487f4dd9bdbe94a9cf1a04a8fdec19f16f86864d05d06f0511544b3ff68c850c

Resubmissions

13/04/2025, 10:01

250413-l17t1stjx4 10

13/04/2025, 09:58

13/04/2025, 09:06

13/04/2025, 08:54

13/04/2025, 08:48

Analysis

max time kernel
121s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
13/04/2025, 08:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

virusshare/3/VirusShare_4675e87be15585e66b0c88b833dd9ecd.pdf
Size

32KB
MD5

4675e87be15585e66b0c88b833dd9ecd
SHA1

b2c62b3cdc97ca86df9f06ea78bc4c59439d7a9b
SHA256

77e2bcef8ff0e68646b27591faea3e15b4a09154d0611a5004ec028df5f36256
SHA512

433f88857e55d57f01230dabb3ca5c618311c45e93c82786ab2677a7d2522e91343bcb7f8df02c83abcc9d431e0bd553022b05ab1f7c2c7f05d621f07a7e19a1
SSDEEP

768:YJ7cDLXeFL/i6XV7JCzYLggXw2E0Ua20dZU57DsM1uBsYJyWOOX8ohjaSD2stCQB:0c/XcLF8E5Z

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6072_1622308123\_locales\th\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6072_1622308123\_locales\bg\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6072_1622308123\_locales\ro\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6072_1622308123\_locales\kk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6072_1622308123\_locales\pt_BR\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6072_1622308123\_locales\lo\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6072_1622308123\_locales\sv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6072_1622308123\_locales\is\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6072_1622308123\service_worker_bin_prod.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6072_1622308123\_locales\te\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6072_1622308123\_locales\zh_CN\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6072_1622308123\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1820_1093177924\sets.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6072_1622308123\_locales\ja\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6072_1622308123\_locales\hr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6072_1622308123\_locales\no\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6072_1622308123\_locales\tr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6072_1622308123\_locales\kn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6072_1622308123\_locales\ms\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6072_1622308123\_locales\pa\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6072_1622308123\_locales\sw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6072_1622308123\_locales\am\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6072_1622308123\_locales\mn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6072_1622308123\_locales\pt_PT\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6072_1622308123\_locales\fr_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6072_1622308123\_locales\km\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6072_1622308123\_locales\gl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6072_1622308123\_locales\en_GB\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6072_1622308123\_locales\zu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6072_1622308123\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6072_1622308123\_locales\da\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6072_1622308123\_locales\hy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1820_1476095422\protocols.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1820_1476095422\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1820_1093177924\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6072_1622308123\dasherSettingSchema.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6072_1622308123\_locales\de\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6072_1622308123\_locales\ko\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6072_1622308123\_locales\eu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6072_1622308123\_locales\az\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6072_1622308123\128.png	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6072_1622308123\_locales\lv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6072_1622308123\_locales\uk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6072_1622308123\_locales\hu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6072_1622308123\_locales\ca\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6072_1622308123\_locales\cy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6072_1622308123\_locales\fa\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6072_1622308123\_locales\iw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6072_1622308123\_locales\en_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6072_1622308123\_locales\lt\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6072_1622308123\_locales\si\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6072_1622308123\_locales\es\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6072_1622308123\_locales\id\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1820_1093177924\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1820_1093177924\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6072_1622308123\offscreendocument.html	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6072_1622308123\_locales\ta\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6072_1622308123\_locales\fil\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6072_1622308123\_locales\vi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6072_1622308123\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1820_1476095422\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6072_1622308123\offscreendocument_main.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6072_1622308123\_locales\my\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6072_1622308123\_locales\en_US\messages.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133890078522284141"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-308834014-1004923324-1191300197-1000\{DB076441-A016-48C5-8B3F-BC0603B47B6C}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-308834014-1004923324-1191300197-1000_Classes\Local Settings\MuiCache	RdrCEF.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-308834014-1004923324-1191300197-1000\{EE6C605C-C988-4A67-96A5-F92C2A854675}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
1096	AcroRd32.exe
1096	AcroRd32.exe
1096	AcroRd32.exe
1096	AcroRd32.exe
1096	AcroRd32.exe
1096	AcroRd32.exe
1096	AcroRd32.exe
1096	AcroRd32.exe
1096	AcroRd32.exe
1096	AcroRd32.exe
1096	AcroRd32.exe
1096	AcroRd32.exe
1096	AcroRd32.exe
1096	AcroRd32.exe
1096	AcroRd32.exe
1096	AcroRd32.exe
1096	AcroRd32.exe
1096	AcroRd32.exe
1096	AcroRd32.exe
1096	AcroRd32.exe
1820	msedge.exe
1820	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
6072	msedge.exe
6072	msedge.exe
6072	msedge.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
1096	AcroRd32.exe
6072	msedge.exe
6072	msedge.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
1096	AcroRd32.exe
1096	AcroRd32.exe
1096	AcroRd32.exe
1096	AcroRd32.exe
1096	AcroRd32.exe
1096	AcroRd32.exe
1096	AcroRd32.exe
1096	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1096 wrote to memory of 3244	1096	AcroRd32.exe	96
PID 1096 wrote to memory of 3244	1096	AcroRd32.exe	96
PID 1096 wrote to memory of 3244	1096	AcroRd32.exe	96
PID 3244 wrote to memory of 5664	3244	RdrCEF.exe	99
PID 3244 wrote to memory of 5664	3244	RdrCEF.exe	99
PID 3244 wrote to memory of 5664	3244	RdrCEF.exe	99
PID 3244 wrote to memory of 5664	3244	RdrCEF.exe	99
PID 3244 wrote to memory of 5664	3244	RdrCEF.exe	99
PID 3244 wrote to memory of 5664	3244	RdrCEF.exe	99
PID 3244 wrote to memory of 5664	3244	RdrCEF.exe	99
PID 3244 wrote to memory of 5664	3244	RdrCEF.exe	99
PID 3244 wrote to memory of 5664	3244	RdrCEF.exe	99
PID 3244 wrote to memory of 5664	3244	RdrCEF.exe	99
PID 3244 wrote to memory of 5664	3244	RdrCEF.exe	99
PID 3244 wrote to memory of 5664	3244	RdrCEF.exe	99
PID 3244 wrote to memory of 5664	3244	RdrCEF.exe	99
PID 3244 wrote to memory of 5664	3244	RdrCEF.exe	99
PID 3244 wrote to memory of 5664	3244	RdrCEF.exe	99
PID 3244 wrote to memory of 5664	3244	RdrCEF.exe	99
PID 3244 wrote to memory of 5664	3244	RdrCEF.exe	99
PID 3244 wrote to memory of 5664	3244	RdrCEF.exe	99
PID 3244 wrote to memory of 5664	3244	RdrCEF.exe	99
PID 3244 wrote to memory of 5664	3244	RdrCEF.exe	99
PID 3244 wrote to memory of 5664	3244	RdrCEF.exe	99
PID 3244 wrote to memory of 5664	3244	RdrCEF.exe	99
PID 3244 wrote to memory of 5664	3244	RdrCEF.exe	99
PID 3244 wrote to memory of 5664	3244	RdrCEF.exe	99
PID 3244 wrote to memory of 5664	3244	RdrCEF.exe	99
PID 3244 wrote to memory of 5664	3244	RdrCEF.exe	99
PID 3244 wrote to memory of 5664	3244	RdrCEF.exe	99
PID 3244 wrote to memory of 5664	3244	RdrCEF.exe	99
PID 3244 wrote to memory of 5664	3244	RdrCEF.exe	99
PID 3244 wrote to memory of 5664	3244	RdrCEF.exe	99
PID 3244 wrote to memory of 5664	3244	RdrCEF.exe	99
PID 3244 wrote to memory of 5664	3244	RdrCEF.exe	99
PID 3244 wrote to memory of 5664	3244	RdrCEF.exe	99
PID 3244 wrote to memory of 5664	3244	RdrCEF.exe	99
PID 3244 wrote to memory of 5664	3244	RdrCEF.exe	99
PID 3244 wrote to memory of 5664	3244	RdrCEF.exe	99
PID 3244 wrote to memory of 5664	3244	RdrCEF.exe	99
PID 3244 wrote to memory of 5664	3244	RdrCEF.exe	99
PID 3244 wrote to memory of 5664	3244	RdrCEF.exe	99
PID 3244 wrote to memory of 5664	3244	RdrCEF.exe	99
PID 3244 wrote to memory of 5664	3244	RdrCEF.exe	99
PID 3244 wrote to memory of 5628	3244	RdrCEF.exe	100
PID 3244 wrote to memory of 5628	3244	RdrCEF.exe	100
PID 3244 wrote to memory of 5628	3244	RdrCEF.exe	100
PID 3244 wrote to memory of 5628	3244	RdrCEF.exe	100
PID 3244 wrote to memory of 5628	3244	RdrCEF.exe	100
PID 3244 wrote to memory of 5628	3244	RdrCEF.exe	100
PID 3244 wrote to memory of 5628	3244	RdrCEF.exe	100
PID 3244 wrote to memory of 5628	3244	RdrCEF.exe	100
PID 3244 wrote to memory of 5628	3244	RdrCEF.exe	100
PID 3244 wrote to memory of 5628	3244	RdrCEF.exe	100
PID 3244 wrote to memory of 5628	3244	RdrCEF.exe	100
PID 3244 wrote to memory of 5628	3244	RdrCEF.exe	100
PID 3244 wrote to memory of 5628	3244	RdrCEF.exe	100
PID 3244 wrote to memory of 5628	3244	RdrCEF.exe	100
PID 3244 wrote to memory of 5628	3244	RdrCEF.exe	100
PID 3244 wrote to memory of 5628	3244	RdrCEF.exe	100
PID 3244 wrote to memory of 5628	3244	RdrCEF.exe	100
PID 3244 wrote to memory of 5628	3244	RdrCEF.exe	100
PID 3244 wrote to memory of 5628	3244	RdrCEF.exe	100
PID 3244 wrote to memory of 5628	3244	RdrCEF.exe	100

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\virusshare\3\VirusShare_4675e87be15585e66b0c88b833dd9ecd.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1096
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:3244
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=20418D02D789F6EF801C6372B823DB74 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5664
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=1DABBD4A91E635CE1FECC5E5F0F9BFD4 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=1DABBD4A91E635CE1FECC5E5F0F9BFD4 --renderer-client-id=2 --mojo-platform-channel-handle=1756 --allow-no-sandbox-job /prefetch:1
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5628
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=12CA8DE204467452ECF08717702B976E --mojo-platform-channel-handle=2308 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3660
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=3E9585FA5665C2A5E200B6077B720025 --mojo-platform-channel-handle=1956 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1208
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=8AE07F4D56F4AEBDEA7D7768CA9EB36C --mojo-platform-channel-handle=2428 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3400
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=1C37B390CC6319F3D750237EE85A5A04 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=1C37B390CC6319F3D750237EE85A5A04 --renderer-client-id=7 --mojo-platform-channel-handle=2316 --allow-no-sandbox-job /prefetch:1
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.adobe.com/go/epdfrhprdr1_12_0_0?DTProd=Reader&DTServLvl=SignedOut
  2⤵
  - Drops file in Program Files directory
  - Checks processor information in registry
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Modifies registry class
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  PID:6072
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x2d8,0x7ffbc1ccf208,0x7ffbc1ccf214,0x7ffbc1ccf220
    3⤵
    PID:5296
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1980,i,17564895276301008590,15654430328036497924,262144 --variations-seed-version --mojo-platform-channel-handle=2284 /prefetch:3
    3⤵
    PID:4460
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2248,i,17564895276301008590,15654430328036497924,262144 --variations-seed-version --mojo-platform-channel-handle=2244 /prefetch:2
    3⤵
    PID:4856
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2448,i,17564895276301008590,15654430328036497924,262144 --variations-seed-version --mojo-platform-channel-handle=2904 /prefetch:8
    3⤵
    PID:6128
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3516,i,17564895276301008590,15654430328036497924,262144 --variations-seed-version --mojo-platform-channel-handle=3572 /prefetch:1
    3⤵
    PID:1156
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3528,i,17564895276301008590,15654430328036497924,262144 --variations-seed-version --mojo-platform-channel-handle=3608 /prefetch:1
    3⤵
    PID:2392
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4932,i,17564895276301008590,15654430328036497924,262144 --variations-seed-version --mojo-platform-channel-handle=5004 /prefetch:1
    3⤵
    PID:1680
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4852,i,17564895276301008590,15654430328036497924,262144 --variations-seed-version --mojo-platform-channel-handle=4356 /prefetch:8
    3⤵
    PID:6060
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3940,i,17564895276301008590,15654430328036497924,262144 --variations-seed-version --mojo-platform-channel-handle=5192 /prefetch:8
    3⤵
    PID:6084
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5496,i,17564895276301008590,15654430328036497924,262144 --variations-seed-version --mojo-platform-channel-handle=5476 /prefetch:8
    3⤵
    PID:5080
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5488,i,17564895276301008590,15654430328036497924,262144 --variations-seed-version --mojo-platform-channel-handle=5624 /prefetch:8
    3⤵
    PID:2948
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5488,i,17564895276301008590,15654430328036497924,262144 --variations-seed-version --mojo-platform-channel-handle=5624 /prefetch:8
    3⤵
    PID:5660
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5984,i,17564895276301008590,15654430328036497924,262144 --variations-seed-version --mojo-platform-channel-handle=6024 /prefetch:8
    3⤵
    PID:4632
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6096,i,17564895276301008590,15654430328036497924,262144 --variations-seed-version --mojo-platform-channel-handle=6104 /prefetch:8
    3⤵
    PID:3784
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
    3⤵
    - Drops file in Program Files directory
    - Checks processor information in registry
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    PID:1820
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x264,0x7ffbc1ccf208,0x7ffbc1ccf214,0x7ffbc1ccf220
      4⤵
      PID:3612
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1776,i,8167046094700131532,8245535216180893268,262144 --variations-seed-version --mojo-platform-channel-handle=2236 /prefetch:3
      4⤵
      PID:4716
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2208,i,8167046094700131532,8245535216180893268,262144 --variations-seed-version --mojo-platform-channel-handle=2204 /prefetch:2
      4⤵
      PID:1708
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2372,i,8167046094700131532,8245535216180893268,262144 --variations-seed-version --mojo-platform-channel-handle=2984 /prefetch:8
      4⤵
      PID:388
  - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4360,i,8167046094700131532,8245535216180893268,262144 --variations-seed-version --mojo-platform-channel-handle=4384 /prefetch:8
      4⤵
      PID:1512
  - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4360,i,8167046094700131532,8245535216180893268,262144 --variations-seed-version --mojo-platform-channel-handle=4384 /prefetch:8
      4⤵
      PID:3980
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4452,i,8167046094700131532,8245535216180893268,262144 --variations-seed-version --mojo-platform-channel-handle=4440 /prefetch:8
      4⤵
      PID:3020
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4364,i,8167046094700131532,8245535216180893268,262144 --variations-seed-version --mojo-platform-channel-handle=4380 /prefetch:8
      4⤵
      PID:5280
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4616,i,8167046094700131532,8245535216180893268,262144 --variations-seed-version --mojo-platform-channel-handle=4572 /prefetch:8
      4⤵
      PID:1616
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=120,i,8167046094700131532,8245535216180893268,262144 --variations-seed-version --mojo-platform-channel-handle=4580 /prefetch:8
      4⤵
      PID:5000
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4268,i,8167046094700131532,8245535216180893268,262144 --variations-seed-version --mojo-platform-channel-handle=4972 /prefetch:8
      4⤵
      PID:5868
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5104,i,8167046094700131532,8245535216180893268,262144 --variations-seed-version --mojo-platform-channel-handle=4988 /prefetch:8
      4⤵
      PID:556

