252acfc28079749d66630c52e72a5bd61426aa0d6bc3db0ee2828498322c3c91

Analysis

max time kernel
106s
max time network
107s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
27-01-2025 19:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Screenshot (17).pdf
Size

24KB
MD5

5bcfdecf567116985e482dd8bdfb9f7d
SHA1

f9290205a95b2e4ea48a382196974aa7f576cf06
SHA256

252acfc28079749d66630c52e72a5bd61426aa0d6bc3db0ee2828498322c3c91
SHA512

a6ac1ee324a231cfb9682e640c46c6a7571fc9c95fb38954fb91ba4b6f6ad50d13da00c582bc4413aa89a0a884d761f9be29e7f7001f9fb14b57ee67071f4439
SSDEEP

768:g7AWBT3bNhDbL5Wweoqz8X7+GTvcQZI/fYtRWpXaSbf9ibGLi:K9dRhD35W5oqz8BcSIXyRWpdbf9ib2i

Score

7^/10

microsoft discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing

Detected potential entity reuse from brand MICROSOFT. 1 IoCs

phishing microsoft

flow	pid	Process
105	2148	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious behavior: EnumeratesProcesses 39 IoCs

pid	Process
1920	msedge.exe
1920	msedge.exe
3852	msedge.exe
3852	msedge.exe
1668	AcroRd32.exe
1668	AcroRd32.exe
1668	AcroRd32.exe
1668	AcroRd32.exe
1668	AcroRd32.exe
1668	AcroRd32.exe
1668	AcroRd32.exe
1668	AcroRd32.exe
1668	AcroRd32.exe
1668	AcroRd32.exe
1668	AcroRd32.exe
1668	AcroRd32.exe
1668	AcroRd32.exe
1668	AcroRd32.exe
1668	AcroRd32.exe
1668	AcroRd32.exe
1668	AcroRd32.exe
1668	AcroRd32.exe
1668	AcroRd32.exe
1668	AcroRd32.exe
2784	identity_helper.exe
2784	identity_helper.exe
5832	msedge.exe
5832	msedge.exe
5492	msedge.exe
5492	msedge.exe
5492	msedge.exe
5436	identity_helper.exe
5436	identity_helper.exe
2148	msedge.exe
2148	msedge.exe
1532	msedge.exe
1532	msedge.exe
5688	identity_helper.exe
5688	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
5492	msedge.exe
5492	msedge.exe
5492	msedge.exe
5492	msedge.exe
5492	msedge.exe
5492	msedge.exe
5492	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1668	AcroRd32.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
5492	msedge.exe
5492	msedge.exe
5492	msedge.exe
5492	msedge.exe
5492	msedge.exe
5492	msedge.exe
5492	msedge.exe
5492	msedge.exe
5492	msedge.exe
5492	msedge.exe
5492	msedge.exe
5492	msedge.exe
5492	msedge.exe
5492	msedge.exe
5492	msedge.exe
5492	msedge.exe
5492	msedge.exe
5492	msedge.exe
5492	msedge.exe
5492	msedge.exe
5492	msedge.exe
5492	msedge.exe
5492	msedge.exe
5492	msedge.exe
5492	msedge.exe
5492	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
3852	msedge.exe
5492	msedge.exe
5492	msedge.exe
5492	msedge.exe
5492	msedge.exe
5492	msedge.exe
5492	msedge.exe
5492	msedge.exe
5492	msedge.exe
5492	msedge.exe
5492	msedge.exe
5492	msedge.exe
5492	msedge.exe
5492	msedge.exe
5492	msedge.exe
5492	msedge.exe
5492	msedge.exe
5492	msedge.exe
5492	msedge.exe
5492	msedge.exe
5492	msedge.exe
5492	msedge.exe
5492	msedge.exe
5492	msedge.exe
5492	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe
1532	msedge.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1668	AcroRd32.exe
1668	AcroRd32.exe
1668	AcroRd32.exe
1668	AcroRd32.exe
1668	AcroRd32.exe
1668	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1668 wrote to memory of 1852	1668	AcroRd32.exe	85
PID 1668 wrote to memory of 1852	1668	AcroRd32.exe	85
PID 1668 wrote to memory of 1852	1668	AcroRd32.exe	85
PID 1852 wrote to memory of 4832	1852	RdrCEF.exe	86
PID 1852 wrote to memory of 4832	1852	RdrCEF.exe	86
PID 1852 wrote to memory of 4832	1852	RdrCEF.exe	86
PID 1852 wrote to memory of 4832	1852	RdrCEF.exe	86
PID 1852 wrote to memory of 4832	1852	RdrCEF.exe	86
PID 1852 wrote to memory of 4832	1852	RdrCEF.exe	86
PID 1852 wrote to memory of 4832	1852	RdrCEF.exe	86
PID 1852 wrote to memory of 4832	1852	RdrCEF.exe	86
PID 1852 wrote to memory of 4832	1852	RdrCEF.exe	86
PID 1852 wrote to memory of 4832	1852	RdrCEF.exe	86
PID 1852 wrote to memory of 4832	1852	RdrCEF.exe	86
PID 1852 wrote to memory of 4832	1852	RdrCEF.exe	86
PID 1852 wrote to memory of 4832	1852	RdrCEF.exe	86
PID 1852 wrote to memory of 4832	1852	RdrCEF.exe	86
PID 1852 wrote to memory of 4832	1852	RdrCEF.exe	86
PID 1852 wrote to memory of 4832	1852	RdrCEF.exe	86
PID 1852 wrote to memory of 4832	1852	RdrCEF.exe	86
PID 1852 wrote to memory of 4832	1852	RdrCEF.exe	86
PID 1852 wrote to memory of 4832	1852	RdrCEF.exe	86
PID 1852 wrote to memory of 4832	1852	RdrCEF.exe	86
PID 1852 wrote to memory of 4832	1852	RdrCEF.exe	86
PID 1852 wrote to memory of 4832	1852	RdrCEF.exe	86
PID 1852 wrote to memory of 4832	1852	RdrCEF.exe	86
PID 1852 wrote to memory of 4832	1852	RdrCEF.exe	86
PID 1852 wrote to memory of 4832	1852	RdrCEF.exe	86
PID 1852 wrote to memory of 4832	1852	RdrCEF.exe	86
PID 1852 wrote to memory of 4832	1852	RdrCEF.exe	86
PID 1852 wrote to memory of 4832	1852	RdrCEF.exe	86
PID 1852 wrote to memory of 4832	1852	RdrCEF.exe	86
PID 1852 wrote to memory of 4832	1852	RdrCEF.exe	86
PID 1852 wrote to memory of 4832	1852	RdrCEF.exe	86
PID 1852 wrote to memory of 4832	1852	RdrCEF.exe	86
PID 1852 wrote to memory of 4832	1852	RdrCEF.exe	86
PID 1852 wrote to memory of 4832	1852	RdrCEF.exe	86
PID 1852 wrote to memory of 4832	1852	RdrCEF.exe	86
PID 1852 wrote to memory of 4832	1852	RdrCEF.exe	86
PID 1852 wrote to memory of 4832	1852	RdrCEF.exe	86
PID 1852 wrote to memory of 4832	1852	RdrCEF.exe	86
PID 1852 wrote to memory of 4832	1852	RdrCEF.exe	86
PID 1852 wrote to memory of 4832	1852	RdrCEF.exe	86
PID 1852 wrote to memory of 4832	1852	RdrCEF.exe	86
PID 1852 wrote to memory of 5060	1852	RdrCEF.exe	87
PID 1852 wrote to memory of 5060	1852	RdrCEF.exe	87
PID 1852 wrote to memory of 5060	1852	RdrCEF.exe	87
PID 1852 wrote to memory of 5060	1852	RdrCEF.exe	87
PID 1852 wrote to memory of 5060	1852	RdrCEF.exe	87
PID 1852 wrote to memory of 5060	1852	RdrCEF.exe	87
PID 1852 wrote to memory of 5060	1852	RdrCEF.exe	87
PID 1852 wrote to memory of 5060	1852	RdrCEF.exe	87
PID 1852 wrote to memory of 5060	1852	RdrCEF.exe	87
PID 1852 wrote to memory of 5060	1852	RdrCEF.exe	87
PID 1852 wrote to memory of 5060	1852	RdrCEF.exe	87
PID 1852 wrote to memory of 5060	1852	RdrCEF.exe	87
PID 1852 wrote to memory of 5060	1852	RdrCEF.exe	87
PID 1852 wrote to memory of 5060	1852	RdrCEF.exe	87
PID 1852 wrote to memory of 5060	1852	RdrCEF.exe	87
PID 1852 wrote to memory of 5060	1852	RdrCEF.exe	87
PID 1852 wrote to memory of 5060	1852	RdrCEF.exe	87
PID 1852 wrote to memory of 5060	1852	RdrCEF.exe	87
PID 1852 wrote to memory of 5060	1852	RdrCEF.exe	87
PID 1852 wrote to memory of 5060	1852	RdrCEF.exe	87

