003913c38e6eee769c625b4d7b153eeb26a4e5d6b24bdcc5ffc32ff32176e8d0

Analysis

max time kernel
76s
max time network
82s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
11/09/2024, 08:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

003913c38e6eee769c625b4d7b153eeb26a4e5d6b24bdcc5ffc32ff32176e8d0.pdf
Size

28KB
MD5

699343fbc2dad23d61582755a7dd5d4d
SHA1

89a05587a4c6f164caf6bb9632cd398c0408fd01
SHA256

003913c38e6eee769c625b4d7b153eeb26a4e5d6b24bdcc5ffc32ff32176e8d0
SHA512

6651b0f4959b62fa2a4f03b6b0c1641c1ac00763f866826da6925b9699532a6b21f37491e5b70c3349f6d460381c8613a9868d4812e330881ad8ac6595ebb84f
SSDEEP

768:8ttzEqER9IcgdbJODUOic2ZjPR1DMPBQ5K1M7:JHDgd+3Cj51DSc

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious behavior: EnumeratesProcesses 32 IoCs

pid	Process
4856	msedge.exe
4856	msedge.exe
4948	msedge.exe
4948	msedge.exe
720	AcroRd32.exe
720	AcroRd32.exe
720	AcroRd32.exe
720	AcroRd32.exe
720	AcroRd32.exe
720	AcroRd32.exe
720	AcroRd32.exe
720	AcroRd32.exe
720	AcroRd32.exe
720	AcroRd32.exe
720	AcroRd32.exe
720	AcroRd32.exe
720	AcroRd32.exe
720	AcroRd32.exe
720	AcroRd32.exe
720	AcroRd32.exe
720	AcroRd32.exe
720	AcroRd32.exe
720	AcroRd32.exe
720	AcroRd32.exe
5764	identity_helper.exe
5764	identity_helper.exe
5416	msedge.exe
5416	msedge.exe
1252	msedge.exe
1252	msedge.exe
968	msedge.exe
968	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe

Suspicious use of FindShellTrayWindow 61 IoCs

pid	Process
720	AcroRd32.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
4948	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
720	AcroRd32.exe
720	AcroRd32.exe
720	AcroRd32.exe
720	AcroRd32.exe
720	AcroRd32.exe
720	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 720 wrote to memory of 860	720	AcroRd32.exe	90
PID 720 wrote to memory of 860	720	AcroRd32.exe	90
PID 720 wrote to memory of 860	720	AcroRd32.exe	90
PID 860 wrote to memory of 2832	860	RdrCEF.exe	92
PID 860 wrote to memory of 2832	860	RdrCEF.exe	92
PID 860 wrote to memory of 2832	860	RdrCEF.exe	92
PID 860 wrote to memory of 2832	860	RdrCEF.exe	92
PID 860 wrote to memory of 2832	860	RdrCEF.exe	92
PID 860 wrote to memory of 2832	860	RdrCEF.exe	92
PID 860 wrote to memory of 2832	860	RdrCEF.exe	92
PID 860 wrote to memory of 2832	860	RdrCEF.exe	92
PID 860 wrote to memory of 2832	860	RdrCEF.exe	92
PID 860 wrote to memory of 2832	860	RdrCEF.exe	92
PID 860 wrote to memory of 2832	860	RdrCEF.exe	92
PID 860 wrote to memory of 2832	860	RdrCEF.exe	92
PID 860 wrote to memory of 2832	860	RdrCEF.exe	92
PID 860 wrote to memory of 2832	860	RdrCEF.exe	92
PID 860 wrote to memory of 2832	860	RdrCEF.exe	92
PID 860 wrote to memory of 2832	860	RdrCEF.exe	92
PID 860 wrote to memory of 2832	860	RdrCEF.exe	92
PID 860 wrote to memory of 2832	860	RdrCEF.exe	92
PID 860 wrote to memory of 2832	860	RdrCEF.exe	92
PID 860 wrote to memory of 2832	860	RdrCEF.exe	92
PID 860 wrote to memory of 2832	860	RdrCEF.exe	92
PID 860 wrote to memory of 2832	860	RdrCEF.exe	92
PID 860 wrote to memory of 2832	860	RdrCEF.exe	92
PID 860 wrote to memory of 2832	860	RdrCEF.exe	92
PID 860 wrote to memory of 2832	860	RdrCEF.exe	92
PID 860 wrote to memory of 2832	860	RdrCEF.exe	92
PID 860 wrote to memory of 2832	860	RdrCEF.exe	92
PID 860 wrote to memory of 2832	860	RdrCEF.exe	92
PID 860 wrote to memory of 2832	860	RdrCEF.exe	92
PID 860 wrote to memory of 2832	860	RdrCEF.exe	92
PID 860 wrote to memory of 2832	860	RdrCEF.exe	92
PID 860 wrote to memory of 2832	860	RdrCEF.exe	92
PID 860 wrote to memory of 2832	860	RdrCEF.exe	92
PID 860 wrote to memory of 2832	860	RdrCEF.exe	92
PID 860 wrote to memory of 2832	860	RdrCEF.exe	92
PID 860 wrote to memory of 2832	860	RdrCEF.exe	92
PID 860 wrote to memory of 2832	860	RdrCEF.exe	92
PID 860 wrote to memory of 2832	860	RdrCEF.exe	92
PID 860 wrote to memory of 2832	860	RdrCEF.exe	92
PID 860 wrote to memory of 2832	860	RdrCEF.exe	92
PID 860 wrote to memory of 2832	860	RdrCEF.exe	92
PID 860 wrote to memory of 1780	860	RdrCEF.exe	93
PID 860 wrote to memory of 1780	860	RdrCEF.exe	93
PID 860 wrote to memory of 1780	860	RdrCEF.exe	93
PID 860 wrote to memory of 1780	860	RdrCEF.exe	93
PID 860 wrote to memory of 1780	860	RdrCEF.exe	93
PID 860 wrote to memory of 1780	860	RdrCEF.exe	93
PID 860 wrote to memory of 1780	860	RdrCEF.exe	93
PID 860 wrote to memory of 1780	860	RdrCEF.exe	93
PID 860 wrote to memory of 1780	860	RdrCEF.exe	93
PID 860 wrote to memory of 1780	860	RdrCEF.exe	93
PID 860 wrote to memory of 1780	860	RdrCEF.exe	93
PID 860 wrote to memory of 1780	860	RdrCEF.exe	93
PID 860 wrote to memory of 1780	860	RdrCEF.exe	93
PID 860 wrote to memory of 1780	860	RdrCEF.exe	93
PID 860 wrote to memory of 1780	860	RdrCEF.exe	93
PID 860 wrote to memory of 1780	860	RdrCEF.exe	93
PID 860 wrote to memory of 1780	860	RdrCEF.exe	93
PID 860 wrote to memory of 1780	860	RdrCEF.exe	93
PID 860 wrote to memory of 1780	860	RdrCEF.exe	93
PID 860 wrote to memory of 1780	860	RdrCEF.exe	93