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4384

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:3448

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:1340

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4388

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\5fb18c960fdc435dafda21bc4c637145 /t 5816 /p 1096
1⤵
PID:3528

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping1820_1093177924\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1820_1476095422\manifest.fingerprint

Filesize
66B

MD5
496b05677135db1c74d82f948538c21c

SHA1
e736e675ca5195b5fc16e59fb7de582437fb9f9a

SHA256
df55a9464ee22a0f860c0f3b4a75ec62471d37b4d8cb7a0e460eef98cb83ebe7

SHA512
8bd1b683e24a8c8c03b0bc041288296448f799a6f431bacbd62cb33e621672991141c7151d9424ad60ab65a7a6a30298243b8b71d281f9e99b8abb79fe16bd3c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1820_1476095422\manifest.json

Filesize
134B

MD5
049c307f30407da557545d34db8ced16

SHA1
f10b86ebfe8d30d0dc36210939ca7fa7a819d494

SHA256
c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54

SHA512
14f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
e2a3cb5acf29e947c1cccce186f65cc2

SHA1
c6b7040cfec3f8b7919f5693a2a0b3dc6c454d65

SHA256
575407f11876b720c2834a7897ab9ac990454cf10c258d9f0b536a6096301fac

SHA512
51790c997dd5ff319f6e490d08f98443184c7a987b0381d8bbab8a698f9eab9fe87142c09e1d2d77311ab95dfd760aded51c89bf7d9f7a012b63c46f67f7e8ee

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
36KB

MD5
b30d3becc8731792523d599d949e63f5

SHA1
19350257e42d7aee17fb3bf139a9d3adb330fad4

SHA256
b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

SHA512
523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
56KB

MD5
752a1f26b18748311b691c7d8fc20633

SHA1
c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

SHA256
111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

SHA512
a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json

Filesize
3KB

MD5
f9fd82b572ef4ce41a3d1075acc52d22

SHA1
fdded5eef95391be440cc15f84ded0480c0141e3

SHA256
5f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6

SHA512
17084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
01cc3a42395638ce669dd0d7aba1f929

SHA1
89aa0871fa8e25b55823dd0db9a028ef46dfbdd8

SHA256
d0c6ee43e769188d8a32f782b44cb00052099222be21cbe8bf119469c6612dee

SHA512
d3b88e797333416a4bc6c7f7e224ba68362706747e191a1cd8846a080329473b8f1bfebee5e3fe21faa4d24c8a7683041705e995777714330316e9b563d38e41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
2cc0fb195da3d01a4eda7ae527158cfe