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Screenshot (17).pdf"
1⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1668
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:1852
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=00F07CDB240B61DDDEE9A41E628BD264 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4832
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=59C3D20E69D41EE76334EE7C22BDDEC6 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=59C3D20E69D41EE76334EE7C22BDDEC6 --renderer-client-id=2 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job /prefetch:1
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5060
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=BCB9B2B27797D85F1ECE4C4464C3AC31 --mojo-platform-channel-handle=2336 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4060
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=1A52FD9CC14BE6BA51722F7A62A061FC --mojo-platform-channel-handle=1820 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2788
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=2FD8B6CE3A3FA8238F0B73493926ECB8 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=2FD8B6CE3A3FA8238F0B73493926ECB8 --renderer-client-id=6 --mojo-platform-channel-handle=2320 --allow-no-sandbox-job /prefetch:1
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4292
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=919F09FAC99FF27ED83F874A6DCA2AAA --mojo-platform-channel-handle=2680 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://urldefense.com/v3/__https://accounts.google.com/[email protected]&continue=https:**Apasswords.google.com*checkup*start*pc_msg*3D1*26utm_source*3Dpc_nbpd*26utm_medium*3Demail__;Ly8vLz8lJSUlJQ!!PrnngaAx4byl!x3dT1LMT8tyM_Sv8oH1IM_-R8YZscEqNmJND6xnAVJtJ-4SRUDhObUT_t7qd6EoblmVBWGlRccbS3w9ftMMJHScZA-ve51VYdRJDsPY$
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:3852
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff20ca46f8,0x7fff20ca4708,0x7fff20ca4718
    3⤵
    PID:4512
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,7911017959186161695,13918358017757809648,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
    3⤵
    PID:4892
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,7911017959186161695,13918358017757809648,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1920
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,7911017959186161695,13918358017757809648,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
    3⤵
    PID:1860
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7911017959186161695,13918358017757809648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
    3⤵
    PID:2240
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7911017959186161695,13918358017757809648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:1
    3⤵
    PID:2724
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7911017959186161695,13918358017757809648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1
    3⤵
    PID:4260
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,7911017959186161695,13918358017757809648,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 /prefetch:8
    3⤵
    PID:2148
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,7911017959186161695,13918358017757809648,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2784
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7911017959186161695,13918358017757809648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3600 /prefetch:1
    3⤵
    PID:2956
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7911017959186161695,13918358017757809648,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3616 /prefetch:1
    3⤵
    PID:5056
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7911017959186161695,13918358017757809648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
    3⤵
    PID:5220
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,7911017959186161695,13918358017757809648,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
    3⤵
    PID:5228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://urldefense.com/v3/__https://accounts.google.com/[email protected]&continue=https:**Apasswords.google.com*checkup*start*pc_msg*3D1*26utm_source*3Dpc_nbpd*26utm_medium*3Demail__;Ly8vLz8lJSUlJQ!!PrnngaAx4byl!x3dT1LMT8tyM_Sv8oH1IM_-R8YZscEqNmJND6xnAVJtJ-4SRUDhObUT_t7qd6EoblmVBWGlRccbS3w9ftMMJHScZA-ve51VYdRJDsPY$
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:5492
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff20ca46f8,0x7fff20ca4708,0x7fff20ca4718
    3⤵
    PID:5468
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,12342394108897779274,16771090335613833993,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
    3⤵
    PID:5812
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,12342394108897779274,16771090335613833993,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5832
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,12342394108897779274,16771090335613833993,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
    3⤵
    PID:5972
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12342394108897779274,16771090335613833993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
    3⤵
    PID:5352
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12342394108897779274,16771090335613833993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
    3⤵
    PID:5364
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12342394108897779274,16771090335613833993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1
    3⤵
    PID:5204
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,12342394108897779274,16771090335613833993,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3532 /prefetch:8
    3⤵
    PID:5404
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,12342394108897779274,16771090335613833993,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3532 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5436
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12342394108897779274,16771090335613833993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4124 /prefetch:1
    3⤵
    PID:4804
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12342394108897779274,16771090335613833993,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
    3⤵
    PID:4180
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12342394108897779274,16771090335613833993,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
    3⤵
    PID:1968
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12342394108897779274,16771090335613833993,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
    3⤵
    PID:1220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://aka.ms/o0ukef
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:1532
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff20ca46f8,0x7fff20ca4708,0x7fff20ca4718
    3⤵
    PID:4348
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,16547654181982468000,5138983634933976498,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
    3⤵
    PID:4140
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,16547654181982468000,5138983634933976498,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2432 /prefetch:3
    3⤵
    - Detected potential entity reuse from brand MICROSOFT.
    - Suspicious behavior: EnumeratesProcesses
    PID:2148
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,16547654181982468000,5138983634933976498,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2976 /prefetch:8
    3⤵
    PID:5264
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16547654181982468000,5138983634933976498,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
    3⤵
    PID:3672
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16547654181982468000,5138983634933976498,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
    3⤵
    PID:3468
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16547654181982468000,5138983634933976498,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
    3⤵
    PID:4412
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,16547654181982468000,5138983634933976498,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 /prefetch:8
    3⤵
    PID:3580
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,16547654181982468000,5138983634933976498,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5688
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16547654181982468000,5138983634933976498,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
    3⤵
    PID:5736

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4500

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
8bafb6824343ef6b8ca1a3ade942552b

SHA1
3f6ffe35f2196ef320b8242c946f1d120a6f61a2

SHA256
4cc7c274d63997ca768d5c40a6c3b97b277e7e1db11d60ed5cb73fc199a48f1f

SHA512
20d48b3aea3983551e40ea3a03cab57bcafa3867e21a3a07048f87b026773034586777898698e233c898b2a1d228db9c4d8059e52a3fd42050d4ff9d7b9d2868

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
36KB

MD5
b30d3becc8731792523d599d949e63f5

SHA1
19350257e42d7aee17fb3bf139a9d3adb330fad4

SHA256
b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

SHA512
523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
56KB

MD5
752a1f26b18748311b691c7d8fc20633

SHA1
c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

SHA256
111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

SHA512
a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
34d2c4f40f47672ecdf6f66fea242f4a

SHA1
4bcad62542aeb44cae38a907d8b5a8604115ada2

SHA256
b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33

SHA512
50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1b662a1d2a8f6e84038745efaff75cd1

SHA1
4925fc2c4d1793f3428b9b953f3e9659fb3008a1

SHA256
9de787a1becd0f94abb25b5cbe971a3172085f5548ca95d7c0788b9e6baf232f

SHA512
5b254b68afe6a85b414b3db4dbf6a705f908d8843b2d55803bb7c877666b0b71ac7a4da7d41d992f4590dffae6e6da56186961f60af9fcb88db2c1954a747001

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
18557446eada003a5a16b2886b945678

SHA1
a8f7900b1a37e77cc2d1346c7ef2e3a623c4e525

SHA256
f7cac6beeedb7b31a078e057c14cd81940d4ce51c54319b52b4a441fb1f82485

SHA512
569fa5915de6e048b46a3a3a29f87008e7306565ef0a574540600f6f4e0a0d1f7721f6f88bc826af083db27d009b121d7157378b9efbbaecf59d4bb36eec9a89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8749e21d9d0a17dac32d5aa2027f7a75

SHA1
a5d555f8b035c7938a4a864e89218c0402ab7cde

SHA256
915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304

SHA512
c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
15c25eaf891df0820e0a726d3e1ba342

SHA1
61332a18f863fe24a8b8682985b5f3c60e53cf8c

SHA256
e739acc654fc6bb03ff9c4ebc3d9e8415dec99c08c9a7d178dd2a4488182b309

SHA512
422a1430eed0759a8f89b423c419bf71de50c4cf4d79ceea088f1bb6f6dd685e7ae6067c1e85d38d8c1e6674402e23cf2cd75773102e73b9c6250c8dd54d00da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\37ee7ee0-07ac-4b60-8050-6d0ec01af6cc.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
ea65fd2e05a853c0eda504a6dab80547

SHA1
366c7aa73529ad1a30dce00d3263f910169a0f50

SHA256
e90ad79afa097a72b1ff763fe3857106d2a11b90ef322305e534159b9aa42bb3

SHA512
a1d9a4a60728072644efe194d47f7399b8b8be2d3883552bab094044b87bf2438fe4b342a0181fb041770119406cc7425e406fdec88c9b66851cc6c87c5dedc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
95ecc6561f16baa3d0875d8ec422048a

SHA1
cec63eb7b90b16bc8e4590e8fbec6b2cc8208229

SHA256
3ffeccfe5dc636b1e3ec9c79668d4b7791b9b57747540e5ea53ae11957a2607c

SHA512
17486edf97caf4c8dc94f5abf260c0a1692f932d707d33cf4c7b3b54ff583064f6e01a6197cca560665dd0a348b3742ac6a1590e1dad893767bfc74766f45765

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
682759b5223ee7593695b6c548194785

SHA1
e89ab9759921a8e2200e7b3f31a2d29ff1046647

SHA256
9722e25415d2709e89ff0514e0e3681099ed95db037016e570228b861de9e006

SHA512
c09934ce14f3c1aae542545c2260c28b2fd2528335dcb8c504ed02abbd88de5663f48a06ae2034742d39ee3917477b372b2e5b62272659fbbb5638cc255cd9a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
14653ffdc80cab5fc0d82854ce687cb0

SHA1
871ba2345bf7c2aa5488b28f5b8a601d7e03eac9

SHA256
ebc5016578debf62362f6a75f52689e579713eac32ba6dc10e9691ef64a19231

SHA512
6ecae9e4abba29664a458abe188bf751ec27d5c4d5cb9e806c48d6e4c490c070d09848e926d517fa41d1ae26a32e5c1c2e83634dfb148e30de8396b8b67133ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
126KB

MD5
0f93797c1571af22f21124eb93717859

SHA1
d90b98ecc8f55377a282e6033a9b76ccb5a9fae5

SHA256
7ad0f2d6e64cec106b9c1e257ab54f0472713de87484a8afbbd2547fe0a84150

SHA512
91e5b727f5cf32dd5f2d7281ced00a4eb019a81ab6840b573d210cdf7a2561e4bed683cb580a8a310f3d15d01801e6af7db85564dd7933a2bec4f91f7aadb1d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
46KB

MD5
ffbd1a34856d57f207979fd253527f53

SHA1
c128087715fa7a76a97e397d41dc6fdcbc111fd5

SHA256
516635f115c2f678dd018cf4c7293bb7ef0dab5cac6dd4cebb42ae3f29c3c032

SHA512
ca41880568f100131b8ae82a8643119b08361c0db7ab31a4b474b2735a42657c776bcf01c87d90f94cf8b7cfc9d8ae3e45296d93cf2a528e3a70abc8c9aa8935

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
83KB

MD5
b354cc9d56a1da6b0c77604d1b153850

SHA1
a3d8479f4d4e39b131bc9a53bbf53d1fbaa23732

SHA256
fdce77a6d0053f32d231518a84a71bcab5c86045ed52369da00b89d4284aef46

SHA512
b6dcbe11a0f90ef61a071fdf7d8c637f95fc77969cffda9f291772b4fa2c2f9020eea2916da6f1113d746afeafbf592d0db79fb2f2f5400bc0a0fc10a066ba98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
36KB

MD5
3de23ed9aceb7a1bd7ab03a49d4f6427

SHA1
ef2134439bdb402450be8be3efe9453301517778

SHA256
bbf9bc7e2bdc8d11e119b5b236ce3ad0f153a6c4d3489c96af033b92b281961a

SHA512
e383ca9db465fadf2cbba8a77868e7976ee4392472115534b8f4831d989d24a9ec9a473d299929e2da9c2c839ca80237a8e3a756a7e0ab8454c1cdcacdc3ca3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1bb10b24c0858535_0

Filesize
4KB

MD5
b1464d86bae184d9fcb0de1b55ef13fa

SHA1
8c5a39312389d3f31e8c34f70bc3471eb5f90781

SHA256
c38b87d79cbc72ba5965224f693d0d50f68fe809054d4b090ab1466aa3b79c35

SHA512
ec73b85e1ee45f20d0245a971766f7195dc0b8b4d0d2825225b9a871bdda38fa41279f1217123b669ab67a8df92ff0748076161511fc0fab1ce33272a3d3c2e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\58ea8a7d51c1d880_0

Filesize
3KB

MD5
2aa644ba9920153e21688008de0a7117

SHA1
917cfd1751faecdb6b3770198eeec29c126c7690

SHA256
68f054c9723a8e304ac862b83b32ba1deaf58f7aed015ce1334e1fc4071d3190

SHA512
284599ccc3ee2d82a02de86b8f3510fa70a63b8ad663b08958dc69f634fb98d9fbe214ee6ac5243e8c6d37d691efac66a156d287218fcafa81e24ca5f89d7fa6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c5a45976df55230e_0

Filesize
114KB

MD5
87d0db64313b42d5959cd65cc5f391df

SHA1
e4ffe332c32d6448ed5c4cbe32c41ce3923cb8c7

SHA256
47dd8d63c97232201f9c03c4dc06e420bbe628ce30db708e492872e68e0dfc7a

SHA512
cc529774a95db1f7ef07a1c208129e505db7be7b457687da2f8ba5392c0ee5c7083e380044fa8a68a7bdf4cdb4b90054c88dde1a0ca1ca5cde79c4c96c126b0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c6799ef2ef6d05b8_0

Filesize
21KB

MD5
66367743765f002315d2cc5fb0128568

SHA1
4376e072a711584a48d6bfb8f29041568d7cbbb5

SHA256
97f669046df4704045343b819d63c4d1dcee4d6617fae4332af37335d00a759b

SHA512
73271d63ed209f0370fdeb534a8d7f3e43b72e5d728b24f85f683ca206ec9482d7933239b92f237893150650f16e199c6f0f19084e02c50dc366424f9af8bb4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e71aea12230fb461_0

Filesize
265B

MD5
482f1aef497e5c243c433c10e3f48638

SHA1
8853e0fc8a6d3cb13dff3f599387ceaef409f89d

SHA256
559abdf236d6a794302f39a59fa37101ccb8ab2d7b1b23535f458f555ac0a9be

SHA512
e45c9b7ac0512c5cd2377daf514bd3d5b5be225a891ee260aa5e02507c0fce2247f70e20a50ac6e5603a259deb362869633ef83a11a0607c1f09a3898a9347c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
100af884b8dc5fb00f5c18cc6c505bf5

