487f4dd9bdbe94a9cf1a04a8fdec19f16f86864d05d06f0511544b3ff68c850c

Resubmissions

13/04/2025, 09:28

250413-lfgr4asqv7 10

13/04/2025, 09:23

250413-lcs1ysspz5 10

13/04/2025, 09:21

250413-lbpbdas1ct 10

13/04/2025, 09:16

250413-k8wahsszfx 10

Analysis

max time kernel
66s
max time network
68s
platform
windows10-2004_x64
resource
win10v2004-20250410-en
resource tags

arch:x64arch:x86image:win10v2004-20250410-enlocale:en-usos:windows10-2004-x64system
submitted
13/04/2025, 09:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

virusshare/3/VirusShare_4675e87be15585e66b0c88b833dd9ecd.pdf
Size

32KB
MD5

4675e87be15585e66b0c88b833dd9ecd
SHA1

b2c62b3cdc97ca86df9f06ea78bc4c59439d7a9b
SHA256

77e2bcef8ff0e68646b27591faea3e15b4a09154d0611a5004ec028df5f36256
SHA512

433f88857e55d57f01230dabb3ca5c618311c45e93c82786ab2677a7d2522e91343bcb7f8df02c83abcc9d431e0bd553022b05ab1f7c2c7f05d621f07a7e19a1
SSDEEP

768:YJ7cDLXeFL/i6XV7JCzYLggXw2E0Ua20dZU57DsM1uBsYJyWOOX8ohjaSD2stCQB:0c/XcLF8E5Z

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133890097607340406"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3027557611-1484967174-339164627-1000\{5310C55A-1117-40AE-8A65-5575443E0FFD}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3027557611-1484967174-339164627-1000_Classes\Local Settings\MuiCache	RdrCEF.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3027557611-1484967174-339164627-1000\{68C34141-FF46-4E23-9F96-DC64BCDC2D18}	msedge.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
1564	AcroRd32.exe
1564	AcroRd32.exe
1564	AcroRd32.exe
1564	AcroRd32.exe
1564	AcroRd32.exe
1564	AcroRd32.exe
1564	AcroRd32.exe
1564	AcroRd32.exe
1564	AcroRd32.exe
1564	AcroRd32.exe
1564	AcroRd32.exe
1564	AcroRd32.exe
1564	AcroRd32.exe
1564	AcroRd32.exe
1564	AcroRd32.exe
1564	AcroRd32.exe
1564	AcroRd32.exe
1564	AcroRd32.exe
1564	AcroRd32.exe
1564	AcroRd32.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
712	msedge.exe
712	msedge.exe
712	msedge.exe
4372	msedge.exe
4372	msedge.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
1564	AcroRd32.exe
712	msedge.exe
712	msedge.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
1564	AcroRd32.exe
1564	AcroRd32.exe
1564	AcroRd32.exe
1564	AcroRd32.exe
1564	AcroRd32.exe
1564	AcroRd32.exe
1564	AcroRd32.exe
1564	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1564 wrote to memory of 5004	1564	AcroRd32.exe	91
PID 1564 wrote to memory of 5004	1564	AcroRd32.exe	91
PID 1564 wrote to memory of 5004	1564	AcroRd32.exe	91
PID 5004 wrote to memory of 4828	5004	RdrCEF.exe	92
PID 5004 wrote to memory of 4828	5004	RdrCEF.exe	92
PID 5004 wrote to memory of 4828	5004	RdrCEF.exe	92
PID 5004 wrote to memory of 4828	5004	RdrCEF.exe	92
PID 5004 wrote to memory of 4828	5004	RdrCEF.exe	92
PID 5004 wrote to memory of 4828	5004	RdrCEF.exe	92
PID 5004 wrote to memory of 4828	5004	RdrCEF.exe	92
PID 5004 wrote to memory of 4828	5004	RdrCEF.exe	92
PID 5004 wrote to memory of 4828	5004	RdrCEF.exe	92
PID 5004 wrote to memory of 4828	5004	RdrCEF.exe	92
PID 5004 wrote to memory of 4828	5004	RdrCEF.exe	92
PID 5004 wrote to memory of 4828	5004	RdrCEF.exe	92
PID 5004 wrote to memory of 4828	5004	RdrCEF.exe	92
PID 5004 wrote to memory of 4828	5004	RdrCEF.exe	92
PID 5004 wrote to memory of 4828	5004	RdrCEF.exe	92
PID 5004 wrote to memory of 4828	5004	RdrCEF.exe	92
PID 5004 wrote to memory of 4828	5004	RdrCEF.exe	92
PID 5004 wrote to memory of 4828	5004	RdrCEF.exe	92
PID 5004 wrote to memory of 4828	5004	RdrCEF.exe	92
PID 5004 wrote to memory of 4828	5004	RdrCEF.exe	92
PID 5004 wrote to memory of 4828	5004	RdrCEF.exe	92
PID 5004 wrote to memory of 4828	5004	RdrCEF.exe	92
PID 5004 wrote to memory of 4828	5004	RdrCEF.exe	92
PID 5004 wrote to memory of 4828	5004	RdrCEF.exe	92
PID 5004 wrote to memory of 4828	5004	RdrCEF.exe	92
PID 5004 wrote to memory of 4828	5004	RdrCEF.exe	92
PID 5004 wrote to memory of 4828	5004	RdrCEF.exe	92
PID 5004 wrote to memory of 4828	5004	RdrCEF.exe	92
PID 5004 wrote to memory of 4828	5004	RdrCEF.exe	92
PID 5004 wrote to memory of 4828	5004	RdrCEF.exe	92
PID 5004 wrote to memory of 4828	5004	RdrCEF.exe	92
PID 5004 wrote to memory of 4828	5004	RdrCEF.exe	92
PID 5004 wrote to memory of 4828	5004	RdrCEF.exe	92
PID 5004 wrote to memory of 4828	5004	RdrCEF.exe	92
PID 5004 wrote to memory of 4828	5004	RdrCEF.exe	92
PID 5004 wrote to memory of 4828	5004	RdrCEF.exe	92
PID 5004 wrote to memory of 4828	5004	RdrCEF.exe	92
PID 5004 wrote to memory of 4828	5004	RdrCEF.exe	92
PID 5004 wrote to memory of 4828	5004	RdrCEF.exe	92
PID 5004 wrote to memory of 4828	5004	RdrCEF.exe	92
PID 5004 wrote to memory of 4828	5004	RdrCEF.exe	92
PID 5004 wrote to memory of 5032	5004	RdrCEF.exe	93
PID 5004 wrote to memory of 5032	5004	RdrCEF.exe	93
PID 5004 wrote to memory of 5032	5004	RdrCEF.exe	93
PID 5004 wrote to memory of 5032	5004	RdrCEF.exe	93
PID 5004 wrote to memory of 5032	5004	RdrCEF.exe	93
PID 5004 wrote to memory of 5032	5004	RdrCEF.exe	93
PID 5004 wrote to memory of 5032	5004	RdrCEF.exe	93
PID 5004 wrote to memory of 5032	5004	RdrCEF.exe	93
PID 5004 wrote to memory of 5032	5004	RdrCEF.exe	93
PID 5004 wrote to memory of 5032	5004	RdrCEF.exe	93
PID 5004 wrote to memory of 5032	5004	RdrCEF.exe	93
PID 5004 wrote to memory of 5032	5004	RdrCEF.exe	93
PID 5004 wrote to memory of 5032	5004	RdrCEF.exe	93
PID 5004 wrote to memory of 5032	5004	RdrCEF.exe	93
PID 5004 wrote to memory of 5032	5004	RdrCEF.exe	93
PID 5004 wrote to memory of 5032	5004	RdrCEF.exe	93
PID 5004 wrote to memory of 5032	5004	RdrCEF.exe	93
PID 5004 wrote to memory of 5032	5004	RdrCEF.exe	93
PID 5004 wrote to memory of 5032	5004	RdrCEF.exe	93
PID 5004 wrote to memory of 5032	5004	RdrCEF.exe	93