SHA1
36d1a99e7e99cccbfd7528e5b0a7f6f71d8ea1c7

SHA256
f9f8121131eec8ee878beed5ff74370d0f2cafc973f3f18f93faeaaf9d21f809

SHA512
334d7eb50106cbc8b517236fa27cb9a86c92217921c7525ddb815b0ab305c3fb404bc774fdaf4be4d283c3ec483dbc12e68f18e3a40b109cc1ece1b7ed9ae8bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
c688607c1f6b63ab7803a6f898382a1a

SHA1
1b21ceda093e6011024110edfa4b580885ff0e52

SHA256
e5f2d12de0825e22b73700ead6bcc70c3399aa3e36dd68276e5e571caa51b9b5

SHA512
a3f7c5b2cb929c579d9d69d9243e84b43b4a41ed42e69d20d43a5028a602425e2fd8515fb0ba66a5e4c08a3f84af9b610ce54ce1b5189d170b179adf1761fe4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
cc29a8d5ac44f388abb992cb49d8e0cc

SHA1
8c8ab6cef4d8b964ad677d22c150b8e6a41dbe1f

SHA256
31e9141225398873a693280cd75377f0414c96e98ff17291bfbf03f8f1e56e2f

SHA512
02d81aa4f43d6c851f8ce9645a55fd212d5f74b4ce6481c645a0dfeec8b8bbdc7f4ece169ef65af4993baafea11e2fe3ad0ce55e3fd926e68b18b910ba69b8cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
36b67bcff9d620666d7177d2a9ed4ebb

SHA1
b1464a458728dbdc011dcaf634155ff48d247faa

SHA256
e21bd5ff5cf27d42f7b81fc645103a29a62a8cb2a7e38582d955da04415a80fc

SHA512
6f0e520a3ac8f50c3c5b1dcb35b8df0d8383cb2e9b62580c581ce616671476d57c989c6bd0ee9eed878f63f0c418a713c7c21a8cbbbaa23783c1c3b32b2f5bb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
1167970e1e422de2d4c811427077255e

SHA1
1f032189421cb1a9698533219077cf4e99ce1b6e

SHA256
8307980c6652ca9b8f20a4b64b52d97311201f86c6ca24737489b34901d23b99

SHA512
526ba1ae03d06aa3f085963211eab84505ccaa74de812db4e4f7be7d88b16c540598a2189288455a1657f7264725509a5d43d2155a26dda5965d93179446282d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_3

Filesize
8.0MB

MD5
ab81de16faa0f9a4182d75e67709fbce

SHA1
9152c0809abc924619ae286ad7cc5ba181d4c711

SHA256
c302dcc126ed5a48062cf5f4d8473dc6f5b40f5485b1e04313203a813dd8dd6d

SHA512
e727af26a0931b95d9023ad70eb38fe221d4d9e41285aec2e0116587946023d049ab9395ace4a8029a87a7435eb72d435fb982f70bc3158b7c722875780a6bda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000078

Filesize
17KB

MD5
4287dc9760acb67f79117a1617441120

SHA1
8ac1827d8a794b84a5841c512641b155efd9d095

SHA256
5a264b207c359c7b95988d1b15c1373b02c00a902326d31dfa1215f3e7962770

SHA512
e1a1f17a2de962f057a5edd0958c226b8fe9d865b9f648d61a5d3aefa25bb1e510a768baed3fb73567d29fa8387cf79ceda533b1233e22b0315c8649d64781cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000079

Filesize
91KB

MD5
17af537880c14eab73c5e11d649bfc7b

SHA1
c4e6ca8e9352348b7ae9da9d8308e642923e69f4

SHA256
85cbb3e643cb2fdf5e7daec92300589293554ba45326d65e33522b5f361c1209

SHA512
a4e2881551640ba88b8a1b5de1338552269c7342dfe43fa964521d47d94fe5e1c6d70effd432f6e08210bbc38d617053af38cd0c6c2787b7ad3a80b65442ae19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007a

Filesize
25KB

MD5
2993a6d3fb360d2059754bf3bb71107d

SHA1
443ef7c6204311d73c02d4514b3178cd3df53a1d

SHA256
0490f9ede2cd47c89ec584e8ea393c5fe2fe4318671abd56bc8f0a14f5b8708f

SHA512
0b1ff191dc4cb1c411af0b59130e8b35bd7653185393101a5feb2cd444144b071b7d7557c50de0e384567cb0b5da4d61fdaf579aa72db39925d815a26555baa8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007b

Filesize
172KB

MD5
d69d1c410905c79f2e92702644ae3010

SHA1
b1752e5bd2a7687609f4e18ce8a95578a0845876

SHA256
5a77025ddbf57cbe75149e7d2ecba41ad2b86f5cc28b2bf751d89c28d033038c

SHA512
98ef8570c3702b1e069979325f5dfdc56f93a88f858004fbbee192d3557c75ab5feed47b95b22e3146af17107171c4c13ae12c8df9c5d6a2f08068d8b8784e71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007c

Filesize
61KB

MD5
1a5bc1df9aa5608df9170dfb76bcd5f5

SHA1
e57c8b5de3d0d6133a4d0ed3918ef66302a92715

SHA256
8d613ec4d02a7b66d7eb4e6f631095768a11355def44c1447ad1282bc1ec0540

SHA512
57caba5c875514c2d8a8b6fed4fc8fbe17b8488262f6a2b0d2b48a5d33af6fe0912d2099bda01c5ea1d5e2f0a9c785a65062de18bd85be93722e90234841cb61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007d

Filesize
61KB

MD5
a81f6ff677be40d1f37510344b1ec75e

SHA1
e5a9e3b7c8ac5eef2bbf21ffbc342fdd1b2e0c70

SHA256
e0b7717e46411cd5dde0820b6d4e2fd623e53fb7c9a6222b3abfa165267cb027

SHA512
b7ff3bb8bf3592be734acb10b97445d6c691fbae92b394b30890b6f0acd2588477abbcc1130482dbc4f66557a4f73adaf8bfc586ca91998f92fb50da6f22c28a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007e

Filesize
24KB

MD5
f232a610f3103052f13d61f6dc2cefa0

SHA1
a5f6be8ca1b50d12aef321c46901d2e3bfd3f963

SHA256
14a2c9b8354c29e35a53352cfc02b2bd61ec88062ee2aa82d06c5e577fd639b1

SHA512
d0fda30750930a8f7e883727ebc05bc6904d89fc58ec40b479460f959de08e0a7b63e09c323bb8baae198f858cd5d072f1b74a8f4cd7a9f2f65b865ef19ece41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007f

Filesize
247KB

MD5
d90a6c13cefe5502dfd9abc6c2f18103

SHA1
2ed30b2944c1ad2c1cf351aa348bb8db3eb6f00b

SHA256
5df9d9b4eeec14240907f98935be7f80c24c154bf855dd0b4045248cce96aa95

SHA512
b8e6bb0c94b072a02300d2fcfc50bf67a3ac20b6716927fcc18500417bec09d1fbbd59e47a921a4dd27137f6bc4fe9e7ce0c15cc975b61ffc4e7652be3f4c9b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000080

Filesize
136KB

MD5
c974017dd7ab1dfe5489d60d2ee68082

SHA1
7ebe08e356f26b366271a7880a70b2746e0b2259

SHA256
9d6ba1b7a5f2090199fada8b285cdadfd3caa0cd50401f66e8af04b6c2a70de1

SHA512
98d22983b50b152ccfb7b7b950e12a11d8bbf3c9d4d2088c6cb79c3221ee9c8a0db8901dfff2d131beee8de4289dfc850382bbe98adc6c9f72f24e6ce955b147

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000081

Filesize
19KB

MD5
5e5ae2374ea57ea153558afd1c2c1372

SHA1
c1bef73c5b67c8866a607e3b8912ffa532d85ccc

SHA256
1ef458d087e95119808d5e5fecbc9604d7805ea4da98170e2c995e967da308f3

SHA512
46059e4a334e0a5295ebcef8401eb94b8fa0971b200f0f9e788ed61edae5018c917efd30b01631cbd6bdadc5240c9fcad2966ea0aa9c94b538bcc369e10bbbaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000082

Filesize
191KB

MD5
eaebb390ddb3b1c0e07904f935d29bd9

SHA1
dca8da5b24b1b18b3c8dbc2523f5d145fd4dae13

SHA256
9478515162e79256323883a5092b39e0045dc8213d7dcf7be5dcc1ec5b70e9e4

SHA512
e2dae28c4661b3bb65b3811803a9396e1c9b16eb187b60f2d4d1a8cc65e2ad6ce0931a48e942b5d920bdc263ea939b9164b649edc3752e83daabef9366a186e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000083

Filesize
102KB

MD5
d441353d80fbb83e954c032b4ea97aee

SHA1
913604f63aa6ae284b57b1cd03e0df51c366bc6e

SHA256
2e60f3b1fe7dc64e722a5332e1f58a3337500266b6072d04c2609cca84da0508

SHA512
01701a9bc782f8f04667b0c255722140095fc14ce69291b9a38b93e9458a5711705a1cd9a76267fc4b6acabe58f6901efabea5e5045236f4ad476225e6bdd938

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000084

Filesize
103KB

MD5
93f8df34eef00e26f86837395708e2fe

SHA1
a68f05ad85fd98477ddfb513f334f1bb5c521aa7

SHA256
e79534267b09e887a6a4290000f3aa10f61eb441e6e82e33c8f4f481743b8679

SHA512
59d52d2d293d557aa38cc32f2848317dde6b6cafe71e68b54cc1a0724c447d05145ec18a37a604bcf572b252694bce25fb823011d5c9234ca25f938535cceeaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
347d8e6d464733151f3548e75f67ce79

SHA1
04e4ff2be894a830d72e771ca8d112bc574d3345

SHA256
778d7ccd3f643df8c39c2318dae2d1296bfaaae3f7b1e6bba42cd6f50e62cf4e

SHA512
8f9cf757cf13c2df42065979ddfeb656e21e8ccd09952fe29b4272a92adba4dceb0dfb48f0ede4dbbf96fd2a48efeca968d3b1187b4198b910af1303759fc211

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57e704.TMP

Filesize
3KB

MD5
8944cb42f4bc6a9384bb1cfef3b1332c

SHA1
961b36e0c4030d5373431da0a3d7d12df3213589

SHA256
c7cd7cd1ae46a35d7c6e7e0e4c8678b10f32ae9adc0811114353a5b1c1464d32

SHA512
7253df343a3836a5fdc0509eb24054171d65c94fdd8b9b8b5ec11c89d4f1ecb5e437a36ceae8efe0cb370a82f8fc8c1510b5e6637b287f27b99fa86c71201a90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DawnGraphiteCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

Filesize
456B

MD5
f23d2df21a39aa8d814cade6c37856c8

SHA1
233e65707015a53f83a0d53db03a4af8fab21ea6

SHA256
c5ce9aaf8ffdcb8a00463a7bf24001885e0a792f110c8db74a1e2f4392cb0e31

SHA512
a7b50b8cafba80f6baca44b260f8379852c4176f3dd57168812f3b4b811d2ff340f09f8ce625cc2adecab2851cc33725cb729548a3da98b041387c7952077918

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
322B

MD5
1ed446fef6cc0c0dc53a8ea35048420c

SHA1
3026d8a2f04d68cae0955e34f7e819f61e4c2494

SHA256
d09ce411cd76fa1eaf9397ff88eacbcadc3f26337456c12ad8be4c79f2f961a9

SHA512
b9a66318254392c734626dd6ea17bae6aa47e957264e67448eb614deec05aff8d12fd6bae4c4b09c1bf255131c1a0fd0c1e583cf59440140abb5a023f340d601

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.90.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
7d1332de820be7b0eddbc36101553efc

SHA1
02b4c09027aac057238231f57ae8f25a41e818aa

SHA256
a41ecb89f2ac7b32b703495c0ad2a376f1035ab93f8f44c3b11c8a9436c508f4

SHA512
04dafaa0849216d5402ffc4fba32a8c0b71553e0e68f34b12b2c895598130a58bc8baf0ffa6a3a20d5fbf0404c27096ffea04617ee28c026fa657cfde77c82b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
2b66d93c82a06797cdfd9df96a09e74a