SHA1
4e021ccd34cd85c61a9a883ff25d0074c55cad8a

SHA256
5431b6537df5a0ee7aa2f7a7d51077a7fccee3e30fb477157ef8204f4b685a96

SHA512
198a0b91ecd0bbfcc0464a70a14443b29a51a2c5433df5f7e958e7d406f9b0919dfa48646ca0b324c1fc9ae90777b68964ea4a91b1bd5c4269c30da761c6ab0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
41585fb2cd97834161f8b2be2e1ddf34

SHA1
fadf71244c0be975bba23b2208b84e36cfee4b91

SHA256
e11982548d5075e44236f8314f2d3478135ac56e09ac07430e10d48a6d2ffa29

SHA512
f9359efbac95631a71d4617eb155ff89fe39058a6509c94ad962f7667a5277259ce23649e3fefbb22d8385eccdaaea71b80d52b0a5d26f94beb3cbdceafaf07c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
4dae71fb59bba39a427a84be2002f8ff

SHA1
ebbdf48a29ee957b0ddc183366558637641b7543

SHA256
e93fe1d6745550f979182e0eb275e3117c2f8a0ad3aa460d4dd6c64394ce6aae

SHA512
fb0a731d48a5b78ca41553d24a020d67721777b6921a6ae288d314f49d744836f4542c2bd95ab252a8358e33609b383721c0b58fb486527ad569594dce3d6357

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
7b4d73555548fe2b009c341aa33ee9de

SHA1
34d6d0e588bcaf86023838288b374aa20ff8b73e

SHA256
c8cd20c556b4c9b7da2a1e70d669bb09cfab92c235004e112bfbede1afc8094f

SHA512
d921e3cae1f1ff98ed8c532c45ce50f94abccee11adbd14da827d3276a26bf8112be9e60eeadde9dd806479a8cf5914d181023cb7609c41c035a076f6cc78967

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
579eb991c1a020c234edf7381aa34f2b

SHA1
e95f3cb5f14e504e9899d48724d1c4eee24216a5

SHA256
b5aa8a50a109bcbf97a12471f58104e267ea88b46133b29b1a92043d3bc1ea86

SHA512
c5e24546dea3079d9d13ac58842fe0f5b8ae3c3da7c2ecf02f4bd58d4d67407d201918c68813ca429404aa8c15a02a5b4c10ca9b667fd9c7d3aaf3111565f793

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
5KB

MD5
e58d1955f23b404be43b3dacc2eac02c

SHA1
22a6176c8addc88c101ab0eb90de3905889e9315

SHA256
6cecf4e425e24ab1e35df238291bc7cfc916a9f30133bc6da578358f4efaf120

SHA512
11e10a9823d526051de6192493eebc6a0174f374f5dbec40c2bb701e5d96e6ca326d5b4fe2388d0e38110269b393ad083fe7332eca3e1bce499da3e6f34d3090

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
28KB

MD5
a0ddfb433cabf754bf0dc1e192b4fa3d

SHA1
9ee1690023a41063141100cf524c3861fb6f9270

SHA256
a0fc3f021168e976aeb4a35cb0370f8d0841efe40d0519378a13f76de7c1ea61

SHA512
a5534414b5a3dac332ed4976cf434df572afb940c8c9dfbb3fb0d8882fb5bb6d314ad2bc687f152ece7b84325fcc6d4cf2a6392b4258bdd66d1066e688479e72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
495c5f5fabae528e258052ce312486c7

SHA1
144b997b1f82856e1f6b603a7b6b9419e37605ac

SHA256
246114cdc023b375a9b02b908a7bc813d4e4fab58dcbb455455e0008579b9ea4

SHA512
71cf64c34bcce009806cb35be4f08790b63539825f85f8e6007cc2d4cca3c6e2b5bd936c2b1709a913c0ab33586326246ecfb93f9856949325d00d997cbfecfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
380B

MD5
3f3b29efe3410ee14f007d0150726b18

SHA1
022fa9ee97f8d7682914b3e54b4dd7372c832dfc

SHA256
a5c41cb7404248f602cc59fcca518a6bf6d54f8d3ceb0c53cffdff0cedba41ba

SHA512
c39f58a1038efea65e642b5dd89d74783fd76b89180acb7dad8188a1ddc7a4910d65b7d6416d1bac14e9570d14a7c6ae1779394664e3b5fe478cae39a166dd94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
564B

MD5
095042e6e80a94694fdca2ff0497fb47

SHA1
682dfe3621e85ca7921a77d09a13a963e8ca7704

SHA256
867b10aa80d33724851d6d34e18f6dad58094030a68d91b839d9386b9cebe7e0

SHA512
45425c6b35144f29dad4c89aebfec190ea373dd4bf62b0b76966e5bbf4b0ddeee3d63d8bcd474fe726c7ca5ac88b05d7b0fdf9f9a6a5c3061952691566fce78d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
5d073a0a8bb08ef001a6af09e3cc9544

SHA1
0e9b59aceebe706b559323697ce8be21fc8f9a5d

SHA256
db5f9e120a6a8c57063cc19e406e48b77673bdafb3e6d003de19cdbb0300f2c2

SHA512
645163489356fd82b798529483cb6e10199a12ab28b00642be0e75423b1b5277e08e219e6ce4edc972f317da1b076d24e7070094ed62d48464aeb8e6fefbac14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ff61d5fe816bd3373462f0ad6b622eff

SHA1
675084e1bc7a5a6997831a18d65ea0f52505a81f

SHA256
863b9bbf3a31b040007d09360d020d0ebaac8c05f4bbaade29c8b4cda0764ee1

SHA512
706f88bb4ce6412936d08ee98ce75223634ca6e32776babf5425eb1d401786c7fa026ff4a5d67a6171ca45f45eb6769108e0da60dac5db1b33a3195ca806c78f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b4d8f8ccdd1537036ebb8b21441c25f6