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\virusshare\3\VirusShare_4675e87be15585e66b0c88b833dd9ecd.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1564
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:5004
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=127EFBEB1B1073635884291B43B736C6 --mojo-platform-channel-handle=1732 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4828
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=BF7CC2039844022CFF2972D3A907E25A --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=BF7CC2039844022CFF2972D3A907E25A --renderer-client-id=2 --mojo-platform-channel-handle=1744 --allow-no-sandbox-job /prefetch:1
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5032
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=9E834076ACDB522068372F797B76C0DF --mojo-platform-channel-handle=2308 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4316
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=5F060DC719947FC583DA883AB2482CAB --mojo-platform-channel-handle=2296 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5792
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=7D4528DFCA5476046B7B654266039003 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=7D4528DFCA5476046B7B654266039003 --renderer-client-id=6 --mojo-platform-channel-handle=2312 --allow-no-sandbox-job /prefetch:1
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4228
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=B9A3A54603CA31EB28CE191CF420742F --mojo-platform-channel-handle=2516 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.adobe.com/go/epdfrhprdr1_12_0_0?DTProd=Reader&DTServLvl=SignedOut
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Modifies registry class
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  PID:712
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x2f4,0x7ffef016f208,0x7ffef016f214,0x7ffef016f220
    3⤵
    PID:5096
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1792,i,11343577811918198698,18299371618770228641,262144 --variations-seed-version --mojo-platform-channel-handle=2284 /prefetch:3
    3⤵
    PID:2092
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2256,i,11343577811918198698,18299371618770228641,262144 --variations-seed-version --mojo-platform-channel-handle=2252 /prefetch:2
    3⤵
    PID:2412
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2580,i,11343577811918198698,18299371618770228641,262144 --variations-seed-version --mojo-platform-channel-handle=2704 /prefetch:8
    3⤵
    PID:1584
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3488,i,11343577811918198698,18299371618770228641,262144 --variations-seed-version --mojo-platform-channel-handle=3516 /prefetch:1
    3⤵
    PID:3024
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3496,i,11343577811918198698,18299371618770228641,262144 --variations-seed-version --mojo-platform-channel-handle=3524 /prefetch:1
    3⤵
    PID:4328
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=5004,i,11343577811918198698,18299371618770228641,262144 --variations-seed-version --mojo-platform-channel-handle=4960 /prefetch:1
    3⤵
    PID:384
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3560,i,11343577811918198698,18299371618770228641,262144 --variations-seed-version --mojo-platform-channel-handle=4500 /prefetch:8
    3⤵
    PID:2836
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5168,i,11343577811918198698,18299371618770228641,262144 --variations-seed-version --mojo-platform-channel-handle=3476 /prefetch:8
    3⤵
    PID:5428
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5552,i,11343577811918198698,18299371618770228641,262144 --variations-seed-version --mojo-platform-channel-handle=5592 /prefetch:8
    3⤵
    PID:6056
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5824,i,11343577811918198698,18299371618770228641,262144 --variations-seed-version --mojo-platform-channel-handle=5848 /prefetch:8
    3⤵
    PID:2728
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5824,i,11343577811918198698,18299371618770228641,262144 --variations-seed-version --mojo-platform-channel-handle=5848 /prefetch:8
    3⤵
    PID:452
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=704,i,11343577811918198698,18299371618770228641,262144 --variations-seed-version --mojo-platform-channel-handle=5668 /prefetch:8
    3⤵
    PID:716
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5876,i,11343577811918198698,18299371618770228641,262144 --variations-seed-version --mojo-platform-channel-handle=5848 /prefetch:8
    3⤵
    PID:4444
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5688,i,11343577811918198698,18299371618770228641,262144 --variations-seed-version --mojo-platform-channel-handle=6284 /prefetch:8
    3⤵
    PID:1176
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
    3⤵
    - Checks processor information in registry
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Modifies registry class
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    PID:4372
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x260,0x7ffef016f208,0x7ffef016f214,0x7ffef016f220
      4⤵
      PID:3376
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1772,i,1825532062383832638,3006626416827691481,262144 --variations-seed-version --mojo-platform-channel-handle=2176 /prefetch:3
      4⤵
      PID:1592
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2032,i,1825532062383832638,3006626416827691481,262144 --variations-seed-version --mojo-platform-channel-handle=2020 /prefetch:2
      4⤵
      PID:1728
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2572,i,1825532062383832638,3006626416827691481,262144 --variations-seed-version --mojo-platform-channel-handle=2772 /prefetch:8
      4⤵
      PID:412
  - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=4132,i,1825532062383832638,3006626416827691481,262144 --variations-seed-version --mojo-platform-channel-handle=4156 /prefetch:8
      4⤵
      PID:3420
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --string-annotations --always-read-main-dll --field-trial-handle=4368,i,1825532062383832638,3006626416827691481,262144 --variations-seed-version --mojo-platform-channel-handle=3080 /prefetch:8
      4⤵
      PID:5476
  - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=4132,i,1825532062383832638,3006626416827691481,262144 --variations-seed-version --mojo-platform-channel-handle=4156 /prefetch:8
      4⤵
      PID:5724
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=4400,i,1825532062383832638,3006626416827691481,262144 --variations-seed-version --mojo-platform-channel-handle=4396 /prefetch:1
      4⤵
      PID:6096
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4788,i,1825532062383832638,3006626416827691481,262144 --variations-seed-version --mojo-platform-channel-handle=5116 /prefetch:8
      4⤵
      PID:6128
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4468,i,1825532062383832638,3006626416827691481,262144 --variations-seed-version --mojo-platform-channel-handle=5140 /prefetch:8
      4⤵
      PID:3960
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --always-read-main-dll --field-trial-handle=5488,i,1825532062383832638,3006626416827691481,262144 --variations-seed-version --mojo-platform-channel-handle=5516 /prefetch:1
      4⤵
      PID:3524