SHA1
5f7eb526ee8a0c519b5d86c845fea8afd15b0c28

SHA256
d4c064db769b3c109da2ed80a53fbab00987c17421a47921e41e213781d67954

SHA512
95e45c0aea0e704be5f512dffaae377d4abef78da99b3bca769264d69be20f2570daf2f47905645217e1b2696e42b101f26149219f148b4d6dd97a6c2868b6f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
328B

MD5
c15e14cdbaa9fae6d554b78feaeab5eb

SHA1
f8eb066eb42290a77c70b6c6a52ca8829c0de9eb

SHA256
a1025463bd15d96486ad5adbc3182bc7897cee46fbba526e654f191c722a20f0

SHA512
2fa6d95820dc8158f49cb265fbe5d217fc896391078495927e0379b216f33d78fc31430f88009d10cc68612ddd8b9b04b10b8a457fef2447b03e95736a6f6ae3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

Filesize
28KB

MD5
71935a831a873714356ef230eba8456e

SHA1
d455b444d8f574ee9d0dd6ac1eb0c6930bddc128

SHA256
dfb471bb2117341f95ece34dea6f963e0838a3e290280360a74a7775c06945e9

SHA512
eb794170b27ca32f695a7aab5e6934d921086c7552d4a5a258ced0006c3ad47852d634c10d2a94bb9cc997e3eda0a06a65dc5448ca2a663bbee595aa5c397cb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
e9507de37a0248901e93cad4ff06c9ca

SHA1
41800f49cff92f469d74cbf9fbdf90e3ea66f317

SHA256
75b63b7330750375021ff664a6bf4fdfe76267f290e847f80ed15512192612ca

SHA512
2691b5aa992b48453350a8bd79e02293e21046f9f740b6c9dfdbd91d58b347e98c38ebefe567cbbb2e6e7bf2ab88565c78720469c9b56a0d8a37d25e6e9f0442

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
2b0093f76bf4045fbc328cfffb1489d0

SHA1
5af6dabdc763c0dc72d7de4cf5e0a22c4ce1c467

SHA256
ad31d01e7861646dceb54e180cce811743f4a598718010558e8bb06d54980e0a

SHA512
c00f2e8f87f62f3d7e03fc358110617c8bf6470ec7db30e7bf46f43951c2c27e7f532d703e1c97e6dd175420cc7e55ba386e0a1175fdb03bace45e05f0eeaad6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
1024B

MD5
301b0399fa14962855dd678a15e02c02

SHA1
859d239c8139ee120b5faa0a9bd5183eb908d560

SHA256
77b9b2851d9e1b4ce4860b5c317780598e9cb667009b617bd57573118adc7568

SHA512
e4ff51da19362f73bc33a5f82b1c84659d979c2f238e700bf2cbd3030b7c417c36d0abca82b24b327197fe368b95d8d1c1978e3a7793186d377976997727ded0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
5f35c18ed85871cf6f68c06e2cb359bc

SHA1
e07d85676a979dacdcc0f9bb4d553c841e360480

SHA256
87bc1ef0e4aa42386309feedb7541bdbcdae0a68b235e16cb00631615537f16c

SHA512
21d93af6e7f3eddf1f41a55771d1053ace114f6746b2e668cc8060d4224d11122e60f05f6f30d89047bac7d0af6ad2015042c3f8ffd8d65a16bbadc95dc96d72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
1fb35ccea204f12ae5f8e7b2e1473c86

SHA1
7d27b908b42b42f3cd4771de559c8bc81305dd86

SHA256
65cd7710711a25665edbfc55a785b1e210ec47053afae34a6cbcfe2493c9ab7b

SHA512
12b3cb98bb3973b85775bfae6b185e14907585a7a5d29abfed86c41325c261ca8bc9287ce473dd267355f8c75efb957cbb7e37df98ff73d607b65f5135cecc56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
72c207a32b7d58a481eb187d1c163276

SHA1
ee996f61f75b394bb81846caedeffc1e3db6bd84

SHA256
683f265c1cbd0665b4c44adc438a8c41d046248a11aa754c6a2291b9430ed580

SHA512
ebad3f8dcec70756e1ca670dc775809c09ea3756a54630a6fa1358001917b65a04910548b8225ada8fbeff65e25d8f3a1ac6fc9f2a69a06e99eeb2375cd8a99c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

Filesize
335B

MD5
56c09bb4dbf9ab529b54b08f3259c5cc

SHA1
0c5d8789d23913fcda6a3004a0cb14f03e9a4a36

SHA256
8a15c7ce9705af34f581edc35f9ad489f4229758cae07dfc8ef0b850fa77fbf8

SHA512
c9fbc035e82dab94c482436affc1eca35755866c6f0aca8af412785cc4d6c0d624bd0fc2ce8f55e7436d36d44d8961469900508e185102e9a5dc3e726c21fae6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
657254200306c74e65bfe8f463b342fb

SHA1
dd6f983664a110943d75411495716b0212fd69ad

SHA256
ea3986d9df4e7bccbdeba12836a1c7251eaf8f58c40e67d62d7365b368412163

SHA512
f842269c716b334da36d2d372b3808be7759d2fc7bcd6ab71e31161bd34ab7d788c5b207fa54247edfafe7fc69aa0b90ec41d95c052d166222daa054af54c797

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
498468d1c725d8bd480e811126585c8e

SHA1
5b4679789b68a01bc80754a2df44a4a141a1bfda

SHA256
48d30cef8dd333c60693049da7c1eb184f78bdc647f872b4a891d9c98b3ff7ec

SHA512
4e45b74462dce267449ba11864455af491ae874645c982afcfb597a702bb635132af64f2279bf6f001b5d9d29b1d47188160cc3bbc5242fdc98d836be5935014

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
aaece3142f7a2e81ec71972c7bff2a0a