SHA1
05ad834bb494ee160ac709494c97d13932bbc18d

SHA256
46d1023efbb4151d8fb29553c80add1da6e235996deb02156fdd005b27067178

SHA512
8b6279d3cb43ce0f7b383086e63dcfc06afb3d47d6eebd24c16dec9ef4cb1af470ab4a6f17f2af4f48447a023f6db6cee769a993396ea98d8bdcc5f719b14dbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
89248691423c13df5006c7e56c360476

SHA1
12d5061b4de72ce4079bd48f76b7a9ef1dc7f449

SHA256
1a6727fdcfc190d6605f895e359ce065f3360fb7780a1703fc2d509d7e9832a9

SHA512
80c92b78f6012fb2c4fbc1940638dc14ade11154d793457f8fe24b1a54d608d1a75a859a6c42f93d38a3d26999e93f4bce139d3fddbe5c374db321885700bc45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
618ab2ac71cedd0a041137883d79730e

SHA1
b40e92aa15094d1a1524777cc1020325bca2fb61

SHA256
dfc9f082209d530742d0c593d2adf8d004e1ce171678be8256db7868321935ca

SHA512
1e89f5247a1f031555c3188dc8208aae302c561bb339d7d3e98d024a55833e133e9a645971364cde8c7fd34ce7bf2c00b998eea15923ef0094bf83314732ca56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
73f899c87c91f1866d9de4a5e6bc8e9d

SHA1
6711d783b9953853f34664d8fefce9902b3f86c8

SHA256
1beee4792d2d4125f0768db9f15538c8fd32c724061b5281298e1cf1046a09ac

SHA512
26c9c6bf2a23afab5e136a8c8397dbec7a41d942a05c934e9de377213678bf4f89c65bcf6f6afbc84b3c4147a055744f4f8320c937e42d9ffc04a1bda6819d6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
57eff56aa0c8513c40a04f71f4538713

SHA1
fddab493cf1daf666cb4bd73b2bc534a709fd2bf

SHA256
5810065a052c23a821cf62a4db98e5983fae384c44b79ebc4c9416960e489a71

SHA512
5650dd222cab0969d4ed37dd7ec1faf7358f66400683b4cbd054d1e5878a7b97dbf33353653b44377573c8676ba9d48524361a87ac3b2e01782db0e150f86311

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c6315744e1961a74be0e9f44ec702739

SHA1
e9c909a8cde58cedab539f75ad57b41aa53cb12b

SHA256
04e585f42e2767f53b21703cb70f600cc37ca1bcf6ad2b3d82a5a8a0753943c4

SHA512
e5db36c624c029be52a547468fe2db966881dc4b963176ada13b06a4222b726cf49ba3713b8017f8ba501a69677e4f55def2d81c06acf28c081e5910fa53b22d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
34184ef3469bd12c3a1f6f3297209283

SHA1
6fd3e92b656bca223309e7611e0bbe10a804b946

SHA256
a15691a3a63fe9cae6f762f4955595a996e5f73b6ea63b6f122e3debc85f42e4

SHA512
47191d990a605b03effb43c490090c38ae07e6964b54d2c51e2441aad5f82a21a5990d26b9c124282c09e07c5e2582e94ce7472f472de10b8a85183e1baf2290

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8176a9ab3ec89c2ed42d4be822f119cc

SHA1
15e161fa8923b672f24c0573b29cfc6b6fbdf64b

SHA256
194eb681237fd5d770894f3fed876c93484111ff64e62e3c323d875b62dc9e54

SHA512
7d358e72e11af618256ba47c05b760be6668efcc724bfcf4be1576e94fac9a29f4b53eae8835d98b858fcce974c7f56ff45d987cef939acb877549129747579f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
26ec305528c21a33ba44066d0d9c1209

SHA1
fa5af29963867f7f8863008d849ce67ad9feedb4

SHA256
507e9959582ecc2b2834d03c5a4a0cf2af4c7ecb7961d35d23f6c362c7352ea9

SHA512
7ebb4cdce53a7fe5e7a2ce79fb570db9591d348cb439f6fd23f52d2f093cdfad29d6144657fc05accf9ace0d90a9be74c50030067abd77e0a2b3cd3284f52f71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL

Filesize
36KB

MD5
c8835131ecf28864c61dfa73510d002b

SHA1
62dea6f75fe4adf7519b3594a7805a72aad4b069

SHA256
0d72cc3554b52199ce6f8f70c6e70110ef39f9278737d24b433523ec2a3fd80d

SHA512
2a355c841897e05ffe34c191f026029a736c61d7b2356f1a8071f153177b901d2927f5b29a69f6579c1e2322c0b7d811c293f52ff70b745efdcfedb613b8124a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
156B

MD5
fa1af62bdaf3c63591454d2631d5dd6d

SHA1
14fc1fc51a9b7ccab8f04c45d84442ed02eb9466

SHA256
00dd3c8077c2cca17ea9b94804490326ae6f43e6070d06b1516dfd5c4736d94d

SHA512
2c3184f563b9a9bff088114f0547f204ee1e0b864115366c86506215f42d7dbf161bc2534ccaee783e62cc01105edffc5f5dabf229da5ebd839c96af1d45de77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
467fd22b1c83bacf7eb19728777ee7e4

SHA1
c1470f65ff5adcf9c99d8f8f14b36e9bd3fa8fe6

SHA256
6cce699271f0edcf40fc30a1a3f21068da7929d0a319a1945fa7cff088aaf5cb

SHA512
31c48a7eac1aae4e9289bb324708b8e4fd1f429d85b7a1120236949216f31cc80432b591a042bd2acd916017b0676fc470856f3c163d7d6a0025af7bf68347ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13382479532873736