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\003913c38e6eee769c625b4d7b153eeb26a4e5d6b24bdcc5ffc32ff32176e8d0.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:720
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:860
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D55F90F81A114587952167EB6FD5753C --mojo-platform-channel-handle=1732 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2832
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=4599547ED477C89B275FB4BC74AB0721 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=4599547ED477C89B275FB4BC74AB0721 --renderer-client-id=2 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job /prefetch:1
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1780
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=00AA6826CA5A102E8FABA2246B272549 --mojo-platform-channel-handle=2328 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1824
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=B35ED9C24757A232160F4F3002B473F5 --mojo-platform-channel-handle=1844 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1640
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=51E40A76C32A9792AE94A6D5FD39F060 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=51E40A76C32A9792AE94A6D5FD39F060 --renderer-client-id=6 --mojo-platform-channel-handle=2348 --allow-no-sandbox-job /prefetch:1
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2616
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=5D884F1274FDE174D89EBD72EF9DB53B --mojo-platform-channel-handle=2688 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://bfee17bb-47ad-4af3-90a3-5b5f7f287bda-00-1bm1ir8imnmzl.worf.replit.dev/Polish.php
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:4948
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff93c5a46f8,0x7ff93c5a4708,0x7ff93c5a4718
    3⤵
    PID:4712
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,16030272036602082968,13419595891977602877,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
    3⤵
    PID:1908
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,16030272036602082968,13419595891977602877,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4856
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,16030272036602082968,13419595891977602877,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
    3⤵
    PID:3912
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16030272036602082968,13419595891977602877,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
    3⤵
    PID:3788
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16030272036602082968,13419595891977602877,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
    3⤵
    PID:392
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16030272036602082968,13419595891977602877,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
    3⤵
    PID:3348
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16030272036602082968,13419595891977602877,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
    3⤵
    PID:1048
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,16030272036602082968,13419595891977602877,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5516 /prefetch:8
    3⤵
    PID:5564
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,16030272036602082968,13419595891977602877,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5516 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5764
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16030272036602082968,13419595891977602877,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
    3⤵
    PID:5892
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16030272036602082968,13419595891977602877,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
    3⤵
    PID:5900
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16030272036602082968,13419595891977602877,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
    3⤵
    PID:6000
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16030272036602082968,13419595891977602877,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:1
    3⤵
    PID:6012
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16030272036602082968,13419595891977602877,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
    3⤵
    PID:5240
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2148,16030272036602082968,13419595891977602877,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5816 /prefetch:8
    3⤵
    PID:5392
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16030272036602082968,13419595891977602877,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
    3⤵
    PID:5396
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,16030272036602082968,13419595891977602877,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5980 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5416
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16030272036602082968,13419595891977602877,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:1
    3⤵
    PID:5504
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,16030272036602082968,13419595891977602877,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6324 /prefetch:1
    3⤵
    PID:4820
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --field-trial-handle=2148,16030272036602082968,13419595891977602877,131072 --lang=en-US --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=5664 /prefetch:6
    3⤵
    PID:1660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://bfee17bb-47ad-4af3-90a3-5b5f7f287bda-00-1bm1ir8imnmzl.worf.replit.dev/Polish.php
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:968
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff93c5a46f8,0x7ff93c5a4708,0x7ff93c5a4718
    3⤵
    PID:4544
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,14835306165039449019,17375177721116693877,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
    3⤵
    PID:4252
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,14835306165039449019,17375177721116693877,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1252
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,14835306165039449019,17375177721116693877,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2980 /prefetch:8
    3⤵
    PID:5940
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14835306165039449019,17375177721116693877,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
    3⤵
    PID:1116
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14835306165039449019,17375177721116693877,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
    3⤵
    PID:2776
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14835306165039449019,17375177721116693877,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
    3⤵
    PID:1824
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,14835306165039449019,17375177721116693877,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3932 /prefetch:1
    3⤵
    PID:3708

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2784

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
56KB

MD5
752a1f26b18748311b691c7d8fc20633

SHA1
c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

SHA256
111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

SHA512
a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
1d441ced8111d915f8853bc483829236

SHA1
14b5c699f5fb9cccfb6ef69e0107bf66f0403aae

SHA256
f5156cd79ca27011c9d75b065f78ca82a20ea0438ca2cd792f658e707b5913b2

SHA512
faac683740fb80accad5c8ba1ff22efb812ee51bc072746119314313ee5d7fe0df544a95d4b244afe48b2caa3aef043e45207e3950c89eab4b195d6dff05018a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3787611b11f4f93f11b0f776c727d51a

SHA1
9a3bbb1379b8e2115edc7562dac5fce473650499

SHA256
f48aef3c03b12681b5cfcc4fa765affcb6d7899841b4160fd2c9cc33ae642935

SHA512
c7cbb44dad616f0de5297a907dbfb6ec17e105c2e57242e65ee6a3e5b322304b4045d39a0a1339d6abcff2cb3dccbb4fa8d1b48931dc52d76697ac2df1e2d55f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
4f68bdfcefe7bf6ead694d6bb3ba2220

SHA1
2a99c61f8c3a594a62155468cbfcd5fcd1dab5d6

SHA256
a41fe00d3af9d880a553e1bfee24e614a766c07f5149df34397eac9b68e4f208

SHA512
ebfa1fc06264bf63968636628be473c38a4b590d59b2a4086e8547485a6850983e671e8d37686fe145d75dc06bfcb175c9aee356efc1013a40b520fc19d9f05c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
d372b45ed1babaddbc46eb17232652d4

SHA1
a31f7fbcfed43d82cb895852715e8ed4ca11651f

SHA256
dd04013d8c74cb1e317390d8222db85f288d2ba9b2264dc8049846762787f488

SHA512
6b41fe7bd981fa3fc0cc8be43631fb8566c439698de31d73604a622368cba4d32ac116b3e509c3dfb794f758f38dad0c11dc315f225d8183d3819e18c8d4cc7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
40de4daa8942294e8ff4483adc1e166a

SHA1
61582aa558063b0b3b2cd0f70d28683c5cffa578

SHA256
bdea32f2bbb7c69c3eb9822cef0292a6cb1e0f29386628b94758a52f532e0e96

SHA512
65869bca3ee94bd6f1e1f6789c5d6719dd04fce62bcce35d693249ec7006152eb3ce0e1f5c848f9eab548bd3869bdce3c6675f3d23da21ae7f24bb83cba3a445

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
e470eb5b6fffe77489a835de73ed477f

SHA1
b430b79198e26d798f1295e434881f86745cbecd

SHA256
71a3358ef910d8b497a23a13e66fff60f1baf2b5d05a9b6a2eefe578b5b15d51

SHA512
345ee0c45cc9600b3e23d090bba5e1947fb27e0ebbbf46646893e1408b237a26ae8256047edcccfc097713444806447413433ef18eafadff472c11eeec5943e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
a304f26f28c73d3ac25f1a1d0b305f37

SHA1
aa8f58c68f76cca8f30ff8742a85f819dbd5ddc6

SHA256
1fe9b646bde7fc4c48c7102cabd68de8176600e246acfd6df537441799fe1a47

SHA512
0fa4627eed11de98cb90f59bccf79850de9141f5ee42908b0f66e8eabfc24e5170ff0ae0e3f6d9908738a7149400db62ddf34b2502af4b937d4481805b0c7777

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
808c8ddc53e9cadd907705da8035fed8

SHA1
13a076cde59b3f29f65fd5829e28f38cdf13673e

SHA256
338e58bb3ce3f3fbc1e01e51e610e13d42ce3bf79a1a7ba99b60f6d413ac1232

SHA512
d34e673e41f8a7ab356edcc633c0987882390fca8ee58c19e2b6e4f54a6c28eaa5d9e598b3bdc21d1a1a46ebc3922cc9ad7260531e3e3f9cb50429a00fe5f81d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
f007aaa3f26f836ee0e61b54c49e50b7

SHA1
fcf4319e89ac2ea03bca94f1dea2d6b8399e538e

SHA256
e138c49c9a2a075fde55387b3a2c3cf38a43b775335765d0e52ff86a326e3022

SHA512
7aa5d1cbf0d71b7e8f0f7ca4dd5592441fc4542fcf8e18d71a2624cc34b44c60341e364766aaaecf6072ad6b6c31e67d48557dc83a7a054fb6e4826fa950f068

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
ad5962ba5324ef6dfcb4b4eab98154a0

SHA1
e51fae5b601cad812187d60c8202048d7a0488ff

SHA256
c4d4a8d263e379f3aca55fb2ad042fb690dcb9a545b5daec2ff7cfddfccd8e98

SHA512
fb7eecd61beddda05d63db174388155e3621835b96b919229a5649b4fbcb0e67ec563244b12f5ab58bd71cbf39c99ef94aeeaa80511150c3c3ffc92c30fbd4a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
448b62b7fe2d2f727619d7cc96ad67da

SHA1
004fc7c59ed417336b3a8474e909fba6b4d9e46c

SHA256
97324e10cf398a4d5cc964111a4f57b4f6599b7f6435e860810aed7c8ea33b98

SHA512
5556a4c3b874e9ddd99086f8626c9fddaa19700c38246688d2d2cb326f479fcd6fa3e3bcfffad70ec48a14b0cf51145ad5a05e9acfb6b1c8f411cb4ad805fd30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
10d04f08f7b5f8d5713f5b1638c7b1e5

SHA1
bbcd0e0861a26e1508cbc72cd370cc8a89d59507

SHA256
5e1376356396475a6565a76d5e57f3d808e0c4caed281243cf9b2034348ed17a

SHA512
b17c064fac04d32e5050d48e04e007dd2cfc7f9e132461d4ce774e15551d80d60b3859215561998e366bc1b3e1ed182601a687a3b5c7dfb402a9b66567ed0aca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
fb85eeb990343f1d001c8f0e2a8ba7e1

SHA1
763889f75c33261836812c59824dfc890d2aabba

SHA256
d1c1cb09f21392bdb4fd8580017b6d129ed34536a58240ff1641af1cdb062546

SHA512
bd1a7af5d36dd77bcf9ce7c9a6a4babd4838711aab8fd09ac476e00a4a61d36c3b0124764de6f73770a69ed67a4d6f6bcd6728c6210cdbbbc2cdb90acc3ea07e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
3KB

MD5
b97dd3f95db7a6175973d71f77c77c48

SHA1
6074ab0b49837312c01e27fb6780f1aa86a62d4e

SHA256
453fa5798b68a34f78170e6f67ca0d9a6d557f84cfc788f0cce52865b125ade3

SHA512
28135e5495d06d9e779dc9c55a9050998bc43417f7dcc1d49fbd3a759629b0a6d9707f28a36e35fe1375e82e19c85b793a83cdfb5fc189bbf188eebd739e460e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
17KB

MD5
c0b7af501277d8added8b5efb1a0d685

SHA1
19efac96ec25475d358ef977c90a687217c3909b

SHA256
322e246d381e05fdc59237dc72dbc8c147321426fc12e94392def774207a34a3

SHA512
7f3190b9079c36a2fc802a83efbd974595b78d0248070f5b096b039e53975a417ef0552a0e255d3368cbce60aa557bb41e0d228c56f5d1b85862761cb3e6d1c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
a3930c02f391ffd502a248c772d57ae8

SHA1
5c5ef07d72462173fb2d4dea7961e06119e239af

SHA256
6a798be859087e53773e1472b3f96c1aa627a953a6e1ef49c31c3c5e6a08c97d

SHA512
4bd1692ad95052acd43ca3749d660c81be86769bc19a9f825e191773b721507b05ff263d8e2996ba136aefbef8014d12e7dadd4e0a75fe72c06dca667998cfac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
653B

MD5
4f09a4bbcad872cf90202d386aa5e9f8

SHA1
5206dabbd5ab60da14a0c52a44a36271794415b3

SHA256
adad7546b474b2970689f99d2ba494323d82bad4d6a22f34f61b6221644fbe5f

SHA512
da58bdcf3b7b7a79f647a60e7d3e5550e20f8a27db48f3917c45ebc423973acdf4957377ea70773f64d7eb5684dda296596534912cd0929e293ccb26a15c78d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
771B

MD5
af91499cd96c8d69b5698d69a62c5887

SHA1
e9077e73c830d744012e620d8a03ff9e00c13144

SHA256
e3065b9007222f349bf859269b5e01af37bb647f54b43b0ba1fd7b816850d6bb

SHA512
f2cb33808a692a644f4e9fa90fe8d28b8ce1cae897233321c67c9b87ff7dded3af96e19516ce4e55c7d112d028805ba090980d509643e45b1c73d5a7cc23f75d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
54c6c623fb59e4ed418dfb35a3cc640c

SHA1
faa228e81ff14a380451c410b917a977a5d14d7e

SHA256
26d11cfd07c3bc8e1351957be4d5337f49b0ffabeb627c4287641f4d0e82769c

SHA512
35ffff4063986a086f48040784bbd8c6afac0c0a03079a7a0df66640b5368fa17fdeb2b97e50a377e74393955e7ab463382fe6caf86ff3650b1496f4da096711

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b506315c742dfa03d3b777d9f2165678

SHA1
7efd3d95a762dd45e824fb4276870e99c8ae4883

SHA256
5d610ef662a7773e085191718933bffc4bfd7463e6aaed6794a7680d7ae3a6d0

SHA512
82f5485a8fe62ba38bc853808f9ab13b3444fbcaf3b13c3042c128f9a9a64195ce3fa65cbcf218962f4cf3401c296552b623b727ff92e52b46a32d57d44fdf37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
17a6726e25b466dcc35f1d4693e86ffb

SHA1
73bf538ae25f3d0f93dfae345e4b50cfff90395c

SHA256
0bd25223bd723e8bf9d01e0fa1d080f3a7350f4e15fca06d246576f0438b06b8

SHA512
9913574e89b59ac903bdd10c38032e4ef05438b54cae59414ea078f2a7e59e5726890d162266ebfd38b79c58aeae7e56f8b96dc9b25ec65318291b655d749a2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c2a917d237d98b588765608c2e61297a

SHA1
55ca67b4578bf03a24b817893c89adfac1de5f31

SHA256
14d90072ff1d2462e49cdf7b1466cbe95fb2e0ea9fa00660675c8718df18f22c

SHA512
abc115a8eae6cb0103bea111a2c3deacdc0f9fd9b29d30fc4654eb85aaf128006013e257df0b3aa8a946369f580e376a4cdf03787843c8ca24d9af3dbecdbbdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
70c0e7366e4d72c0b32854accde66e3d

SHA1
886a028c9a856b38e9f922dd0ea7b5de2a83683a

SHA256
8f445ecb20fd6b29642dab4762a7f44aa3a32f6449788f456b70e7dfc0e91284

SHA512
40283dcf37a0fcc3945926723cb62b83079417eb82d77daf1a19f294d2448df10934a98c8608cf8c4a2069becd098c3259dcb3bd41788219ff9f6905fd6a3284

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
49deb1dc4f0d6c89786a87b6f3befade

SHA1
5eabf82e6568d4ee0421c2bbfd1e042ded7e7e53

SHA256
868a5fa459dd73c16f5ea7366eaf0364cafefa59426dc9e8c1dec237e206fced

SHA512
208a28bb762131873bcbeaea0417d220161c3cd301814e788729d2f8129640c3d883e28436abe237999e806519d5e9022e9db8604a9f121965e7c04356dfeb8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8b2438504099e986f9d29feb180b3d57

SHA1
8f073a01f1250e537427b92428b5ed9c54721b52

SHA256
98d32fc1b822cc745e2512e09a5eb478dceed47cc74afdb66b23f8cdf37ed923

SHA512
f6dfa305afff3e4552d2cfc7de1e2f0ae8dee08be9589593ca107dd19845072670356e051569811bfc4b6fd3d140c358ffd3893a9ee67587f91e3dfd873878f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL

Filesize
36KB

MD5
f8acc4f61787d73c33ccfa0411ccce48

SHA1
5a09c2ad3f4080e2624a47f1fd200e681d1747c7

SHA256
8aa2d76828c1a80b2a9e4a08a6f29b6930097352cf17d5843444829b803135cb

SHA512
c38452dae275c45ab8936dc6ee0a50fad3dc7d0053d477161cf86afb9f1db086a005d8e01cc5ab59e3ce00fc4f78d6e6e26737db61b9b904f719ff5c4b55bb08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
770B

MD5
8e3b97c4348a6dab01a52f2fcba3d12a

SHA1
e405e6f27002fd97d5b6548160354e0b0999c8b4

SHA256
7cdd69ab1986ccceccc50e21a0af5ed9e22527feda4b5e7ad0d4db5536157c30

SHA512
be471829c5c25256b6edb645ac11016c94e319263ca0407eb1e09c3ce8d25bc24cb11fe922b1ee33694a5be42c0745bec3b5b6b2c7841fc254f2ca04a6fb9d6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
5db5db5a54b7792649a0644a78a6e923

SHA1
2248acdbcddebdc7fe77a19676f74b3a6eefa09d

SHA256
54da353d9f42fe317d8bdee2e79d83d68d033f18e307d5bda1f8277154562305

SHA512
891cdd80ed85945354e05d8d19d7e9ac89db65b88fb738c8ee9185f9eefc13300a574f81bdaf28dc15e6e8147ccc57d8797916a35fccadb36b13165b179ed931

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13370518756669163

Filesize
4KB

MD5
2da4752aa6ce0b767e8e6e1fb5d571de

SHA1
c1102bb293a2bf55f67a148810845a98c782b2e9

SHA256
6a7f222d50c880633ac7ce18e182244ed7819feada02206455a411236ae24684

SHA512
e4e4964f18617edc0536b699b6be8de88bb26d8352f49863545f1c04107eb92bb7f0e11baa0d11aa087ee7fd661c17c54643e09090a55e5f19f99b50ad2d8454

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
2dd2fe266a35b0e66ebc7f105cc8fa49

SHA1
f0c4308320ab4483e4f61f85d75f2e7324354179

SHA256
29af88c841bf1ab73292914b07f8a7f392c50e5f9e31f068a25f374fe9bbe7c1

SHA512
7e1e9e6c8341a2095f7430eb09151b3cb4d6040d8a84eee59f6ab74e74dc936ff06dbcc609b0fb46105cae7da0578113d3a33b53d0c823c6658c5c5ede73a517

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
8fe3366652ab6eee781d602d815cc0d4

SHA1
f60d5f992bceb4ba7793ecd037a691d2e67698ec

SHA256
f6fb14a91c4f1fcb29bc41844cd78da3645eef3d3a4c287e52cb610eeccd9394

SHA512
4e76135e9b2dbdccd0b940347f6c482f8060b262f745e62ab76b2f2b4e2dafcdb9c90cad513a2ffaaa226077bc57e644981ce04b56abecc0f471d1585a06ef3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
c754fdddb2d1f65903f30326723960b0

SHA1
123ba2096e55b5ba5d348ebc28800001c29da513

SHA256
dd50f7c3a3bc9c35aa17b396bb6a7227795f13c9d6c982aacfd70e648574e7fe

SHA512
75a9115bbea50b317bc557deefbce0c294d9532c73a50a0ed6890eade14ce06c18915ffa669b1bec5fdbb03c34fc4063dde05b5bc73a7f6aa67ade5b30f4d9cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4c00e4d885574e45f4e33e4fc8434117

SHA1
cc1eef91fdf3dfffc54caae9dc9456df23681380

SHA256
8a9ee8a5a18c6988a19bd9c6e17dabb68f7bb500fb43bae28efeb622da617297

SHA512
69e80503841bc12bc74adadae8b91c1f70eff3f66c3ef86715dad8e334e027277396e90b2042d73b61c3c1a886f79a7aa020ec9be54ed2303416a57e03539ebe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c1a48af44b2eee71cb0b393f80902cc2

SHA1
1d7586bb5b17cac9b41ff603c9d66291222e13fb

SHA256
006daa2e838efa8556459b826a93149693d5f72d7dfa4b3afb4483e20505dfc8

SHA512
f83072fe29c33f93e019380171167847523f7c442094d4cd177877e944e189012f57c70c8cc52cf2c21d7b4d2a47fbd39056d6f66dc5cd1f843a8472398b81eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580f8b.TMP

Filesize
1KB

MD5
750ff04db2aaddfc5d3d6982f9e8abcc

SHA1
1850e8514421ddf28fc6d144345b46f7addc5507

SHA256
efb601e3517af47db71b457751920b7e9b5f83d15e26f47c0d40cc20ccdb3309

SHA512
5f915fce95701e13449553b05e6561612f878b09d481ea98f8968c6a9d1acd8807d032d3aa7d1de655fa8f8d82befe9ef8b407047e0fdf940b2f90d5e6c44218

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
c3d78d2e08b38af8f8dd860774afd3b5

SHA1
d4c2615a84947e0698084477d0138ac164faa9c2

SHA256
8c9e47edd9f138eba83cb4ef8c659d7ee6c1d36f41cbe47d08be1b5ce4feb084

SHA512
878532691cf416e592c3581f82b66b58750a68226841d8e892ef8d47dd9bc9347670c2824740638296d8dae6b8d9b7da16662d1da59729d25c240f4619676a73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
72KB

MD5
e5d4bb1ca1a5bdbe3e713a9b8a6b15bd

SHA1
2f0f50753f5a0af5f4ddf3f835148a842ab3d921

SHA256
c53a454e5d1a77a1078054e96ecfe529f3d3148a9d3425b3db53c927b3045e06

SHA512
20197b5d6fca095c3ee496690f6c30446df387173942073dcee621747a5b040f3221d3424c57a55796ac8aace6b7613d2e5d53cf8103ff865307014510a7b267

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
4KB

MD5
3211f278da6e0728bace32ea04c25e55

SHA1
890c64de1f38cdbca49e325dc7c27e8b2da21712

SHA256
8f09ce84f87942702f288d3fda697a7714074af021ef9d72c2efc45234cf61f8

SHA512
03e283fe76ec2ade99e332ba67f54138803a4d08cde4d78b1e2cdd484b9c7653e0a5cd69abb8527667d79815ef31f2092192f94bfd8c54645c5534ad2b702c4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
2ca73d700d5ddb4f5f5f6f5faf1accb2

SHA1
c23ac0150b45b54f6aac61a84d847a509b85a7b0

SHA256
a7ad86702a9d0234bcf1f5c63de0e00d7de5499e6e68b511ab9ea7e8101103d6

SHA512
62d3e88b3c0f37d06b0f34cde7d7ccb8b1b3fa298cdf6bedc330cad0695a9e0fad73c454189c0b764f8e9db908132127b6bd5af775d9026b30367a625b44fa25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
594B

MD5
1b6478621157183bc5cbea3bc8dcde5f

SHA1
169d4e164b614391851df7fe53f89753db87b9ac

SHA256
aa693a1e758e8cadf731f72005c7c26b64837b82e7a60672039f23418c68ecec

SHA512
33a13ce6aff8d52402176dedc1fd9ca84b5361d2400ffbf6a3a48f9773f12d5f7a818bebc002661b3da200f2da2dfb899dca24fb9bd65549612167d306dcde8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
e21874f5be10b0e9e1bd6d95ede4da92

SHA1
ddd4fc3fd07b36442a5d659242209affe510e3a2

SHA256
dd9931e18ef92d25f3eaf3b2e8bb8423245a2e65555d0d8e06ac9e3f40b26258

SHA512
caed48dd1bf3ea6b5d11640cec96bad181c289529401e9732f446c36e06db6244829ce27128448711f6b9566d37a714cba689d31949ff2b0ef55943766a13bfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
8f4e2333bb09d44512f05e686ee1b31c

SHA1
a6edd31aa3749cf0226b7aba7c9a10a1fc4da8e3

SHA256
5f09102e0c18e98a7b63497343aa365ba87707bce6920d1744698dd00298495d

SHA512
a309e15ae8be6dbf7cafea2128520c6d81020e0dda3f1ac72d04321658edfee70ce1cddcf110829e4770ad3d28108425fa86674f0104f7fccf495e42f3e8781c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
715279423a407f646b554877970e0660

SHA1
b87c3933de03b34b0cb6746492c12d7ca2718905

SHA256
4fef6e5a2184af14f8cf00e1d314175499dc3639c55ba5785787cd46e59c2df8

SHA512
f9600e45639fbae9b8420ffe4c450c7211fdad910c697db3417d95219a34fb649b1a3afa501e2a8ea0d578bfb588c7152e6225d92c0269c225b6038742f31957

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
42a652b40aff6a964a1ea69cee8f319d

SHA1
e3f12762aaf20ccfe66f30fbf083f604129818f1

SHA256
74fa3fa9c36354d7508ffd53d9d6296d242610be9b5afbd9a58261c3f539e345

SHA512
da2c45ec1db473192e6131625f54dfdebfc7dec4d4d8ca390f78649ee8f45cb71cb779bdc098e3c300558016b8bd95ba2c364a6f227dbc979c046aec68db9483

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
20KB

MD5
256a6eccf9b9b556f616de8100d5d44a

SHA1
acc42bae560a3bf102c4f8063d4bcb78e333c33d

SHA256
508eb649cc94487595cdf3934b54f8359b2456fbff90b35f114a7ae0b7f63e31

SHA512
355fd9e86eaf345bb4b4e809ded014f3ac1d8b7769c31759dfa36f9c7713d63d45667a105b8f1818252b7bef11b985769a7dc6f447479e06e65ed21a39a4012f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002

Filesize
16KB

MD5
bb8508b1f315e3da5f8663ded69b22dc

SHA1
d05efdc01769b64a3e578f9f0921e6e10a373f32

SHA256
3ff611197ce09fb9883a0bb0f809bcd7d469a05bf6a41e443f4dffdea47e9d5d

SHA512
ff84e49f689b60bdb58efde65fed19639ef8e00af5f37f46ef34b4848c2321221513780c75ada1aa353816d20616065c3d6226d4bff16ade59f17876d6c598bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000003

Filesize
16KB

MD5
4f266f64fc9e994218c691330c110324

SHA1
090e289f1a3116c5b910096b6a3c547b17ec379a

SHA256
e364e0070932b804a071aafde0420dd191d2ae98934e594c3c0cc6bd701c6bb7

SHA512
b754247795429911e995852562c3071db8443b2bba80d1bbf0581a59ba74506d2dd986f63dc5274ccf47a542cbd4433a182882bd1b3a28ce7c8cfaaacc4f5e46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000004

Filesize
16KB

MD5
2ac0e9550a06af37db2959aabfc084e2

SHA1
1949433519c9d587f66d317018a2fb2538973df9

SHA256
f077596d48d72f781d8dec4803c6b360e0a6d193758952e70a8a42f309595d91

SHA512
cc943996eb97d1f64408d9c66290e65d7ca499d318cde1492afe46e461964fba97b3c01bd884e23b63870e3808682f981345de7eced62025ca2be58d5d82a43a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1ce317b3c542f85f72bc0e42bd665842

SHA1
9e984a0180b74b50bb523602db9eafbd9017ec5d

SHA256
b8c76d97f8843311379ee1bce60c6c2ff1b7e68edd4e775e6f4a47b7f637580e

SHA512
d8e33a7efe617019b5651b085d0ed7ce488b0a70fcdb3782d67e8693e5e1faf59123658ac7b8cd16cb83957614bb603305d3713adf3064204c0acb9c8628637d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5cba33104d127d7da78e3195fab490a3

SHA1
2ae9816d447eb132374de4cd36c70c0c088be53e

SHA256
6ff6b9f40fcf3b3ae0e6517c921736449a234a6ecfacfba55c0532b36302d1f1

SHA512
b4dd28875c20b902bdaf4ad7ff33b8ea4b22fdfa4ec68aeed133bbc7fca1552c4362313c5feb2b087212d201adf73f5423a6afa7986e663e5d14ebe62e6e820d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9119de99852a576bbcaaacabb408253f

SHA1
8ca800d53bfc36400a1a94ecd63603eaac516cd3

SHA256
5590b6ebaff60e017be3ff731387ea05c2f481ea6c1f2405b735be1acedf656a

SHA512
9f7687e3fc8a6578d801feb4b746207a93b5e8e047a7080981b0b994a6db88f162e920c1dc62b92f98c510ceca70e740d5e066e40edd20a3f26634cd14be0654

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
3f3385b93e4e9acfb96dd9b773f10df9

SHA1
4f7f73b5b0c25b7abd3d6946465ac6269de3319c

SHA256
a1dec3bde0de818d18bb3cd6dfbe59bfe6fd195b611b94a79db5e443a8aaf4fd

SHA512
71a7b5a7762dc2dcf04f024c3f8b7cecaac46c1e16d446f869547bd896a39e331f50a7756181de9598a1b0447a2e87be600dea027e680f2c399eeea21cd8ee9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
60c2b896500519be8d6125c86883637f

SHA1
d3d30c5b3d6952ff3355da256ca85267d29143e0

SHA256
64bf67ff94caf59cd5b209ed2442d12dccca149b3c950f46401acd316c5a398d

SHA512
5f0214cba549ce3e0cceca65ed0c77af2db55b635587cd273ff32f78a536c57b167d2c1ab7cbf16f507f71354b0ecf9da4891837662a3de7414747f3909395cb

Download Submit
C:\Users\Admin\Downloads\67eef4b4-2365-4151-8122-9e3831ddbeb4.tmp

Filesize
65KB

MD5
130ccbad34990da494eed1c3604dd9cc

SHA1
4fcff9d5f701c3c591eed0c24574e37691b3a730

SHA256
80fcc93b36a831aa5f54639783fe86d6cc832f48c7faf2bd4a330955586a9c96

SHA512
b28d80ce920d46cc46da1918187252834316edbeb02a651d3ea1d82e03ab3b50c687bd5a364baca139d99bf8173350fe026167e0754396fd57cc668748ebf0ef

Download Submit