SHA1
c765d01473a43e12ef59df0befe0064eb7cbab46

SHA256
13845cb31d4433a4eb52e883717fc2a7fe7873e58395c1d890785e43a7d34d8b

SHA512
95a605b8b44aa6c098e2fc2cc57ef310d83753ddb9df4392a22b8e15c0c57e01f731f4f07bdcee3d90fa0c153ffb77dab424703fea3279d8515c625ce7dc9105

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
607773d0ce0f78cdd7eaa3181a78095d

SHA1
cc878de06141f814ab2ce3366c260a1ecdf553d3

SHA256
a2636d1c1915de25e8363b33049adf3cd3793723bc4ff1bff49f47196815e8de

SHA512
d22eba5b0a209fcc95148dde28ea9e9ac6fee07d889835b4067b5e5c1578eb0c214767c638f581c7ae12152dddab2d10214e0e13d8ae69ca3a7b79a15b04b740

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\default_cloud_config.json

Filesize
12KB

MD5
18261eb12378081f939fb9415ca0c9e1

SHA1
20d4ff782e17fe45e71c3f9fc60a94655f72ec7c

SHA256
12bbeec9a0af9e3ed945b28b9b8ef89b2f897768d1ba3ffd6f3fbb42fa5bc556

SHA512
fef634b4ce77c2f36ce1bdd63e8ac28e76cd089f0bff33f4425c757ddf37fe9fab30dea7b5bb51c91eb27012cf78800e03643e13d51a25bf624ce58ab3488a80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e13d303f-e554-4c1f-92cf-60027a7a89b4.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
10KB

MD5
6d65aea8ca3919c587224f6f38ca3793

SHA1
6c83546ac0d497d280a9be9ec9d51840803a85b0

SHA256
46f44c4d7ebac155e9f7100fffa191e61840c52144f0a30e360fbd28d88291fe

SHA512
ab1a7e4ee97c305165b61540aa25f67f12a8afc20698ab4bf8d8eb324951f97616201cbc5999b37214875c9e0f2994caa7f9da5459b510db45b0fe049af9f278

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
322B

MD5
73fc35ffea9349982de0149d6de7ee29

SHA1
661429fa8bfb1f30d6da627093bc61993da62668

SHA256
6cf398c497c8ca680e1c85d516314b6d32063009f1012e30115b8b12e9c9f6e9

SHA512
4187d25bd1e27bfbbf000cd44476e7b6394516c5710a874a85bc27318417915ecff8f10d35e8c77e368e087aceb3fee84f11c5a8d11a9ffd75455022df0c62d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
1KB

MD5
97ba8d3f47e12a43cec79c44cc40dc16

SHA1
78991d4835e2b1fb3c8cde560b365b2f3107611a

SHA256
6d635e280d718ad42b604293865e02586d04473280ef2699e88eeb31486a4667

SHA512
004ff6941bc8bf802a8d4704fde78ca91cd72db14264469814b4819b553e05d5bceea5fff8555b69e019b30a408324e1e8bf6d46514b0287009b821c201577b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
340B

MD5
5c9325468e03fcb0965a6f6206ee8912

SHA1
c044bd8db0b445e7b6cc2485145592f47ddd0f39

SHA256
23554d12473760c7f7ac6f7ed8a5564b201363e8c471986a108238229f1e3f5f

SHA512
48fa5fb810d2da4a74e34afca9ec222a52746f8e2361164e46a68dd1cfbf49d5f1aab0bf2259e1d86dfbdac9d780ae55732cd8c93ce7b7e71ebcb4224963d7c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
465B

MD5
ad19c797c47ab91d2f2ca6e423535ad7

SHA1
c20089d87e1f7e8d22028f3b27ef85b57f03ff2b

SHA256
ac44c1c44f738aea0ca60988ccb181bbdd8b889e309bdc87819ba9daaa5faae9

SHA512
4a5e4b13c1e84830d28d6aa99c37f19254d2a8578fcc43630615fb7dcb43edcc159dc6774eb8c3d19ca48aab3f6cefebd14ff41229a8096441ac578be97a4f16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
896B

MD5
1abb14daf26f4982746192e7ae8d89c3

SHA1
75059896c7b0291ce22f7d0c6421b6365459c8fd

SHA256
35d5e25f95e1de7068cb4861b8b7cfde3afaae8bb2828a36fcb97db0ea289085

SHA512
51ff729dc53f45623d4ee20a9b9691ee36095183506403f3453f5d8eda5a636851b3e322edcbb0a33afb95dc06caff242a380bc742bd1d6e949f2c7901f42004

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
bd9971e11e7de5e006e59c88f336340e

SHA1
2b717cc8d4e5e978b0c425f3b34cda296ce961f7

SHA256
b158e131095c990805f39d7e33d2e3fd0f64e4f833cfb27f27e2ff68796271ae

SHA512
7aa5b2b02267e99613148390dc4f21e8acf746aff0104f1dc076c9699fadf2aa8783bd9e7a9aabe33a2fc8be02f4e2576ce221e4c9c4f9ee5c98e07d7a63629c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_0

Filesize
44KB

MD5
92e42f868be88119d7aebf09521f5f58

SHA1
bbe825b8c0a5a1566efb1eac3280d51e13bce2f2

SHA256
89d3854d9fb46bd6aac30c6675e447e10692b8db6b941be30805e966895c76fb

SHA512
396d56cfc9c898ffd1ccb5f4615e0b38e8c475f2cf58eb6d04508f6c4f5f344b36bc7e7ee3c9eae01021a1519584dedd6bab7ae4f5129b8cd806fd3cf515521f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
76b3427fa7a1a6de61e4e085045f7b7a

SHA1
35b6202b50bd932862fb33920dbade3e5e92aab5

SHA256
0a225a0b2922e33cd2f1a4a0e2acf3a2c2f905f3bf5d89d5578eaaf243842d10

SHA512
636ca363e48d2eaa2d1702b95f377f7fdf8e56f7403379a5a50bbbd36f77f087e2fa31cb18558b2f65f6eddea617d49f3cfdc6cf1338336cbda98fbbe08a1c6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_3