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3372

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4768

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:3412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:4804

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:5080

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\2b8a236b9b2443ed959ef553f026e1ea /t 6020 /p 1564
1⤵
PID:6104

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
23e33603c1c04a45357893dca45097b4

SHA1
ccb335a0cb243b004caeb236a9e15320c95a68f8

SHA256
2e341e81b49bd63aa0895aef070086e166b4f3f0396a1bfa3d7e32581ff89fa4

SHA512
7a5a0c5b8d44d7e944299092f48dcb0b325e249b7c09d59a7f54bd8f0dce92c7678da00b2fca4dfe0de0878fcb65eda5208e0f7ec2d877fcd7bece12a35d8e44

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
36KB

MD5
b30d3becc8731792523d599d949e63f5

SHA1
19350257e42d7aee17fb3bf139a9d3adb330fad4

SHA256
b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

SHA512
523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
56KB

MD5
752a1f26b18748311b691c7d8fc20633

SHA1
c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

SHA256
111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

SHA512
a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\88a933d4-5836-4646-83d8-d655fc4afa6e.tmp

Filesize
40KB

MD5
ee4f7457de22b02217cf0b726f7a6edc

SHA1
db8ace0c29893086e088e567cb2246d98b415f1b

SHA256
717ca2937ade8311a2217269035e3d6dddb0e781d669dbba2a48d109435db542

SHA512
fedeba19fcef0a4c5101783841fb0ad65dbe3034a3fc1996e287f7e82f579ab9f21d5895c9633f71b0d3104e97589d0fb7d596f7fef7ad0ecc2a485af875c0a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\CrashpadMetrics-active.pma

Filesize
16KB

MD5
cfab81b800edabacbf6cb61aa78d5258

SHA1
2730d4da1be7238d701dc84eb708a064b8d1cf27

SHA256
452a5479b9a2e03612576c30d30e6f51f51274cd30ef576ea1e71d20c657376f

SHA512
ec188b0ee4d3daabc26799b34ee471bee988bdd7ceb011ed7df3d4cf26f98932bbbb4b70dc2b7fd4df9a3981b3ce22f4b5be4a0db97514d526e521575efb2ec6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
991dd8fbe9a0cd6dc3637646bc73b6fe

SHA1
cd33a4c3c2cea06b41e5388826af365691769de4

SHA256
7e873150a039c5eda07ab3768e2b49127c3f824319d28909fe07f31d6f3119a4

SHA512
b8c1dbb54394674bb88fd7cf368214885e0c328e51651ee8f412aa1ab85151582c70189a292e24d551a8144de29f82e8e9b51ca5a695d33dc0e3326a78d05263

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
03cce982669ea274a1524ccb0c0d6adb

SHA1
adb34aefa15da52055b5126f5586f0ee6f4e0ccb

SHA256
fc462e77517428bb67db34684289f384bb037a2be007c303c76af82242405366

SHA512
42245fb6ff1a937f216da01f6fa12580546c5fea92e2f3b51f20317a10d840907b179aefd046bf290c4b7102422246b69a1ad8dd4d14ba840f27f33a0c4d7890

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
7725f9b53ef425be7f86e5184bdc5249

SHA1
a26bf5356bc790a39b7c7c1d8d70b931323764a3

SHA256
9edcb016223681e19b04238ee9a63fed10fd35646307ef2a0807d704774a718f

SHA512
4f0aa9d32cfaba25525d2138064824b45ae7f46a5fa98595d3a973c29a0ee25855a9dab91587805b2bd2779aee52e5552a1371611ffb7af641e8dbc1d058d31e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
8451e577d3ac3a9fde11fc6d0458a64a

SHA1
0977b99ccc46c02b1e7e9d798753e37811e91983

SHA256
94f54dc27508fe8c5f550540beb6e33f41e9a129c5be374ce65641738cb75f7f

SHA512
edbf9e211f9e1554c469d8755af8aee2fe277c84c74dee024003e96056bce89b8c8fcba7a2deed3f81e05a6f82c1711921e74c48d57b55414a0aa78e2af0ece0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_3

Filesize
8.0MB

MD5
526006a0d907d093c1d3c3fb5c60a425

SHA1
794b7968c526aa9bf7179835e9bf53319bdaf8d7

SHA256
a7c43bf15604e6391b1b50f1f289c183b3fda7a02fecda977045aa33aade6d0d

SHA512
ebfc90918c655969a740f38da50bff59b4bc9ccf4edcc027cbc974f50ff13f4090daecd610e6244efae7112cf22aebc056dc183473a75e96edcb8c19c5f03c9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000065

Filesize
17KB

MD5
4287dc9760acb67f79117a1617441120

SHA1
8ac1827d8a794b84a5841c512641b155efd9d095

SHA256
5a264b207c359c7b95988d1b15c1373b02c00a902326d31dfa1215f3e7962770

SHA512
e1a1f17a2de962f057a5edd0958c226b8fe9d865b9f648d61a5d3aefa25bb1e510a768baed3fb73567d29fa8387cf79ceda533b1233e22b0315c8649d64781cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000066

Filesize
91KB

MD5
17af537880c14eab73c5e11d649bfc7b

SHA1
c4e6ca8e9352348b7ae9da9d8308e642923e69f4

SHA256
85cbb3e643cb2fdf5e7daec92300589293554ba45326d65e33522b5f361c1209

SHA512
a4e2881551640ba88b8a1b5de1338552269c7342dfe43fa964521d47d94fe5e1c6d70effd432f6e08210bbc38d617053af38cd0c6c2787b7ad3a80b65442ae19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000067

Filesize
61KB

MD5
1a5bc1df9aa5608df9170dfb76bcd5f5

SHA1
e57c8b5de3d0d6133a4d0ed3918ef66302a92715

SHA256
8d613ec4d02a7b66d7eb4e6f631095768a11355def44c1447ad1282bc1ec0540

SHA512
57caba5c875514c2d8a8b6fed4fc8fbe17b8488262f6a2b0d2b48a5d33af6fe0912d2099bda01c5ea1d5e2f0a9c785a65062de18bd85be93722e90234841cb61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000068

Filesize
61KB

MD5
a81f6ff677be40d1f37510344b1ec75e

SHA1
e5a9e3b7c8ac5eef2bbf21ffbc342fdd1b2e0c70

SHA256
e0b7717e46411cd5dde0820b6d4e2fd623e53fb7c9a6222b3abfa165267cb027

SHA512
b7ff3bb8bf3592be734acb10b97445d6c691fbae92b394b30890b6f0acd2588477abbcc1130482dbc4f66557a4f73adaf8bfc586ca91998f92fb50da6f22c28a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000069

Filesize
25KB

MD5
2993a6d3fb360d2059754bf3bb71107d

SHA1
443ef7c6204311d73c02d4514b3178cd3df53a1d

SHA256
0490f9ede2cd47c89ec584e8ea393c5fe2fe4318671abd56bc8f0a14f5b8708f

SHA512
0b1ff191dc4cb1c411af0b59130e8b35bd7653185393101a5feb2cd444144b071b7d7557c50de0e384567cb0b5da4d61fdaf579aa72db39925d815a26555baa8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006a

Filesize
172KB

MD5
d69d1c410905c79f2e92702644ae3010

SHA1
b1752e5bd2a7687609f4e18ce8a95578a0845876

SHA256
5a77025ddbf57cbe75149e7d2ecba41ad2b86f5cc28b2bf751d89c28d033038c

SHA512
98ef8570c3702b1e069979325f5dfdc56f93a88f858004fbbee192d3557c75ab5feed47b95b22e3146af17107171c4c13ae12c8df9c5d6a2f08068d8b8784e71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006b

Filesize
24KB

MD5
f232a610f3103052f13d61f6dc2cefa0

SHA1
a5f6be8ca1b50d12aef321c46901d2e3bfd3f963

SHA256
14a2c9b8354c29e35a53352cfc02b2bd61ec88062ee2aa82d06c5e577fd639b1

SHA512
d0fda30750930a8f7e883727ebc05bc6904d89fc58ec40b479460f959de08e0a7b63e09c323bb8baae198f858cd5d072f1b74a8f4cd7a9f2f65b865ef19ece41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006c

Filesize
136KB

MD5
c974017dd7ab1dfe5489d60d2ee68082

SHA1
7ebe08e356f26b366271a7880a70b2746e0b2259

SHA256
9d6ba1b7a5f2090199fada8b285cdadfd3caa0cd50401f66e8af04b6c2a70de1

SHA512
98d22983b50b152ccfb7b7b950e12a11d8bbf3c9d4d2088c6cb79c3221ee9c8a0db8901dfff2d131beee8de4289dfc850382bbe98adc6c9f72f24e6ce955b147

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006d

Filesize
247KB

MD5
d90a6c13cefe5502dfd9abc6c2f18103

SHA1
2ed30b2944c1ad2c1cf351aa348bb8db3eb6f00b

SHA256
5df9d9b4eeec14240907f98935be7f80c24c154bf855dd0b4045248cce96aa95

SHA512
b8e6bb0c94b072a02300d2fcfc50bf67a3ac20b6716927fcc18500417bec09d1fbbd59e47a921a4dd27137f6bc4fe9e7ce0c15cc975b61ffc4e7652be3f4c9b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006e

Filesize
102KB

MD5
d441353d80fbb83e954c032b4ea97aee

SHA1
913604f63aa6ae284b57b1cd03e0df51c366bc6e

SHA256
2e60f3b1fe7dc64e722a5332e1f58a3337500266b6072d04c2609cca84da0508

SHA512
01701a9bc782f8f04667b0c255722140095fc14ce69291b9a38b93e9458a5711705a1cd9a76267fc4b6acabe58f6901efabea5e5045236f4ad476225e6bdd938

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006f

Filesize
103KB

MD5
93f8df34eef00e26f86837395708e2fe

SHA1
a68f05ad85fd98477ddfb513f334f1bb5c521aa7

SHA256
e79534267b09e887a6a4290000f3aa10f61eb441e6e82e33c8f4f481743b8679

SHA512
59d52d2d293d557aa38cc32f2848317dde6b6cafe71e68b54cc1a0724c447d05145ec18a37a604bcf572b252694bce25fb823011d5c9234ca25f938535cceeaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
6e44bd84945b25ebcdc0322ab6d93380

SHA1
dc12e7be1e96096571a5c6c9360e925bf052942e

SHA256
f6edc52927328dcbcaf38ee3351dd94128f3a244807ede6369b80cf8963e668c

SHA512
b8afbb190ecba0c08f6103961b3bec62700c99fb8b82465d203e339192d1091a5105c5429d2ef7e5e596cfbd1d9dd451c243900e61cec454e72d5163b885cb80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe581b15.TMP

Filesize
2KB

MD5
3b87c4ba034c7b7d3999d69d088a5b1e

SHA1
ed69e69ee326ce965512015f6359d286322a17c7

SHA256
67bb3aacd8372370183ea67e32e3041fd593804e327d652878e0d63c0a71169b

SHA512
263f22c3722ae308246c5557359a72b2df4059edd09a001e61d7a1deaf990839dae0abc99d7a37ad4a031b39269d00951487edcfe6f79731dbb540a788de949a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DawnGraphiteCache\data_1

Filesize
264KB

MD5
236fddf3329f936047362ab3abd7a4cc

SHA1
21ae6443d287f34a053cfcc99dae1e442d428cdf

SHA256
cd99b669d571afcca7142d7f59763037b888948c80ff1fa2e50f44b55615aad7

SHA512
3b66412ec01b8db147942eb8220d578b284c43f7bae2b6fb5f0bc6c511b015ef32a93577810b8810cb92d0fd90fcf79fa6977534d11fbee321735ad9112f0cdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

Filesize
343B

MD5
2d2e2d696488612df6ee9f24023d4c30

SHA1
b4e957ebb98cccccea26834fa295506cd77ba1f6

SHA256
89dd70735aaacb5878d7d5708c4a5ed6237f0cc8ca9af72a8a29ab9ffccd9cec

SHA512
6bc5ba7e8d69a0aacfa870b4b83af390cedd21e3476607cf96967ad5f8f9c39055074ec7e225cb947dc9cb16485065a2d912e2b6d35f770066bddcfcfd55bd70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
322B

MD5
79cd6230a8f7fe7769ce0eeea15f274e

SHA1
bbdbf5fa0b820d5f97ed8cb5d5987565a949e1a6

SHA256
49109b9a0298e6e0b9f78a059a3f322e1089bd9eb85267e3a4862f9c0730d4fa

SHA512
49a0b8efa424ef5fabcd76c7daa661e7d7a484cd459a976a0e93a8c1c37d6e17314e81d370fc308241156cd048398296d587d65f6be6c73804443b65b8f9662e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
73d976910ed4a305a9df732bc5769d7e

SHA1
3e620f338f6751b899842219193151397155691f

SHA256
ad7be11e7e098c2a37b3f5c50e078311be0a35e96485b08a94cf1fee4ce4f055

SHA512
0f6d319461e3a59c9553c5a78082db46250e91017c2341204ddc069cbcc45e4989ffe9d54daf50aa9970a3c4be5fc28d55ee5159157611fab060828c1632e0fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
2b66d93c82a06797cdfd9df96a09e74a

SHA1
5f7eb526ee8a0c519b5d86c845fea8afd15b0c28

SHA256
d4c064db769b3c109da2ed80a53fbab00987c17421a47921e41e213781d67954

SHA512
95e45c0aea0e704be5f512dffaae377d4abef78da99b3bca769264d69be20f2570daf2f47905645217e1b2696e42b101f26149219f148b4d6dd97a6c2868b6f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
fdb0e275bb012eb22f4e999b995ab717

SHA1
f94da80b405fe4090fe33e184c6cc37d785903e9

SHA256
79ebc664eb9e76a8408d355f9f67bcd731066aac4dc3f65a18654d8128397187

SHA512
4d93aace5e200a6cb86c81301b7a2deda4a5ec9cb9b4b54146e216d81d487ec491e8685de3b307c9c70a7c71313b226d8962302e32dd838e325ba2c143858002

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

Filesize
28KB

MD5
7b5a20c80cc6c1c43957f6953aeacbda

SHA1
114dfe301f1e6fe66a339d82b31389a05442a43d

SHA256
146a1d3a62f7dafdc736ae89002a9fc629b8beed25bdaa98366d54c9b2bf1d4b

SHA512
69006c30e82ec76db8e55d9959e10e38ea9cad46cf5e86d7f9f0269d88dddd8a40eed32e5dbe3aed7de133714e5cb5f338d321a8452f8efde26d89c0f686747e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
5bf41e4c5eba4ff29e32fd7c141d0ef5

SHA1
d0a7ff1cf7f1a049a436e8096bdc35b65905c685

SHA256
493dab88740f5b7894e81daea7fd1926b2a0fab73ce9016a51c7b7d575b53229

SHA512
134e86edf1e8d48d5fa5d779c8ea29e9aadd303009374bb31fc410189ca16b34d6a4a705f27050bbffe90ba8dd069f326c96d2a3e99a84527d1d61e3003a3c7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
1024B

MD5
7f39e22c8d2f08f730def19c90b5f8d5

SHA1
0a2bcba3cbaefc2a546e55ad3b08fea6e83e5966

SHA256
1e1bcf67abfe4222d92c5e82fcaa8ad752ac1e8b0251ab3d1b1e991ee23e3ebb

SHA512
c04bec5db96a81ea3eb40854a9c98254af447a2e8a67d9302620487b084c60255f59b3341cdccb3118e170f6be9f9e0263ce5b13b2329de19e1226ed83c21edb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
366d19cb4da2cbedf9617e686f1d9814

SHA1
c9e96b584f785d1071d17b457b33a9936fb4d547

SHA256
d0df49c55873d8e947614a870f78c5820055705c234a7f8d7b953e5470304eaa

SHA512
fdfc5d4a8aafd4675548a7b914eea0efdfc48c4539a8cc912c1fd02b6a4b73437410a9eae032c620c878dc8d16b178453f644d6f96c2806c4290f9fafb08a5fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
1bebc284bcf440ce122ddd997b6c6573

SHA1
5e5f460a19778cb83dcc402c1fb5824fee77f361

SHA256
5f819024a4ebc18092af937eca36236375d88582352513058e34f5173fd5f8dd

SHA512
3cd406210f9fb3ab44d7ba1197c622136715321d9aaa36a43d3bd1eec93022a58761fe3385d43a636d8059f13947e7b98cc95a6e1f37bab7e009bfa662213e86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
0b2d0514b791bbba7cd4ff9124c0a794

SHA1
429d3fd701a27c03d5044dd83e9aafaddfdfe311

SHA256
3bb9901f21250a64dcf4230bd8c6660c89a580011fb5711da32fff29f616855c

SHA512
12eda33650500c3963986c53579dfcbe4af036afa7c2f1d9e3c669e0cb78568014dea77f0e4ea304b8df44c25b60818ef3fb24e89db3ccd62efc4813c7e0433b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\74e0740b-0acd-48f2-8d01-f0bdfaa839e1\index-dir\the-real-index

Filesize
1KB

MD5
a938a40381bd8dd9e97d355da1718a8a

SHA1
ad45b4ffb30615572238c42994d99951cb2eaa25

SHA256
0e99675ee2766b6adb6a4d6aa7c53c0ea239ccb5e7f304b72247552024b96b37

SHA512
e645448940483d6f8f3fbf13d0a0a231a9a00a375f2561ff724099cceae84debc89bfe19363d6a62107ac572849c7945fec582fa9d749572ecd7015c31497f2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\74e0740b-0acd-48f2-8d01-f0bdfaa839e1\index-dir\the-real-index~RFe58316b.TMP

Filesize
1KB

MD5
a675b4de166472d69d8be3a08ed9ee2a

SHA1
b92a5b7e8205176cae2c4a70b188a33c829addc9

SHA256
8c7a74677fcd57ca2b36eaaa4a84b8931596ee9df0a686bd4c7256330341bdca

SHA512
4c1be69fb8aecebf172f017dd7ac98e7862b72f27e633b470ea38d1baaad56de166d17e06dc6eea5f87574f0376ad5fd35e9e22a180ba62467847a8159e24ee0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

Filesize
335B

MD5
774ae5e4691377d361f72c9064cd7211

SHA1
236d5b521d15fddbb8a3cfb13c583ac448631529

SHA256
a8c855c752ba14d1042c02f7e486982a140542a90cc15faf431b8f3570f8177a

SHA512
7d77c46108cd42b9dd8a0c5f2d6111d9b4476607eb7af954589cd043af0e4754bb74add14603a227119610262a3045acdcf8194f17f9862c7e4696c0139d26a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
d4db59973f4e4ce6b4bc3c6bfd9d03ff

SHA1
7fe62e77ddc83771ef4e1e8a90357cb6e1612878

SHA256
04ce245457aea224626ebde3194e18dae1c92681fb564394e4cb91f79b02b34e

SHA512
725cfb5c78e2441046750f260904467628c74cf07bdf40582713c7af70caf791ab65e037facb085b8cf80b060f1d2a1035ff57d2a97c47e1fbca48e104a1a50c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
7a8226d0804f6808ad341554b040d2af

SHA1
69a132dba47a883cafd21a17f7a1f585d2ee9439

SHA256
76186101c0a549195dba55e2dea0f6c29982e3b1770f02d35f4476844dc8cfba

SHA512
4af9f4dc723bcb9d4129537532746d2288dc2c03555da1e298f244b57ddcbb2b17087fa48ce45b4a65c6b26dc2ccda2125a0894b7d377a74da791ae9d5d31b35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
06affe33edb0075322d46d93e1d280a7

SHA1
eafa1ec832fd851e9ff722f0fe3c1061d25edf2f

SHA256
bfa663b4e72daf5b1e8265eaf3e82415ee70fe7227671d745bdf209d23ca46fc

SHA512
2a6d1bfae18b1edb234c426e7974373d50f505518588c97a5a7cc6cb567782e646a23565546ab8665b9fa8949907ec4f51c893bb5017a804eb4c2f2fd832c1f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
c135e567db2726cb25de05b257d84272

SHA1
68eb9b293e3785d94763355e598bb4ab5132d724

SHA256
e709a3f41f0f70bed73244c11cdf5c56b797a0454b9a2ea0034f83387827e938

SHA512
0ea83f51026821accad02208509a807ab2b81311b3d2ec3e1280c830829ed3f08d0d81c0740c1be45c6b319e0d45362071219af50f9fbdab2619c555384d7321

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
25KB

MD5
6e0e09d9c35722472d9a98aa8c2c5c05

SHA1
65ef0d523c1c7941a23f06d7b21ab6cec98f3c91

SHA256
a5992018c81df451a0aceee8812802a0c84095d7d63bbaf2957cff9884f9247d

SHA512
e6bdec1d5b331690711ed35479b548ede12f2db5f4acfe80a2d8af0cdffe50b6c254f38de528b41515f957f598e0aa0651d655d5bd06a288fdb88f83d605cbcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\default_cloud_config.json

Filesize
13KB

MD5
cf9a0cd1d5f9c8cdeb87ef3f7d30d15c

SHA1
c543e62aab24c205db6014414161c13375e9a71c

SHA256
b24f36278e4c85a8fcd66021d48c69d6b07be605673e02f0fe185bf3319f47f4

SHA512
39ad5c5753e5398906b94ab039d2eae7fe420fe35a53f190bda84d4f9262f3b14841cdf4ec76cdbff6a4578a26ab1e6c4b11ba326ec8cc38a2e2904a6f2c0d8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\favorites_diagnostic.log

Filesize
1KB

MD5
94e8a9924bcb57650970ec7cf606a7d8

SHA1
fb3825c8682f65bf3832caba015612a1ce956e56

SHA256
c5b8ce8ef9d9059d92f66190d08f65368d10ead7448571f1b5b55aa443efd319

SHA512
915a75b1d172ee8ffa86f146d53b3003cd480ca27519e6c30bfd56fea2788ee2bd0d3585db5e4389d4a428d3cf16d0bd9f740872332957c9246b0fdf3b6b9efb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
10KB

MD5
5672800ca3d95cfb14c933468dacbec2

SHA1
24336dde0ca10affae0bf6843e51f971d8dc7c81

SHA256
75c702bdbc15d57e114eb28337db6d9a3d5a98d3ff21c804eb195ab019412a78

SHA512
77387060b42e7a282940e51e923f155534aabd3c6bfda77cd8054981a042a75cb3befdaee9a188b09fa3b7621644bdf488bd80c7de35cae56e4ec3c72d6fcdcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
cfc279653ea32ca0f5df143a1b653824

SHA1
c1a18c32206c61a0766a9f427a41bbccd687fe91

SHA256
0f0cf15ab3bff3f0c1a0fdcf6b44b474b509eb7283033e8a2da83780fcadc57b

SHA512
c2deb81efa8774e549f40c0883acda4a53ae37e56f7c76d4192ec3243462e5ff6f3dd96babe20cf0a000cae8911d774ca6fa7de6d95c803ed777e781e005d814

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
1KB

MD5
9cd1c8e8b0ad21857f191e4df5507df4

SHA1
19f139943a3271118efa87832c648246f7b1349f

SHA256
468baebbc76720970af5da78821d86def900a37aa97386f9a0648a86734ace49

SHA512
dd4910a8e2968e2022b324f1eef64fba2c72511c2100e052c97474fae37ecf7b5302e3db94e88d2820f0d09a25702ac6446517512c89657039f25982747ffa22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
340B

MD5
dbb2ce83ae989a6d87d77312b9ee0630

SHA1
3b2361c9b878ca4ca0d0a17a984a0c9104159db4

SHA256
e983a2b842f04d6621867df3f61ca15864521bb15edad4f6e4ad4d924c9b216b

SHA512
8a88e19220a0db582c3aa9f6e5856f733ae1b8d862b6495a77d7a6dd19b0cda8d95cf3a2ccdfee3ef19a19a598eaefd9485681307e78d6ad37dfa356a1105b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser

Filesize
120B

MD5
a397e5983d4a1619e36143b4d804b870

SHA1
aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4

SHA256
9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4

SHA512
4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
13B

MD5
3e45022839c8def44fd96e24f29a9f4b

SHA1
c798352b5a0860f8edfd5c1589cf6e5842c5c226

SHA256
01a3e5d854762d8fdd01b235ce536fde31bf9a6be0596c295e3cea9aaf40f3dd

SHA512
2888982860091421f89f3d7444cacccb1938ef70fc084d3028d8a29021e6e1d83eaef62108eace2f0d590ed41ece0e443d8b564e9c9a860fc48d766edb1dc3d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
47KB

MD5
bd57bdab7fb0bfc338e4ce99b4bb01d3

SHA1
ba28e4334849d6d590f0656d96f77ddd966ac7e1

SHA256
ffced774be84c33559f5a1698e4c8bc04ce90c06f498ad0ef1f6c9a49116ee07

SHA512
fad2dad074cca244624e8a65be91b009d84e7d3a5b1ce66447eb74ba11152b8dc30741349b245e00bd993741ee74725642a195469d4f725fd7e0e3383d8689fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
47KB

MD5
d8dd981902bd962cb268c430fc90bb01

SHA1
2fabc79edfd84b166f38cffbedb3884a68bcc0ee

SHA256
0478600c27716470f305f2680dc9f914bc692f8dae76d25b02aa49b0093b1899

SHA512
58e64ff2a8c5c5202bf3c007d2f028c97075a60b7266c1fe58fc1146d6e8bf1eba7b5c403a2500ea14d2b756de2c4d80d286f242a78068cb28d4da57a5fe7da0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
bade5f704c1fd82b4a2379b5a4b08f57

SHA1
bb670edfff90e491c4fa1f96d3844371be483eb7

SHA256
a02f5a5331de84fd5df00cdcf677bd4dde8a47a1c0c0a8324ad8b447bceaae06

SHA512
6c4e1609fb6a043e3b48797830b4961dcdf9bd565d35de78805e44738bdab6c7b72232c38875a2a64bb97fbecd9611787158418f94628c599cef5a2a3dae281e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
11729a3c23aa1e80d719c5a4baa6afd9

SHA1
988c06231babeb05c7cd8d4964446aaafe6cdde3

SHA256
9146891abcb0aed9bef5a97af26f4c66c7abbbba844ab9bc50517953a5d2ab9a

SHA512
cc513d13a52844eea983a266eca79492f789bea6a04a7cbb16af5cc1826bec920c38a9796447af876e95fcc0456bbd03aa7041dfb47dcf6f9a285276c888b5ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history

Filesize
20KB

MD5
83a9d83facfa4d9986e3e612582c3f1a

SHA1
5f130c15a491b032cc047475836c0a952d38147c

SHA256
e147d0aba9dabbe2f1ddcbd20503864d401ea677318a5492f1ac8aa096ee368c

SHA512
98400ea3e70cc818b7ef3deeffeb5b5dbd53da2548cc604345959dee54af4ec98e483cb4d491b195ea8a27119d1dbe8c85a0cfcd173f42b0d50f9ba104279487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1

Filesize
264KB

MD5
c8305045f07e99fb03ff621947862775

SHA1
608a399f170a9b8f2554ffcd82789a0b4d89fa26

SHA256
775b40fe223a7a9d584fe9956c15a9a9a1d7b1bdeef329026960be0c8e4e1319

SHA512
3c46061cfd96dedfc5f58f676f07e5da76d540cc78bdc43d4feb97a6e46abc5a8c27c46ad504b7d00cc50fb4965eb5aae010a9647ada91ccd65cb65e5727156f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
430b9a7e7ca8064fb893741c3b8a3d72

SHA1
52f038794a2ff634426a7ede95e920d2138b7e2e

SHA256
3f3d1dac0dade368981523d3297a3fceb94004e39288005c1048bf3e411e44f0

SHA512
9e3dbda093f0e18f4840cf8488073240b9ce491c3dd2933550c54fcc1bb3d2626e1ef966a470c2e76a205ee057c72334135525412fdc779a4adb35bb5d9de873

Download Submit
memory/1564-185-0x000000000AA00000-0x000000000AB4D000-memory.dmp

Filesize
1.3MB

Download