Filesize
8KB

MD5
da5b8753c158010905de48e9c78217be

SHA1
b18b1ea7b1121c1cb8e2d7d2baa74f478d746e78

SHA256
4cdd061a86eef7ec18a341978ace4c7aa2d657b397b9c764145c1ed004607e9d

SHA512
f5cca2ad723ae5566d05ea5c7dcfbe252de0d2fbd33618b68297daabe804668b99739b5caa03989edc456759aac297e5bf9bb282aa70166b432e03ea8cd60907

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
d1cfc17285857c0ce4eb0a6841fd33fb

SHA1
f1b25d323bf49f5fb05b152934002b30b163f7f2

SHA256
3789726921dd972baf16ec680e1d26825447c524b1c533ddee304571fb6b5ca0

SHA512
56769ea88edcbec90e1a2db8cef38e3a39018299ca00d337cd2992da7d783013b63bba7315d2e1fac57f3404212718bcbb0a8c12a6f442a382222fb56203e1fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
f6ae1c322e0b5a37195eff7e8e462649

SHA1
eb7775c92317d45a8479b5bfb9512357e6a35bae

SHA256
19461d4cbe21bdf296203409770f226fd3743d794b78a8c308441cf2106e0f21

SHA512
1288c23eaa0050f507ec95f174362666d353f7e754ff5d53289a6a4cabeb3f9abf14588a2329241e7093d6d3b5d9a41f3ee87ba0770e720674ed21d7cae24ba8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
0df9a8c7d7be94f30bedb192814a832b

SHA1
a412842a117d6a1724fd00774cf5d94872ae7ee9

SHA256
bd465d4f64c5461043fe0ec0b0118ef98c85979d0294e555f9838cc5c32ad501

SHA512
2ed3caed24aeab30987a447f7a385e2ba991cd775be913991f0d30cd1854757536e241bdffd39e6e347c1f5ef8fc1e80ea88825120969097640f0e399cc06aa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
f6f5a8f5e24bd3fa0c2d7075e82a3921

SHA1
5cdafed02fb6df4c08c8084f5c0c4a156e7adbaa

SHA256
ebcd8a5a584727e941ccd38fa66c2b3b442fa95b4ed78d975931b48b87f7402e

SHA512
9fbf430dee49e945f8339f1edd866462d843d4149ddac9228ea89716de44fea1d16c8730a2d5dd38c42ad6bd6fa041e89a395743782322919ae1dbc109eee644

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
1fb18c6e28e3ef7f55ba3f6a4ec9de74

SHA1
bcdd41da1892a75fa9c388d0c3bde4f98ff85806

SHA256
67622f987c59a2cdf96c0d4cd25d2831276b6d92b39d9ef07ecb96db54aa0998

SHA512
68f9f5ff53b88ae992546e5ed9c6b0129838be4238308f87f8d5bcfdb00a20443067eb405d6aa6c31e9735aa3d9f8c0a2aebb29039d1973022aed9bc6cd3d537

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
6f31d3fa10c0c4a68c4d0cb83241c0b2

SHA1
140fdd873be7dcf2a4e0b062c5b369697f6bdf8f

SHA256
4ba987565e6d0584339fdaecf3539c519c45155f5a8f9aad626fde3dcb260091

SHA512
dcfa772979f9b461f6ac4dff4734742347b643213aa5cf84cf7dd629ec9f34c9aadcb360a30fe94cbee7876a3e08ad7da5570a29489ad04ba5e75b976235f421

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
75a18db6bb0d3c66de09ea0427549867

SHA1
0605e3aab9d78d0de1e73fe5d9707e402123db41

SHA256
957cda31cbb9e7c264e3e53d66e6caf77f5e389c5d37a2f4bb546333cdafa544

SHA512
bfbc2f52011510a70e89a25cf486a1a140c266609302e11e05042a1866b480b8438434bb0b3aae19a3c120722f198f48b7867bc3c5ddc20eae2bf06cdfcac86a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
589c49f8a8e18ec6998a7a30b4958ebc

SHA1
cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e

SHA256
26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8

SHA512
e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
01cd6568d1e69f3952ab583c4928663a

SHA1
a4c81ca4b5cbaebdf67107edc0a3e8f018f7f135

SHA256
fd656d27d4474b8648d7771ae75c480c27fdd918b46d7dd7c0a6a318562cbab5

SHA512
8153a922e161f4c2bd40b4c2086d9f430938774a3ca210e117a89315ebaa0bc8c6a8f912e01e07df4e977aba7a0802f834bf26f878d08be024332c57b04ea290

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
187B

MD5
93c516f38e096c3d40d9e7ab369055fc

SHA1
51f7459ac8873add191e45ae2e4f4cd82aa83d09

SHA256
50b09c05a5155a5a6bf4cc3fd403d5565fdc0a9d33709dbbbf829fddd70c5e4c

SHA512
0b176c7badefbcfe66b260fba1d9adcd611e7909ce0415fd899331fd101be8b9af0274f10ad99901973aecb64c38ee6836acb699d018a89dcaf198c3617c2e5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
97aea7b4dafc0779ce7d9ed6b5b130a3

SHA1
059023c1757b622b49846dc11a9d65fbe18c9531

SHA256
2ee6cf4ea4a4a1c685c093ddfb50cb872ff84f905637e3db5f2b652d31efea34

SHA512
aa5d94802e38a1aef9793f78a4cccf428770b4756cc6fc65055831c3b41447d2bc8898d9c819fffd2e6c0f78240686b7e854d547900c4397c8cf528a7596e754

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
565B

MD5
54be19e9ba13fa73414aef9960d3e3fd

SHA1
476941235c3f6180afd873a52f340e6feded902d

SHA256
b4c5bc3adae1d357ca7303a5a25c2c0905440f5225df5200fbea6fd2c04ff880

SHA512
510dd2254947974042c264612d296b039f6162140512f17fce6bad89be7eb252741872144b22d2017804573338413b1db358b3f3f45fc1ad61c18d4c87bd88b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
b9a80150a0eb485354596f358a0d9777

SHA1
f22d0323487e1312b676b46b0b89e006782d69a3

SHA256
889bd1c0ae234e7ea3198fab25d487c5673f0f3b76a7feb5ff87148068e3843f

SHA512
9dd179b426d511b7b0b9181ba8250c4a38e11c9dd60e4189a040f304472c264259edcfed198d5d7b5ce9f2c7fcdce566578b4736bb5a8dbee9eeeaf00ffca8e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
a0f86131dfa48d7700e5e2d3054ef85d

SHA1
f177968aa9d4016c47a36c023ef5bc3196047f4b

SHA256
305597cebce8bd5d07b556d9192b91b6df1da5bce5d9ef2b3e935a59ae45a540

SHA512
1c0b74f2891cb48cb774c73f1531e1c8013fc84f92bf2f2be9440fa2b88a96603daa97ddfd194cdd57e5a094e0483f6ae6a7044b9ade3ef2901410170c6ad135

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
ad0fef96cc7cd8d88b0fadc55c8a62c0

SHA1
f343c22cfdd77937dd1deee256644cb2dc753a5d

SHA256
e7e1bba92e2b63ac20f1a2cec5dda3b4e3de8de462147b4a31b400a05b3f17f4

SHA512
a33bd4fc0717df75b64ff150f53b3df9ab0abcf409019eb631795b3a4fd4d334e76f46712659319b364239e9539e85f41ef5e490e634e1fc187698422688b611

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
f17d649942701c1058a4f96d50c21674

SHA1
40c132f6704b110ec08e89dd340f3135f4164401

SHA256
92769ef619b19cd83c871ba1ea8f1201ef0ff583fe8cf50f42d7f432bed75454

SHA512
63ae55455c2699b7d8b7f54d9e190519ae94ad208625ef6c91798b9223ed28e1c79d409396ddf62d316dcc51beb14db93e6eea8baeeccb8485f49c00070eff61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
17KB

MD5
6bc4851424575eaf03ebe2efee6073ab

SHA1
2d014fe2feb929d03a46322645a94556ca5c9e96

SHA256
abaded8e235fdf329521806af30a1cc7701eaca3fe2efccb9da760ec6d8e5e4e

SHA512
af3b7d93fa2243475d74d4bd7f918ce2706bf6eca28029b9e49869f5f793e483efaafdfab1fed6306d5fc77a5ed3b27097b27448cd04560bed4df6fa3268ccf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002

Filesize
17KB

MD5
fc97b88a7ce0b008366cd0260b0321dc

SHA1
4eae02aecb04fa15f0bb62036151fa016e64f7a9

SHA256
6388415a307a208b0a43b817ccd9e5fcdda9b6939ecd20ef4c0eda1aa3a0e49e

SHA512
889a0db0eb5ad4de4279b620783964bfda8edc6b137059d1ec1da9282716fe930f8c4ebfadea7cd5247a997f8d4d2990f7b972a17106de491365e3c2d2138175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000003

Filesize
16KB

MD5
8c90ef324f283ecdeb93c8a2f9fd95f9

SHA1
688579f915a91b55cf1c6c380cb8156ac4adaca2

SHA256
b7765f9061b27af2af00c105d7b26fe859e74888ade409d8584fe5604b0872c6

SHA512
2300bb84da066ae0bd7cedbd4f5711774982b6a31a7b75bea1ae96eadb4d64e4674aef4dc8d1d7122e6c83b32446ce23f55b794b8f6768246de0e492bb958de3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4da3dd830ac95f2d9baafcc6a310161b

SHA1
f74fd85b1333fa1ac69757bf73b2f7fde8bee62d

SHA256
9a0c0296ebe18191d1bfd373075baff30e42e95a4369b1e54f4e8885af2b2fe2

SHA512
683bb42439f5e1d1a910840a4a5d19eadc949930f6ae23a1512a546508df5bb619cb3d9ae651e0fdf80a58321bb38f670d6eec1c9ae2d4e384b8f888905c6e9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
886a8527e29e9678ea573e79ec70c1f9

SHA1
dede5994a85fc6b765b79ea7c9b6ece44badcb70

SHA256
1ee976c051ceb7228f36a5ee4787b2e532abaf8b5c91d725fd31f629eb3ca00c

SHA512
5a769129d3d094f5651e0fd55df30cc00ae5bd9d0edd606348dc5b548031310d372b9ef4f83c213982b4e37b62409ae9e57897d01b5b561d1303c30ecac79ef6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
53e4e1202008429925f559eba3c59f1c

SHA1
77d67ac3ac95bfc143165964b9604f7ea91d74dd

SHA256
13f10df8edfb58a3087fb7360f06b979b3d0771ba8ce564073c3be3ac29acdc5

SHA512
6d87062e689111c29ec4f0e822147e0b47a441d2ca7d018a4d5ff92ba43e96824a73244257625c931be276ef97f0d26073602bc329388b4924234aa578198444

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b805614cf7c25ccd7f811a2d19adf07a

SHA1
62ef8aa5227896080a70eade744492b6d981f593

SHA256
d95e1c44565be7261825b19bd0946bb28d55c5f13e0a8872f806c7a61468a653

SHA512
1f70b561451e9518800962f3e46aaf22ce03b5a3a18cb0a2c2ef6fe2d7f2057478c901eb45270d170e0cf888e652c78410bc688f5ad1b1f121f6a20792a2a596

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
d3fc01ba397f387cdbbdc39e8e9d97ff

SHA1
7187391f5eb6dbd7931a913fa57943bb55a8a0f7

SHA256
e02ccb7002a9f8327be12417d8abf0bb3cc70547a080aaefbf03f8f0fb392b68

SHA512
1645818651f9648009421d1201d7915df56f047386d8c20c3d3ff16a676963b1b3d69f4a07d9e5ce56e1af2da23f5ebfcd19b24601eb85e006f9196943ff7877

Download Submit