Filesize
4.0MB

MD5
cf5c0cede2e454c4888ca67a99bf36cb

SHA1
02bcb47633c49651a6eee4fb6a5bf474842e8b9e

SHA256
8adf876d927fb2b146d953ae8a3a1bfce05dd82db21b2c38b1117f495b9bd0d4

SHA512
6dd211946e03b1d6f0a98d2ceb12598c96587f7e30a792aef4d634fa5f3689fea9c643fbe16f6241e972027f3b321d59d5d47cd420e4fce04e2704b1b29428b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_1

Filesize
264KB

MD5
db98fcbfc360dd6d401468dd4bd1661b

SHA1
c87a73269a68c95fc329a72a4805d7a7cd5ecc84

SHA256
717bf4195deeb58c2b2125a2c08a15d1be18f149ea6fcbda18611c13de8b4fb0

SHA512
9de4e9ace343a2b3ba84f580ae298eede6999c9b75ab50874ff847baf3e1d16ec8cc0185ef33cfc305600ad46f90510a65d255274d4b98651e9c468a0075cc4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
13B

MD5
3e45022839c8def44fd96e24f29a9f4b

SHA1
c798352b5a0860f8edfd5c1589cf6e5842c5c226

SHA256
01a3e5d854762d8fdd01b235ce536fde31bf9a6be0596c295e3cea9aaf40f3dd

SHA512
2888982860091421f89f3d7444cacccb1938ef70fc084d3028d8a29021e6e1d83eaef62108eace2f0d590ed41ece0e443d8b564e9c9a860fc48d766edb1dc3d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
b80f5f725ffa290aec96ad772d7bc3cc

SHA1
eb602d9ad677998bdc99183c8d25d1615241f099

SHA256
ccebf5a0760396dfe2c9c4e7f89c15ad5c060677c39cb7b25c2255f66d7a3604

SHA512
5d92377a7a18bf8a84f68b9079cc7087d454672cb62721fe45c2c3133b7c35f1d33d037bd82a08ddd21399a88f8a3736da14ef150b8562b8c8fce04a5db6e6c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
7bcaa1ada9e5bde6ceb68c9751fc2a7c

SHA1
54227d55450bc23e304c771544b83dbecceb6877

SHA256
d61e194b0825d7759008e754b90546a54403601c19410d72af69420e238d6062

SHA512
2cf5f3ebed94af6ab4e8df9dab8dc9e4e512a142a2fd39afdb3cfcdf410483a5bed53059c19402a7232e91d22938626bfe9eac9b15ecec38d43ee2b79015f82d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
f17af836ec6a3379383c385a98d80b60

SHA1
2e3dd6c83d92c668ecc5e82b75a0f766a84b77b9

SHA256
9242f23683518ad8fde1a13e2d343d4992af88227f5994b213cc25816fc509ff

SHA512
96c52a6faef2de4af5eec7b433e4fdf2787b6abf90c4b114b0644c1cabe1ea61998d58281ed9159b15688b31e4e3b2d16d6dcc00a8d7a52b943b5949f6f617db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
76c7f09cadcb5cf2488cff056a322732

SHA1
78429d2093e8777cc73471e7b875ff00d3e5b1a1

SHA256
c5657ebaabd7b771bc660c7cde423d75428a8ab1222f44efa556a87df7fc62cf

SHA512
f2f42f1688adf41b565189b90a11e9422d088f7961aaf14bd907606bf4e18aaf5b2ca015ae2bf3971bbaa57625d3269cb4dc0495dd75471c46521650be6c15f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
18e3cf0a448d09f0dee713c592587bf5

SHA1
0cc7fb0094b74223c5bc9957b47763023ad53af5

SHA256
3cbeae4f73e50413eaabc2e45b67a625a36e2959a3a6214ee0dd717da5c60a99

SHA512
48508d6358afe5db3d37ad79c929f9395d8d9f4e9feed2e9eb9af1b6813c9e631d2b4688f9a14c27f1fcfd06664e30c36b3affe6ad21f9b765677b6fa06e5c07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
0a16560b30fe2df86f31a90386cb4ed0

SHA1
edc04930013c82c915c52111c25a3e81f099ffe6

SHA256
c3bbaedbe9f612c58b6227e425708d1fb3ff5357188db1016c2accafa3aa4d1e

SHA512
f59cf51118360188559a56f599daa7ff21cb110a257422deee3a8beeffbefa76a41ae83a0bdf261fc63f7a88227014e49d0eb10619b19ec452d3d68387f6409a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
18e18c6c43919feb0f1894a08d92c4d9

SHA1
263df5fe8f43970fad09c54cf7a13ab296d30483

SHA256
f99ca610ffe39a88a91811078ff5994096eff397bb1bd42878c1efd43ff69c34

SHA512
73c654b662420a63d0100034188f0207e22533493dce2cabb35c833b3d239afa8476b2fe3235f0669c8bb8bc0096d4a16209332cf5e21095a1562c6b94c358ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history

Filesize
20KB

MD5
522989196370e643910207f31d0a4cf2

SHA1
495848d443ec649a41cc73166ffc2c1db7ea5cbb

SHA256
0017f9777ee120788bcab32642dda0a2866846410b089e44ef0e4fe32108bab5

SHA512
1f5ef51065b169001080907620150d8086bc28cc9e04a4184246470a8226a8f15e785130f39eddd74410856574c09123902a935fc87c81a063ed2647b42e7dca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1

Filesize
264KB

MD5
1fd4167a680a76ec18d5d2538779ae16

SHA1
091338bbbb74032a431a824a5919ec20cb7d0bfa

SHA256
7061ea33a1bf5edeae3a93561e35864c15fb0f2fc6e4f6d5709e035f001ca6a6

SHA512
6cf6d33c4f1758d993338dde73e2ba053cf783e4536c7ee8b35b250cc2751b3addc1b76d4660d02153478b95e05ad7d160b2547154b217d36f3e317ba28b8e99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
06e0d8f54a65f11d850a7521c6199c9e

SHA1
beba791647c24e112a5a166b273d764641ec2282

SHA256
1def643ca3df91203fb07e8ddc65fba213997d7d8cf751c6f4ed9e2fedde6704

SHA512
67bdc33423a7d966d67d2e6c69f7e6381eb53b582d1393a8deb755485dffd29fe225ab9b1ced7fd0ae9267a6f081ed2b52e7eff7ab7463903f7e29508b334069

Download Submit