871796182154798242,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4928

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13525718250915784647,14871796182154798242,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
2⤵
PID:3392

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13525718250915784647,14871796182154798242,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
2⤵
PID:3460

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13525718250915784647,14871796182154798242,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
2⤵
PID:5044

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13525718250915784647,14871796182154798242,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
2⤵
PID:3936

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,13525718250915784647,14871796182154798242,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4996

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4652

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4344

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
c9c4c494f8fba32d95ba2125f00586a3

SHA1
8a600205528aef7953144f1cf6f7a5115e3611de

SHA256
a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b

SHA512
9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4dc6fc5e708279a3310fe55d9c44743d

SHA1
a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2

SHA256
a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8

SHA512
5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
768B

MD5
c055b7cd17bc6644c5167e851fcc1ee9

SHA1
17dfdeb11c6ad85358facae6d061a7176456a808

SHA256
9a45206dc2e094315bfbc98f5dbc39267c5cd6a9055562648afcf4f089bd7647

SHA512
5a780023c257728c45c7e2be0af859a062da9df66061906ba6768c2c1880fe2ca88339bb44e6585241145bc225d8857f02234fa59f63f36e6882119ccb23455f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_acrobat.adobe.com_0.indexeddb.leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
959B

MD5
1781a64011334bc36e650bcc52a29780

SHA1
8b0a4fff99ece5b7788ec31967fb6fb64f374b3b

SHA256
30ce7a2c747f39505c10e224063110aa488e6f17e89df5d1b11387ed8a6ae2e0

SHA512
2582a3267545db6f8c37bef74668db7e84f161d0375f9a75f3cde46954e0aec8e815f1e7026e267b60a43e5f9d208360bb5185b884db84a48f37e7ed0f831cfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
c91e5eee6bb5cb4ce71adad82747beee

SHA1
40c8600dd9067ba72cb0d9d1c15d882dc8123996

SHA256
db402b717b2cdc8081d446e6be20536c43399d3112f595b87eef158a9537f6a8

SHA512
02057f868e818f3a8b9274d0ae9fb8fa3407e47ebe008161dbda0ba3ebf92d8fb177aeb55449411284623ff6e371eaddfe72ae8e440ebe9b3b714d4158094877

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
25d2584c510f5785e70dae451c832004

SHA1
4270f73ee6cdfc94f8de3a9ab793a4db9e7decf7

SHA256
1a9b5c573530c63652cf7cd756d06195008cd09b36f9046b2d173e55c915c66a

SHA512
a12adc5a8e9472efa20495c88774e591b7e95c01f3dfad770e8f6f8363717a3a11b3181e8fca19833c2e76129df5b861f5270f59a7dfdb8617a29e31aa6b11c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\7b539bde8ca0807396a791d6ee4db1189d0e5380\a5f56223-8126-4bb0-a34c-5c0b84b13049\index-dir\the-real-index
Filesize
72B

MD5
d3222fd7f2a43d22f4cce69f14eeb204

SHA1
b5b0abe58c578a621a1cdfc5ac889a477ff2473c

SHA256
452982d7eb7427a308645a4bebe7262bcb0408d5bd0ba5a05fc2badc41c10405

SHA512
4bac7911cdcce5ce57cee250e9e0c585fafc0a5f1239a814b8a1d3db0b0b35731e8e4efbd46dd6f72bbcca8e9cfac23f4244baf8d69e63ad06a1d28572b2921f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\7b539bde8ca0807396a791d6ee4db1189d0e5380\a5f56223-8126-4bb0-a34c-5c0b84b13049\index-dir\the-real-index~RFe57a9ec.TMP
Filesize
48B

MD5
8bdff5f6a1ccb5c858985239c91473df

SHA1
9b6253ec1721520d84e38433f2e1fb9a6242e069

SHA256
f8b537e88a0f0ec2163b0d22dcdfeb6d57b43873c271eefff38337b5a417ffb5

SHA512
1a9b20191272e95d59273e42a16e2148b4c82e91e932fd7dde05a8410af8454b159b32e8a6f97a41466730f9838cbdfb5a231663f104590b06dfb5ec9d6b760d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\7b539bde8ca0807396a791d6ee4db1189d0e5380\index.txt
Filesize
129B

MD5
fab9aedd2a82699a71b9bd2ee7b4f667

SHA1
f9e9308ca00dd5cf46f09ac060d035a13eca1b8b

SHA256
9fef50a922018956f198ccad7cd08ade8cb02421df862788fa61b44253402bfe

SHA512
74e263d7e745a0ea7d219fa06861e27a5760720fe56995e5b14cfc4825dc6d10405b5455a2986aa7f3b6955a75009f9b33a42314b9561279c050c77c1ae18ef9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\7b539bde8ca0807396a791d6ee4db1189d0e5380\index.txt
Filesize
123B

MD5
9cb2cd2eca5cc8e73a3d9f80dcd5e899

SHA1
06b7693d3e2c0a302eec5662fb50544bcc6465e7

SHA256
6c9f644a2dc2a58935c4dd2cf5ddcc522789f13ebd034f1ccd63539400f4257a

SHA512
4413d73ae3f548c33cc84e41b53983dc43b464248bed7c3db67ba27e89fcd8dad66a09227ee0b6155182c4695f6c35caaab3643e2e92338575d589b10efc5e99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
72B

MD5
652ed9ad957498e1c95c877b9f66d812

SHA1
5690c098f5b40b29f59714f7a1d415ae624130fd

SHA256
bac21a6ea5b224d90e05eba45bc8cb58097082b272429084e892d1b0f4f338a3

SHA512
abaaedfaf67bfd3b5f788a9d4dd2a70a7160bd82da3d807c87ca2ff9650a7bdfb7b0e93ad2a89516a1e372521771e0e2d8b50dca7ed092f18995e4773ad12023

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57a911.TMP
Filesize
48B

MD5
cc216b2976215afa129536184cf18a69

SHA1
ad38ef7225e7c4b0b0b5d2b564fdb1b1f7e378a1

SHA256
18a124d6b0dd8cd9b056457017e4edefb53236422a101b779014f4e104a3e4d1

SHA512
750a074ede55f066d30082d09c02939b9c7b789624ec7fff82869bcbf80a245728de58a11b241e85e334f2fd842b1df0504fec5878403f518adec122fc2df305

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
8KB

MD5
eb46e624cf762684a2b83ef0fb590ea3

SHA1
8c0e8d4e8ee9944f1f88c7bb1c03548b4fb712c9

SHA256
a3daf850912550cdd6cef0495cf4bf90a57b9d2867dab7568dc1d1f2e8ae4846

SHA512
c8601131c705209a1c989611d650b4ebad64b03eb131b5da22d7f271651bec77433780508090ce07bd9c9472bee41b4d1eaaa90aa2fa5f1bf780d66d802c6a3f

Download Submit
\??\pipe\LOCAL\crashpad_2272_LCIMMFFXQEQQDPTM
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit