b5ccd54614b08737005cae87db5c8972d0ac0844e1d5973067851e268bffa09a

Analysis

max time kernel
69s
max time network
65s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20-11-2024 17:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Screenshot (14).pdf
Size

32KB
MD5

b38fd33cc734304ad1b059a0e1958f44
SHA1

e7f159bb19f1efb7b199139cb306a9ec936afc1e
SHA256

b5ccd54614b08737005cae87db5c8972d0ac0844e1d5973067851e268bffa09a
SHA512

f2a9044d377cf2aed5a71c3c2eaf641c38d572269c1a24f1786b4b5b1a54f2b906966c6b94db6ddb440a13ed4c8c5dd1d43a6bd3e52c2b542bf89a4894a29cab
SSDEEP

768:E/Kds15qUzvqwekWEQGXiXW99/Cby4f4FC0Jt8fWFwjKd8UQQnmKRm:G18wYNlIiXWybqC0gfWFwjDUHbm

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

RdrCEF.exeRdrCEF.exeRdrCEF.exeRdrCEF.exeRdrCEF.exeRdrCEF.exeRdrCEF.exeAcroRd32.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

AcroRd32.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exemsedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

AcroRd32.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4050598569-1597076380-177084960-1000\{AEC6DF7C-6852-4185-AB94-C6122C2C78A8}	msedge.exe

Suspicious behavior: EnumeratesProcesses 38 IoCs

Processes:

AcroRd32.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exeidentity_helper.exe

pid	process
4420	AcroRd32.exe
4420	AcroRd32.exe
4420	AcroRd32.exe
4420	AcroRd32.exe
4420	AcroRd32.exe
4420	AcroRd32.exe
4420	AcroRd32.exe
4420	AcroRd32.exe
4420	AcroRd32.exe
4420	AcroRd32.exe
4420	AcroRd32.exe
4420	AcroRd32.exe
4420	AcroRd32.exe
4420	AcroRd32.exe
4420	AcroRd32.exe
4420	AcroRd32.exe
4420	AcroRd32.exe
4420	AcroRd32.exe
4420	AcroRd32.exe
4420	AcroRd32.exe
2612	msedge.exe
2612	msedge.exe
4540	msedge.exe
4540	msedge.exe
4792	identity_helper.exe
4792	identity_helper.exe
5452	msedge.exe
5452	msedge.exe
5964	msedge.exe
5964	msedge.exe
5580	msedge.exe
5580	msedge.exe
3708	msedge.exe
3708	msedge.exe
3672	msedge.exe
3672	msedge.exe
5440	identity_helper.exe
5440	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

Processes:

msedge.exemsedge.exemsedge.exe

pid	process
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

AUDIODG.EXE

description pid process

Token: 33 5308 AUDIODG.EXE
Token: SeIncBasePriorityPrivilege 5308 AUDIODG.EXE

description	pid	process
Token: 33	5308	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5308	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

AcroRd32.exemsedge.exemsedge.exemsedge.exe

pid	process
4420	AcroRd32.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

msedge.exemsedge.exemsedge.exe

pid	process
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
4540	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe

Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

AcroRd32.exe

pid process

4420 AcroRd32.exe
4420 AcroRd32.exe
4420 AcroRd32.exe
4420 AcroRd32.exe
4420 AcroRd32.exe
4420 AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

AcroRd32.exeRdrCEF.exe

description	pid	process	target process
PID 4420 wrote to memory of 4296	4420	AcroRd32.exe	RdrCEF.exe
PID 4420 wrote to memory of 4296	4420	AcroRd32.exe	RdrCEF.exe
PID 4420 wrote to memory of 4296	4420	AcroRd32.exe	RdrCEF.exe
PID 4296 wrote to memory of 1648	4296	RdrCEF.exe	RdrCEF.exe
PID 4296 wrote to memory of 1648	4296	RdrCEF.exe	RdrCEF.exe
PID 4296 wrote to memory of 1648	4296	RdrCEF.exe	RdrCEF.exe
PID 4296 wrote to memory of 1648	4296	RdrCEF.exe	RdrCEF.exe
PID 4296 wrote to memory of 1648	4296	RdrCEF.exe	RdrCEF.exe
PID 4296 wrote to memory of 1648	4296	RdrCEF.exe	RdrCEF.exe
PID 4296 wrote to memory of 1648	4296	RdrCEF.exe	RdrCEF.exe
PID 4296 wrote to memory of 1648	4296	RdrCEF.exe	RdrCEF.exe
PID 4296 wrote to memory of 1648	4296	RdrCEF.exe	RdrCEF.exe
PID 4296 wrote to memory of 1648	4296	RdrCEF.exe	RdrCEF.exe
PID 4296 wrote to memory of 1648	4296	RdrCEF.exe	RdrCEF.exe
PID 4296 wrote to memory of 1648	4296	RdrCEF.exe	RdrCEF.exe
PID 4296 wrote to memory of 1648	4296	RdrCEF.exe	RdrCEF.exe
PID 4296 wrote to memory of 1648	4296	RdrCEF.exe	RdrCEF.exe
PID 4296 wrote to memory of 1648	4296	RdrCEF.exe	RdrCEF.exe
PID 4296 wrote to memory of 1648	4296	RdrCEF.exe	RdrCEF.exe
PID 4296 wrote to memory of 1648	4296	RdrCEF.exe	RdrCEF.exe
PID 4296 wrote to memory of 1648	4296	RdrCEF.exe	RdrCEF.exe
PID 4296 wrote to memory of 1648	4296	RdrCEF.exe	RdrCEF.exe
PID 4296 wrote to memory of 1648	4296	RdrCEF.exe	RdrCEF.exe
PID 4296 wrote to memory of 1648	4296	RdrCEF.exe	RdrCEF.exe
PID 4296 wrote to memory of 1648	4296	RdrCEF.exe	RdrCEF.exe
PID 4296 wrote to memory of 1648	4296	RdrCEF.exe	RdrCEF.exe
PID 4296 wrote to memory of 1648	4296	RdrCEF.exe	RdrCEF.exe
PID 4296 wrote to memory of 1648	4296	RdrCEF.exe	RdrCEF.exe
PID 4296 wrote to memory of 1648	4296	RdrCEF.exe	RdrCEF.exe
PID 4296 wrote to memory of 1648	4296	RdrCEF.exe	RdrCEF.exe
PID 4296 wrote to memory of 1648	4296	RdrCEF.exe	RdrCEF.exe
PID 4296 wrote to memory of 1648	4296	RdrCEF.exe	RdrCEF.exe
PID 4296 wrote to memory of 1648	4296	RdrCEF.exe	RdrCEF.exe
PID 4296 wrote to memory of 1648	4296	RdrCEF.exe	RdrCEF.exe
PID 4296 wrote to memory of 1648	4296	RdrCEF.exe	RdrCEF.exe
PID 4296 wrote to memory of 1648	4296	RdrCEF.exe	RdrCEF.exe
PID 4296 wrote to memory of 1648	4296	RdrCEF.exe	RdrCEF.exe
PID 4296 wrote to memory of 1648	4296	RdrCEF.exe	RdrCEF.exe
PID 4296 wrote to memory of 1648	4296	RdrCEF.exe	RdrCEF.exe
PID 4296 wrote to memory of 1648	4296	RdrCEF.exe	RdrCEF.exe
PID 4296 wrote to memory of 1648	4296	RdrCEF.exe	RdrCEF.exe
PID 4296 wrote to memory of 1648	4296	RdrCEF.exe	RdrCEF.exe
PID 4296 wrote to memory of 1648	4296	RdrCEF.exe	RdrCEF.exe
PID 4296 wrote to memory of 1648	4296	RdrCEF.exe	RdrCEF.exe
PID 4296 wrote to memory of 1744	4296	RdrCEF.exe	RdrCEF.exe
PID 4296 wrote to memory of 1744	4296	RdrCEF.exe	RdrCEF.exe
PID 4296 wrote to memory of 1744	4296	RdrCEF.exe	RdrCEF.exe
PID 4296 wrote to memory of 1744	4296	RdrCEF.exe	RdrCEF.exe
PID 4296 wrote to memory of 1744	4296	RdrCEF.exe	RdrCEF.exe
PID 4296 wrote to memory of 1744	4296	RdrCEF.exe	RdrCEF.exe
PID 4296 wrote to memory of 1744	4296	RdrCEF.exe	RdrCEF.exe
PID 4296 wrote to memory of 1744	4296	RdrCEF.exe	RdrCEF.exe
PID 4296 wrote to memory of 1744	4296	RdrCEF.exe	RdrCEF.exe
PID 4296 wrote to memory of 1744	4296	RdrCEF.exe	RdrCEF.exe
PID 4296 wrote to memory of 1744	4296	RdrCEF.exe	RdrCEF.exe
PID 4296 wrote to memory of 1744	4296	RdrCEF.exe	RdrCEF.exe
PID 4296 wrote to memory of 1744	4296	RdrCEF.exe	RdrCEF.exe
PID 4296 wrote to memory of 1744	4296	RdrCEF.exe	RdrCEF.exe
PID 4296 wrote to memory of 1744	4296	RdrCEF.exe	RdrCEF.exe
PID 4296 wrote to memory of 1744	4296	RdrCEF.exe	RdrCEF.exe
PID 4296 wrote to memory of 1744	4296	RdrCEF.exe	RdrCEF.exe
PID 4296 wrote to memory of 1744	4296	RdrCEF.exe	RdrCEF.exe
PID 4296 wrote to memory of 1744	4296	RdrCEF.exe	RdrCEF.exe
PID 4296 wrote to memory of 1744	4296	RdrCEF.exe	RdrCEF.exe

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Screenshot (14).pdf"
1⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4420
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:4296
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=31EAB114533EBB774975654124FB03A0 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1648
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=F74939C628C91FBAF08013076FB58E46 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=F74939C628C91FBAF08013076FB58E46 --renderer-client-id=2 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job /prefetch:1
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1744
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=7FC5B29F37BA4C33FD7B96B12B6D11DC --mojo-platform-channel-handle=2300 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3656
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=FC310F0730CD24C3FF0169150CC62DD9 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=FC310F0730CD24C3FF0169150CC62DD9 --renderer-client-id=5 --mojo-platform-channel-handle=1860 --allow-no-sandbox-job /prefetch:1
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2944
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=32384E3C369AEEF229249286B78E2D77 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:316
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=C89B4AAD9C569618853C4A636134340B --mojo-platform-channel-handle=1816 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://urldefense.com/v3/__https://links.hello.g2.com/u/click?_t=03133b5014524742b22ce0c870a9368f&_m=484254f7c104460ab61eac225d118d88&_e=lFL6itQHaw1ulknC4qOFxLmwaTcWHVssvP0sHUAl14s7tiE-5ud-fqRy3tGAhkXiSaLIBqVbVh4TVSFM0TOIEznsUfmmU4xiNPjf7eQUdsAtErILUA9uS2-W22_gbRP-CcSfnVk7K-0vR2iU4vQdYzo-TMVTdHFh8D5djYzqfaqODb97i48MfwcC93uxTH3zSzSsjurkKIXibts7Mu8te6Tm2KD9uHHDnvVYYHptdWXXDYg1WMBEtAB-4bqcMs5J66WImd3MU68_yrChRTaboPApKkkbDHrqWZpSzBRQyCU*3D__;JQ!!PrnngaAx4byl!0ExK_2WFiVUN_s4Lq_3SR18OSJLNbP2R5lQJdExkewktz-ZINEOyPivQdIgqIXO3Q4555yzj4ZDGHN6Xiby6m4VMOYk$
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:4540
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c0a046f8,0x7ff8c0a04708,0x7ff8c0a04718
    3⤵
    PID:1160
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1972,370169415869074141,16772800906318720979,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
    3⤵
    PID:4556
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1972,370169415869074141,16772800906318720979,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2612
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1972,370169415869074141,16772800906318720979,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
    3⤵
    PID:468
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,370169415869074141,16772800906318720979,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
    3⤵
    PID:220
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,370169415869074141,16772800906318720979,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
    3⤵
    PID:1604
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,370169415869074141,16772800906318720979,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
    3⤵
    PID:3544
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,370169415869074141,16772800906318720979,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
    3⤵
    PID:3528
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1972,370169415869074141,16772800906318720979,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5736 /prefetch:8
    3⤵
    PID:2980
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1972,370169415869074141,16772800906318720979,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5736 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4792
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1972,370169415869074141,16772800906318720979,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5500 /prefetch:8
    3⤵
    PID:5260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://urldefense.com/v3/__https://links.hello.g2.com/e/encryptedUnsubscribe?_r=03133b5014524742b22ce0c870a9368f&_s=484254f7c104460ab61eac225d118d88&_t=ZMYreptq60RSySNA_zs0M3Z3YcXJ_RSGC7LxB8zq1xONdClrdJc4PNAeNKpEh_hQdO6U8LJ_H5rf1y9Gb4JAEoTBGl0Uur-M2nQKGJJYyy_9IFuXrdGwluRcG2gsnui8__;!!PrnngaAx4byl!0ExK_2WFiVUN_s4Lq_3SR18OSJLNbP2R5lQJdExkewktz-ZINEOyPivQdIgqIXO3Q4555yzj4ZDGHN6Xiby6o7_FO7I$
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:5964
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c0a046f8,0x7ff8c0a04708,0x7ff8c0a04718
    3⤵
    PID:5980
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,4214287506225742,5981042243500323485,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
    3⤵
    PID:5440
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,4214287506225742,5981042243500323485,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5452
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,4214287506225742,5981042243500323485,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2964 /prefetch:8
    3⤵
    PID:5532
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4214287506225742,5981042243500323485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
    3⤵
    PID:5692
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4214287506225742,5981042243500323485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
    3⤵
    PID:5684
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4214287506225742,5981042243500323485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
    3⤵
    PID:3320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://urldefense.com/v3/__https://links.hello.g2.com/u/click?_t=03133b5014524742b22ce0c870a9368f&_m=484254f7c104460ab61eac225d118d88&_e=lFL6itQHaw1ulknC4qOFxMzo-835-LVEFj4TSPhUMqEX13M3Z4c6-9V5C0nHEm7TAh-pitrfskhPUao35NNLJGOeoMPpFVcL23XzdkV48yVdmlrPlaNkdpd15qG7XrhomBOgkyCbhQaEmEixdtTKozYkQG3LUA_-jNAnPqvlWaWeGoWxqqtVkg7jfGSp0iMOUGhTqE49Xw0XXN5f414cuyO-fJsuNJeaqAVYRdsNCnhmdof-gEH_fCvINonZCRwxad_tPFjtQJE-mzrhkAvyjg8JI8UW_mcEuHJswykpVCPOogsMQfdwgWckjnVAAzye5J7Pckxbc9zP-JTNntZvDKUPW06aFSfbpER9E6hIhIDdnoL6gy41Py0nWTUZzUqK21nDxGGoElLejSTQxsUxIIW5UCXnv0GJnEIjGAuonccDeqGw4QmYX1eMLCFtOsvK2C3wKrg5lrtY9voFokVlktKsiiWKdMry4cUPKW3xT0HJ5I6iTd2ty_tgC65_KH7gkUmsFr6xsqYnmfpULSDbfhzz-N0o-F5Wqtq6Iy_jPUI2yXdxvEOmP_H6YtQNOWld__;!!PrnngaAx4byl!0ExK_2WFiVUN_s4Lq_3SR18OSJLNbP2R5lQJdExkewktz-ZINEOyPivQdIgqIXO3Q4555yzj4ZDGHN6Xiby6x9ugCqc$
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:3708
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c0a046f8,0x7ff8c0a04708,0x7ff8c0a04718
    3⤵
    PID:1136
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,7359193203873728918,18214162447582737688,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
    3⤵
    PID:5480
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,7359193203873728918,18214162447582737688,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5580
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,7359193203873728918,18214162447582737688,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
    3⤵
    PID:5604
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7359193203873728918,18214162447582737688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
    3⤵
    PID:1212
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7359193203873728918,18214162447582737688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
    3⤵
    PID:3076
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7359193203873728918,18214162447582737688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4308 /prefetch:1
    3⤵
    PID:5680
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7359193203873728918,18214162447582737688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
    3⤵
    PID:3432
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2172,7359193203873728918,18214162447582737688,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3424 /prefetch:8
    3⤵
    PID:2476
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2172,7359193203873728918,18214162447582737688,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3636 /prefetch:8
    3⤵
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    PID:3672
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,7359193203873728918,18214162447582737688,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5776 /prefetch:8
    3⤵
    PID:5384
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,7359193203873728918,18214162447582737688,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5776 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5440
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7359193203873728918,18214162447582737688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
    3⤵
    PID:5928
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7359193203873728918,18214162447582737688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1
    3⤵
    PID:4552
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7359193203873728918,18214162447582737688,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4060 /prefetch:1
    3⤵
    PID:2112
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7359193203873728918,18214162447582737688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:1
    3⤵
    PID:5896
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7359193203873728918,18214162447582737688,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3732 /prefetch:1
    3⤵
    PID:5904

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2236

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3dc 0x300
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5308

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
05d59d02926f772961f257bd5a0fb4d3

SHA1
1b0cf8c96b1bf319cd7cb21ac9072c20b1e2ac2a

SHA256
d9c62b8e1ff9ba87ba5c76ba8b14e4e3886fd1a5f53857fc0f3b373b5d5cb612

SHA512
1617b3946a9460f1ea7afe1d284be87deafc556054a8bd7f7aa4332613510d1b3fc7f668445b4145c7bb5fd0200ef6dba394ae0e93a488f6c04c107a5f310274

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
36KB

MD5
b30d3becc8731792523d599d949e63f5

SHA1
19350257e42d7aee17fb3bf139a9d3adb330fad4

SHA256
b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

SHA512
523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
56KB

MD5
752a1f26b18748311b691c7d8fc20633

SHA1
c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

SHA256
111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

SHA512
a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e443ee4336fcf13c698b8ab5f3c173d0

SHA1
9bf70b16f03820cbe3158e1f1396b07b8ac9d75a

SHA256
79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b

SHA512
cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56a4f78e21616a6e19da57228569489b

SHA1
21bfabbfc294d5f2aa1da825c5590d760483bc76

SHA256
d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb

SHA512
c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
390c19203f97c52758d1dd26c828d666

SHA1
98b32ed9a10b61774d3172086a87890e7a4ce3e3

SHA256
a2e06dbacd8cd632b1d3f23ac50f2b5beea948c0861ad7aa7c0816f4811c4efa

SHA512
b88fc7b850a8b168f777954749bd739d0cfe129f397d56080c16e24a92a90877cc732b3fcf166bee46ee1ef822e198c237a37478e9bad14564a17b4fa6302f46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
74e31252bcf6ad202c5b9fe5df0659a6

SHA1
8c969a20c834098021364d1cc3293bbec4bfb261

SHA256
f4c9d4007bafc5eef25b00abd03db6e2a815dab96b9f2c1bfdf785c3db54e157

SHA512
b07a8d85a0a7025eba294f1f8862be7480e492e3bcbf49fd22a8dd4de0d2ee35c73471f4b575c34ba3ea82371d36fe8815d8432d3a1e0ebedb0fdf92f7b0b720

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d566cda38f000d0453dfea257568bc52

SHA1
f744f0a5397a5bfc3bbe35078e8b2ef22a63b227

SHA256
dd798a86e0c2bc6f3d60f2dcbe1d0cd8d5fc1caf2b6739b7c725b1eaaee36010

SHA512
5a22a2dfce65022eff6f9969970d1ab6a0321b663d7994fe3e1b0bcd11b1ae4cdb12c96034d865ca8ba3c82850e9dad0c56993792c80d15ee94428e41c113c8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3b9b0d32-5dc1-405b-bb0e-5e09105255fd.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
b9be6ce257d9b2c88c88a20ee34f5209

SHA1
fcebc40f5ee961b34422015ff8e692f7ffbdb781

SHA256
f1692207ebd296b5efc6ad17e218cffa814c9fa2662cd482d5ca5966f7d8e88a

SHA512
80a1053248e041944fd6d7aa0dacf104276f173a578f3adb35e616ffd72b6cfeaddaebc44384d9ddcded9fce6add6a5d0fe2823cd3ccbfcbad32ba76c473a4de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
bf48b898b6fef6856e61202173f00140

SHA1
0249da4a31ce231f6e50d8c847cda5b505a037d2

SHA256
5170ead58d0f392cbb60c16ae486c4b8a4edb35c82935218b11b8824f19451c9

SHA512
ec788b1649363a1ac718d67c18826f063feb2bfad20f10d6262856783c9f6ea68a3ef3d552f7b5caf2c2330887c94eda4efe6deeb750d4d7506e62f16ce5165a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
5d54a47fea7c1682c1455edbabb9a28f

SHA1
2ca35542fb5d53529dfcb0375e3288c36da27a5d

SHA256
e6a21aafa5c502590d43d50f1f318ab71bd83ec4292d07e7915b7a0d96c95718

SHA512
f99c6af9153ae3499e1d7776bc99eb9fc678b15360fa143c3e511ddf33dadd8d48cf89c0fe003418a03f90ed5ea633112e0a7221fe01a41c5efaeea501ed5449

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
9a591507ecf39af9cb60213e9a6f5d49

SHA1
510ad4ec28d5554a88168b5a51666e2a1fec2c8c

SHA256
a85f88d928baf404b87a6c6bfcbda119920f474d9102e0759ccbd1d5d10279e8

SHA512
24f07531dccf162e29102655340a55896fbf14a8bff78143f2af9d03cb77657e59ff9afd50c3f8f9b02a803f95b2ea251936c0ffd05c2565ff5b16fee1cdd6d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
2e3b7679e6050fcba0a71dda04ded503

SHA1
9df232d4d56e6f38209315933651e14e7cd34ca4

SHA256
3d1cd49484baca0ca1f567ab6ac2754ce19dd011701d8c68ab9cd5248f976f0b

SHA512
c64c582a5ad436f4f15502f1fbcaf7f30506de1fbe1755537601d602578e2fb649361a95e22d01aba3bf145fb83e4e26faa372fd36bb87462022997e71c02cc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
ffde4a92c74894ea1f5dd3c5a40968f8

SHA1
544c1daf85c9871fd929d55ffbe2920c2499a574

SHA256
1b18c01cf3d5e5bb4c876d4f8b690c49c4eeda1c7ff037cf5ded579710091a7b

SHA512
01561a3a98f20fb0838e50946b4c54fc33a01233c8f6de2c51e6c8593c79d1ac35987863eda38f4d089c0f392512b98568f1d9fb3450492dd7976f650f487774

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
5afe00005ec2d2bb8b44e627e99920a7

SHA1
956ad3f5b0b2a6b5a3def2e835e5e55f54a3db21

SHA256
a60a680867c8e536785840a276d5d5234057bc5627c8d9d6910d4b8c750f6679

SHA512
c66f2e2b5a7b70433e52ee0b47877b298c8b6ce06e3af4e3d0d898901b985d23da0974c07a8a5ea6a8cfc8c702c54d31973c72f3f4aa485f9f8f2bb7d641b12d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies-journal

Filesize
12KB

MD5
b95413a93a8834fd4cb389905c74973e

SHA1
92c2c509771714c3fa739c28c36c47ddf1e827fc

SHA256
afef04969f90df3b8e08e5e73e81865c26e5afdd7018370d0fa682b3ae38f36a

SHA512
6705684b1c9145a0bbb70a27143525e5e49e45ad496b8609edad418a92945cd403e807b5275bfe2a63cd3b394a287a4a05c22df709849f7ac97ef8eac6f7dee7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
63e3bc0840bc16ebe04723ef250d7623

SHA1
cd12ac3aa24d24c9218dde0833bb85c0acb4117e

SHA256
609e773907f8d1604133084fee950ea9890dd86cf71daeb18472bdede8fb6e69

SHA512
6a08ff46ca7412d2b11db17a580c6a5a8d2209f64ccf76f97a59530db61269324ceae866ca81c366f8bd06baaa3739a720536833898d2c19a5d3171bd78bce54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
24KB

MD5
91704fb438f2635d8fd333b9851abc71

SHA1
2aadf001a0f5e6ca5f92bf161c4636a6cdbc932f

SHA256
09f7ff0dceab73f2c44b0159ff24d2bea42ac1e90710c8fb111a79a36e7410f6

SHA512
346fe5be1cb0653d409094b43145c411d2c454eb9c8dab8545500459cb9c3210805d9a14b07e9eea36f614e1ae0fd8cdfdcab869b0920c4623b828ccb975b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
3a5384acfe58650f438dbc1609224b13

SHA1
de603e1d56a5c9ebcf0bf81e2664eec6c0162e31

SHA256
33a853b01d94fe12139d29580613933ac29c19c304981f521fd9c377eeb6407d

SHA512
e0cfddea27c10a6956fdb21d39ba387d7cf87f001417d93c4c3944fc246c47e69a600aff446a92140a4d284d2556f72b64133595545fd92367ae9d27cc80bdec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
3KB

MD5
d74a200462e105d85d05a351f3a96c06

SHA1
0ce7bc0f9514ae0b5dc85740f1a4d7972408dcfb

SHA256
aa8abf7a45b1086732553e4f25a860bc107b6023769854f54d0d03b6ada6b306

SHA512
5d8efa63ffc9cc4ea58bdfc1ef488f371b23f57646f6cd1a32783979d2da1935fb23df5b877480fc372602625ad19d7e04aa05ef4ccc7f37d0f96d03ce1f9451

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
28KB

MD5
99c369845b1351cf39f829b257b9db99

SHA1
e8d67aa50f27090d4bc7901bad9f1f8b7b8acfe3

SHA256
eeb7558173b7915895d520688c4ec93fe320d3ed815c6ca08cbd43d08dd06dd6

SHA512
eeb58509692fe44641183843517fa910579022be60c571953544591ebeeee2703ccfa39cf8d8445af3353c6c55c394acbf36df8d0e0c2f96e0b91daa5567658a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
705B

MD5
737de6c2d472e7a0bb75f3ed1415a688

SHA1
7a96fcd34e54e5673f0a53c0bbabe57aa50a77be

SHA256
fece00690148a520c18b579828feced21c9290aa630bd928d23ff6c472bf6dcd

SHA512
4078661beb2d5649b9bd47880c3ab72d70ff476f2e86a8e74bd9650bca573da6dddc447c55495135036825ee159e15574cb8435a5fc1f266d06caf70d9e1d52c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
65a779ed3a0a6169b683658c7fde7be1

SHA1
8b3705c46eda6b32b38c485db2866eeeef3fab76

SHA256
acc929122330b421704e8662ca94a3a2076a6029b8ca0136c90e825016ff7043

SHA512
334090c91e4187e9b250f7fa99674305ef7caff55fb2a0c13abcfd431d741d4a4a3b2909431babf1b3cd08fb86f0eb3e0a75a331b2e76de8c98b13c383797f8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
74639820a168aa98d84b61a7191cca18

SHA1
8497ebf51f26c3abcb8eeb6c73f468589a7741a8

SHA256
7273b5ffd4f8f975935bd5b1fffce0ace0c88ac4e6ff3ccb8527359c0b0f3f37

SHA512
14b6fdfa7a5a6a657a51ed04f4d971931e88e71c485e2bdb303ee79cd37195b7bf7387f12bf167ee812e54adf6947da186259682fb8bcea5ea856c4833fd82a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1012B

MD5
53c3d1e7f3b14e56cf7404f963e03ccf

SHA1
d34322d0f40b61da8152929a6394cca9bf99ff24

SHA256
33431c8c05db20278ebcd3d86863135b54bf0e9f0bdef546a08e666e3c7fe3c8

SHA512
fbae18bcd08d479ca78cae7fe5c1d95e05cca5d218e6d50a54328d64d43a616053df7afa67b68df64184d604c2495bc796ba51e0b63e617ac3f0ec0b3e0d5d2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4d9eff11af5b6129c16eb5f355b8b31e

SHA1
e49753b667e11f6ba082c4bb07c25184acc6e836

SHA256
931ca527816d5c1fa0cddad3e7997ed0962a63098461fd03fef1fca693454372

SHA512
a252d10278da2bd2c919c3e19d517ffff43d77639978a612cc09038d4a1232a01d3ac1ffd974d1a80719b6f21213a1fa2aeea789ed7fb37a7240c3635ec29706

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
93a514dc2c80850a4b4d4288361e0d5c

SHA1
bc1d6d06c450b46efc84f37ed30d36ea254ffdc2

SHA256
22578030b7714909e2083ee274935bc259a3c75689febc00e753ad57235a71e0

SHA512
47bb0bf64c13ddeec5d08b1739c2c34b4c018dcd741269cc34b6d3f6ca8f169e82f98bd7c0c277ec2455609f2769b81304323f93dd8a4173d439851707891d19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2f8f092b3d60d51f4526dc8fcdd83f1c

SHA1
ea9128de916de4993080a41c10865504c1f006c5

SHA256
91a2d27598a6e8dec8b0101a3a22f3c107ff4f691fa9ccbdb90d826e45cb5379

SHA512
91dcfa566e67cc92970ae1e6cb37c30fd2379d22ba5708c984fb7cc3a37cd30bc2e5494c5e38d4b077f957ea43c391aedd32f965f3b781754b5813f2041a1827

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
bd5c0a5933fac409ac66d56a3aea29ef

SHA1
8afb36b06c0033fb109606a61fd518ea2dfecb40

SHA256
47ae4d68ac16d955d4e165fd7a8090c1fe9217bf845b292fc774264107f19c4c

SHA512
0a49a6840914752359b4a2f7009288e1f679ad4668a46837b9389bf703707a21e555c2688cf2a7b1bd51b2b13bb8594f43b00624cac0d95b51a40b6c00fc7080

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a01238684d5e7a14748cc04230fb5589

SHA1
608352a3aec2b80a649a4399cbe71dc21b816afc

SHA256
75dcb59489aa3a6e073ff48ee543f02295dc59a48e6be477e280b5c2a56b99b7

SHA512
7dcf2b6b8826159159e430a2b252a1b37dc917e0eace2b3978676c606dab6fd0de16c87ee9fdc476f2ecc5dc23fd637623d8cd531c5d08b03aa8292d090991de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
28391251a0d2a194d21c1e511f921417

SHA1
58ec72a17b2bd065292f63f7728f59af16b555aa

SHA256
b03db2395658ac5103791d8f48761ef87dd80a69b850c536825295c68b124827

SHA512
cee12f82bcc71607737d4476cf44c6235c626c536c1af18b6131de2de5dee1b87743f91cf199d15f0872881546736ca2be838b53224086a92c357e8a250ee337

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0a7fe5fbb421b4fd34807e2bb2da41a3

SHA1
69c744fbbe6598dbb97b9b1cf061093d494a7ff3

SHA256
405b0afeacb5b312b8874494f4fe01d20de69ee2617386e2e1c0bd667835f198

SHA512
019c7f1a448c31592ed3b2608d04e0b670a91fb6c61967cafcc749f1662227e646937c37051e30fee89ba0ba76b4a73d5e39edece3e3358f1fa3e5988e090c4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL

Filesize
36KB

MD5
79f9131de5ad3c3724a881562a278499

SHA1
dda5cf62cb2432188188a20c745a9dbfe4768051

SHA256
2a98e77ec53c192f83d01dd6649bb9ba5bc7739ef757cfa02489cfbab61c621c

SHA512
fa806716e2d39fdf3946b72567dbe5bc44b5d0c32b2a77935b018e04a3784b21a49942de923c6c6915037d2b1648165f96da4c88caece3878a513c291682a49a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
6c9690c83d1e34ba2762fb97ca549412

SHA1
1ebf0973cca42f48feabc3afb4ce34b099365de1

SHA256
0d10069edad9d5c50bfd6456ea2cf03f30d39f6cc222cd3c0df842376b98b228

SHA512
8b8b833a063dbbcba5ec192024ecaf2a56069d2d1010acf45cdd46b708dc917985c55249d5e5429c1f19eba28adb2a5dcc8ad13847d1e9ee16baaac8ce484a94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58aaf1.TMP

Filesize
48B

MD5
e19bcdf2399fe7df0ab6ee4eba0aef1a

SHA1
888fadc02c86d7acd23887081eb30833313463af

SHA256
f1a648bc98a3836e91e1ef27ae78ce28de9dc4ce22b29a974b8cbf3d1ee85637

SHA512
8870d4336d2944f620a4b58523a8f0cb0d2ee4ffa603ef0496ce49398b84257df7997b6db7e35787e08e984eb432688aaf2ca83e8d5db9b52bfc126ddc9bbf0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
330B

MD5
8e0d3d22fc2cbce777bcbe8e25d8540c

SHA1
0cfb253586971f99aceb724e74a1c07f6600932d

SHA256
5da5f83b32b2fcbd49f596e8c2060606442dc407ed933fcbaafda84c41aac785

SHA512
7779b371349d13dad0ff08d3117db33b540e9b35fe7cd3fd740987ec45522532856a1f2808fc6c433aeb77aae5535ec4b18eb8117964af494c155c2e58268ddc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
f8eacd8d15b27c28a7dd2dd647197589

SHA1
16da30ef9ce5529c94a9172a05435ec8ea67794f

SHA256
9cfc421405c976b9ad8c7023f02f55b668ade53c036321be456eab59da33002f

SHA512
0b10b1d0badae8293203196186b50c1bd3773c41f19fc780b556930f2059b85561bc8190ab0b3abc3d56db461f217c1fb2a252bce05dc0a2136e1549c85b2a0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13376599101860208

Filesize
4KB

MD5
997a08d5611c49062bf8f9a119a8bdc9

SHA1
8c36e51bde4cb9ee92a3a72975465ab88105e590

SHA256
dcddac6a8e3580ca77453c5f1bd34b3182fd6b365b1a797f5d8654d6106d596f

SHA512
d6e14bd9a0beaea19d9acf45c603b1348771690cafe3dd8ef0ba090f8307d786ec3483e4376c4b44201d1d697a08653e131e34fb25cd70e4c7c95166dcee371d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13376599102257208

Filesize
3KB

MD5
6d97394f9d922e54686c27a1d7909e9e

SHA1
4f145dd812984a932cae46c5307b842ed66372cf

SHA256
b392f9875186d43eb6f4e5008704c81d4cc416491edd5ebc1e2fb7436928ce25

SHA512
c619e74162ebdee3638950744145e76b85ec6c884c3e818a63e34cdb1b2fa3be47de3e9140848d17fd26ccc99eed5e55288e155ca0004a706d246fc9ba19652d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
a0b46dab704f6fe0687b45aa4f7d6fc9

SHA1
d85db8bf9be54a5e93c2e3aa8866053026ce7e62

SHA256
79013d6cd1a2b2abd0f97cb4da614fbfdd391d9a848ca6366cceb5a42e6f2e5c

SHA512
7be825293691d1b30c3d40690aaf3431d9c1d59ea9b05a69f88fea5dffcd30a0c35a6c57999fcc8c74ec210dc6600900e777b5737ff1392fce7391c9d19be2c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
1d8a070c161eb59641ff7d690b38a039

SHA1
356176cd641750a3a8dcebc6bb0e87e5e2f2dedf

SHA256
4fc9b11757b62662d3bd981a1f0f2ce391ede170c54eebff5d04a388f7fa9e9f

SHA512
bd6a632f37cf9ee3f35a62004a849671636e3098bfd7b906989478668aefd37574a600b7abaade2571cc50586d8a7d4f8ddb73c09f2ecf1df248bf2ba2829271

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
0ad26a90b71fc2d34315d7de3e6c9d4e

SHA1
ed48cb29dd73e3a2cdc5a9a691854d0fcf171a83

SHA256
323e3b9d637412daabd9d349b91105b8d29e17bb7bcf27ef8105a0634efd2a19

SHA512
b4599d74603434d3cc2870f7de903514fbf8bc72aeecf397a7481eca9ae8272b2d5a17d43bd6e8578adddc56bb3dc851b1c4bc6f6ee375a53fd8bcddbb2bee81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
2b723da015e8a956d62c79ae64838f96

SHA1
6e09b2bbab2c9789f859804b96205f51c79897fa

SHA256
d831f47b498f5acdea0719f41ba66931cffb6c4441e479784084112fbdca232e

SHA512
2b6cc11a595cb6f1d8ee811bbbc78abf8e6c6d71d0cf673a4b32da68fc66ca2d1c2bd151bb0c20d7419212bd3fde107cf5c3f807db45270c9a6f6320230a968c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0dead935bb5125e01127c4aa3fcde417

SHA1
564b781556a66842d3c19cca510eeec53bed19f6

SHA256
e293b2dac8c3730c4732739486f547c9c1332b2c61739deaa56e00ad9142c4bb

SHA512
9a1946f26956d097ff2d094a55a780d6a203dd883d76242b02cba0aaa75d7184aaccfc375b0c1b4a554deaf791a91fdcf01daead57637bd84c0868990db593ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
14a45b86fbceaffada48d6d458ecf4fd

SHA1
445570bdd9426bf67b261769b33f399592b1d786

SHA256
00c576173d296880e33700c600877903b815f68126fe495f95bbb59d3833132b

SHA512
1190930f0c7c7c81c79cebe9eeaa219aa3bf9df49c8da7342bb603b6a9c7b8c222b5445f1f9b58c8487473bb3a9bf8c6c81ae60de417a26582aabab32b2fb4fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
cabfdae59675e69a504eadd2d4beb944

SHA1
0fa1aca6bb0c6e2fc562cd2d0a20dbf9369a6e8b

SHA256
efe651a556fe0043d51dc93e78935cb04a1f369f0af50db3c4cbf1da0e83752b

SHA512
08d977c674dad517f447f7c9a4fe2b2ca0d55e5b1f33d1b35195b75e0b0bdd84f75cecafa556ad2baad33f3de89e6df5597e9d3bc9cc3b6a108cd374939af6db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
668997088ec52fd9fcc2da3c96345e06

SHA1
580a2aeb75c3cee6e93bcbdc0bcd94fa4f796175

SHA256
0886937a837b71eb7ca3afde6305bc137f6a2e89394690c4707a3d2409079cbb

SHA512
6f88e077d0d6d5ae95a973e5b45d7e77a4364e79876cc0647ff2d4b23cf6b4a752c3a0b743f35c3c6ddb6fd0d475a27ea49e442bef6999ce89c8adadbb3ea13c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\WebAssistDatabase

Filesize
10KB

MD5
0a10c20e260e1a8dd4b8f41f8c8f165e

SHA1
2e920ee1cf6e7bbd747b4e7a516c7d4ce4e924f8

SHA256
7a87cd05e11c10aefc812379f88f3502cdecf7b9b471d384742788f5821a1876

SHA512
04623298dfae9384ab7655a4e3f493bbedf1113192b6bda3a8d59080d2070b56884f67832b702c11a572db7c2e0f0d571f884b4dcb531649edc8191d2fd6ad07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
1eaf6a26f62674a0a11ac8102e67120e

SHA1
9d8f0af257f3661787f8c77c52b7f598f73144f2

SHA256
46cf6144a9985d462ddcb7d903896a5fcf85cc443fac72742402de0dd58be3f2

SHA512
2733faa3508c78551449e4584c010afe50717601af762ca58220cddb419788f140dd76a7ba810171b3bf5a6518576230e22415b139babb93f22142d253cdad13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
187B

MD5
913f2bed9d91274e704f2e85ddf01787

SHA1
9fe58e76d5e53e5b473f5c1d541a72ec12f7490b

SHA256
7166feb1f43b2a781bb1b388cf39f51dbaa10d83705bd1c94d2f74e788f6091a

SHA512
68e77cd8b2c5459b8c5dd360a5f5a69c19d48e6cf6dfde253adecfeef254c1377750ad24889b621d91dce6db8286d14741c2b851ebbff1ca561c87640a5e91bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
6a8822ea1501a11a10372482f235ac1a

SHA1
9e836ca6fb25b0986446ef8fdfe9edd0e832e7e0

SHA256
6a06493cf16e848ea6a33bba9e2d8e75276e37d10cab9cb4f6733fe065acb627

SHA512
d0b5ae586dd0004f763eff20e618fb4baed6c769a8befa07c2bd1cb9af51862f0cfae369578f26011c252d8bfeb9540bf794e0ca340293e63debecd76a2fbbe7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
565B

MD5
c4f2f1455c306a2e501790656183fa73

SHA1
531b6d9e12c1155d3520fc26bcf40ea65a5bb83b

SHA256
d1112f50995df4c4af21769418da8cb89a65ec7c483c0780858961013c4e2c33

SHA512
689c8a42a3b78b4743322a905bf638a8a370a3f9e81f0b33a6ca242261a702c7fdc13b40e20b89f596c03e5ca842574a23cfef8b1f4c142efc5fd033e601ffe2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
51ad528c434964ff05d9f934d19db912

SHA1
5ab95468d3b0a889498bfb54ce182422f59eace7

SHA256
3dce48aa707def49c8719a8db0814e29085bf16145f6f5fa4f22ef02bf2ae098

SHA512
b863eabcae778d14d5468928b8f690859a87bdce74ea01370abfda2ae7d088cc5a75992e7f3f5755c9d1cc314c8cca4896c8f644ecc1d5a7917df0a71c4cb595

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
c282a557f9d32a830f1c5b96a0b75941

SHA1
74940f069a879ea44b533698e828a38b5d4ec9a5

SHA256
017f104e73f87adc08c760126cc2e4e4a6a0d3f09cd9151f215c648925c31b3a

SHA512
b1d17f7818736ff2068713576353ff7bba79b16b3df29590db440eaa8b158dc33ebf5ef980d8a7f4f2cce1472626f5e522c7c127710fac000fcda75bd61586d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
9908c86de3d95278deecfb666380510d

SHA1
df347919baa6faae5d2a2d32d935bc388c09a9c4

SHA256
b152944ab5b832960b3dbc7dd2c53e2cf62d43473e979bdda17fb19425b83495

SHA512
a76589674ce49bd8b519ed11bcfa9acd0d14db31a3e163ac731b497e58b28cb0964bcb2448adf166de1000c9493e6584f4bccc190b9e8e063e616cbfa8e7c7d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
19c837f117f07714d5af55f4e2302920

SHA1
ca394d71e727a33e4a31cdf8b6df6004cccd644e

SHA256
4ea613b3f29811f8e9f20df2c4d743c42ce2fedcbc78d1f6aa1d7dfd66c9774d

SHA512
bdf9090022ddc9f2e1be66e2bbd4512ea87609edb8a7f4f12fa87f25c2a4af170e2eb0e0393f7d19f5ec169bec8decfd6f8546dd2a9079dcc1cb7c4535814a09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
17KB

MD5
6bc4851424575eaf03ebe2efee6073ab

SHA1
2d014fe2feb929d03a46322645a94556ca5c9e96

SHA256
abaded8e235fdf329521806af30a1cc7701eaca3fe2efccb9da760ec6d8e5e4e

SHA512
af3b7d93fa2243475d74d4bd7f918ce2706bf6eca28029b9e49869f5f793e483efaafdfab1fed6306d5fc77a5ed3b27097b27448cd04560bed4df6fa3268ccf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002

Filesize
17KB

MD5
fc97b88a7ce0b008366cd0260b0321dc

SHA1
4eae02aecb04fa15f0bb62036151fa016e64f7a9

SHA256
6388415a307a208b0a43b817ccd9e5fcdda9b6939ecd20ef4c0eda1aa3a0e49e

SHA512
889a0db0eb5ad4de4279b620783964bfda8edc6b137059d1ec1da9282716fe930f8c4ebfadea7cd5247a997f8d4d2990f7b972a17106de491365e3c2d2138175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000003

Filesize
22KB

MD5
1ac9e744574f723e217fb139ef1e86a9

SHA1
4194dce485bd10f2a030d2499da5c796dd12630f

SHA256
4564be03e04002c5f6eaeaea0aff16c5d0bbdad45359aef64f4c199cda8b195e

SHA512
b8515fb4b9470a7ce678331bbd59f44da47b627f87ea5a30d92ec1c6d583f1607539cd9318a5bccf0a0c6c2bd2637992e0519bd37acdf876f7a11ed184fb5109

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000004

Filesize
18KB

MD5
324f54e0ea4496603f15516e6bd852e2

SHA1
5eb97344a1afbeedef94505d710d63906a0bc896

SHA256
60f6dea89faa79d9a03a150906aa3e379164ec931b4982e864cb5f768de08371

SHA512
007eecbdecf9a4227978447b10318bc9144150f3b0b7e89e234df815a97d14b144dc2ea27ef3012aa28069ad7add9ea908e42c46556808645a1da9fba0e04db3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000005

Filesize
18KB

MD5
611e57d7bb38c215abef3c0ecd3aaa11

SHA1
7615308d4be5cd99917a8682430a758b1048027b

SHA256
24defbaa2c67b495f3be4b55ef1339cbf249b38cb4a980e069846af2691a01cb

SHA512
1f69fad2df40172b0e0f1d8bbd4351903f14d6253d8141165d77fc2aabd7b5dd32df58f470f109259f9e7ffea8444a5f7d6b8944ddc45f67c27009169ff7db68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4f20348a323a854852ca0f98c700222b

SHA1
768df52b315ddce463dc039641fd60679d999864

SHA256
f05c5a273ff50de5ddb8318dbbe22e83090b62c240116e4112fc83876b9dea5e

SHA512
e0a12e613d85840b4134191486ed46ce81108f1102a950d8a1a45b947006ca0f27e42b1046c0bea4259a60c3bfd8670f73740cbd306811112d835f25cd5c3acc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8da3e610cead90125135daa3a29328a0

SHA1
494439e8c6e49b8efd60411bab8d111a2ff0bc44

SHA256
cf0e620d34aa424a60959bebe110cfbf08040639f3909b67c757bbd62f49cad6

SHA512
d7cc0cc89f01d04403f1746aa5db9315687a815a195c600b85103efe9a021f2c049f106e2b71b0b7120c72332d2ab6dd88b3649c9000905949e0b5420def12e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7bf77589934c015e6dfb27525c38ccd4

SHA1
ac1909a2a29ce9807244091484653bc576078560

SHA256
00ee0f9f1782f158c93b9003fd827c89b858f0f2a654b59331dfd17e5a69bbef

SHA512
caa36c37d8ee46a2ecaaab916ca10d166e79c47e69f08b35b3e171b71dde3d940725c28e88104cff997c232d1f3dac1b3e49b0f45d38712b9433a1cc7460cf96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ec3c2ee7d56fa5b879af6a06842ff8a1

SHA1
d2fa6b5dfb9f34241e419fb5ce74783a24ae5848

SHA256
8aabd470a295ea4492b9c585539045b43ccc6d87c6a2d0378a9c02d246b8ea48

SHA512
425167a9d9aa02611c8a47ab1b583bedd89f31508120316260aad421009ac0f61b778d8685f05b6b84178d77e7567cf316bed5c4b38d0abf903cab161f24c194

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
4B

MD5
3010594c135a2ab4d3459fc7ac538e57

SHA1
3add204b20c44750e8fc99538c58b156c013a32c

SHA256
b673894b60c9b1539ad9cc737bf709bffe636d12620eb0eb3a976d95efdf6410

SHA512
11a6222141fc3bab61d689e8f3445c8da534f9883d3d0407f373dbdfd514b4688cea75d46ec7167ed454a96a1c00ae276daa4e412924351128e8f4284a672224

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
c3e94e3cd7534de2dc41f04e9cabf127

SHA1
3a762df25bc42f8f1bf873e83c35f400e9133256

SHA256
ee7e382f1fb812b9cce5d8ecf4e1063efbd5e0d70cbb228dc6e7ee15e7032894

SHA512
9c572e157472be278614343a48707872a78b5607af125c4103089b22faba2d4a0cad76e12ffaaa0e82bab608def41d25bdc90b93774bad0033cda6e7916f5d11

Download Submit
\??\pipe\LOCAL\crashpad_4540_TRQXSODPKZVXSZEG

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit