487f4dd9bdbe94a9cf1a04a8fdec19f16f86864d05d06f0511544b3ff68c850c

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20250410-en
resource tags

arch:x64arch:x86image:win10v2004-20250410-enlocale:en-usos:windows10-2004-x64system
submitted
16/04/2025, 07:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

virusshare/1/VirusShare_3cd9a967b67fe69351e390195ca7a430.pdf
Size

32KB
MD5

3cd9a967b67fe69351e390195ca7a430
SHA1

4e7f309d283182d76377ad02616a6a5933cac649
SHA256

e96e3b90d9483a2e463fdda0edf27310ed10fbdb8a8b920c6480ca93bb2e1077
SHA512

ffe9ffe8555ef0b914bdcaea5b50eb501c4b0d03726ab6f2baa0e5cf6875d9b0ac735679dbd03810d3f03905402f382bf32e3227bd2a11c0eef173082cb02273
SSDEEP

768:XDNivfrO+Av3qpOCy71ShZ2/p1oaVBV2iKL2GmqBmmSE5fXuMZmwgCLWar8v:XB6zrAv3qpOCy71ShZ2R1osBV2iKL25p

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2362875047-775336530-2205312478-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133892623497004858"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2362875047-775336530-2205312478-1000\{32847FCA-004B-4F61-84B2-449D38CC6D52}	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2362875047-775336530-2205312478-1000\{EAAAC338-F138-452E-B3B4-E6E559590665}	msedge.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
3304	AcroRd32.exe
3304	AcroRd32.exe
3304	AcroRd32.exe
3304	AcroRd32.exe
3304	AcroRd32.exe
3304	AcroRd32.exe
3304	AcroRd32.exe
3304	AcroRd32.exe
3304	AcroRd32.exe
3304	AcroRd32.exe
3304	AcroRd32.exe
3304	AcroRd32.exe
3304	AcroRd32.exe
3304	AcroRd32.exe
3304	AcroRd32.exe
3304	AcroRd32.exe
3304	AcroRd32.exe
3304	AcroRd32.exe
3304	AcroRd32.exe
3304	AcroRd32.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1280	msedge.exe
1280	msedge.exe
3120	msedge.exe
3120	msedge.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
3304	AcroRd32.exe
1280	msedge.exe
1280	msedge.exe
3120	msedge.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3304	AcroRd32.exe
3304	AcroRd32.exe
3304	AcroRd32.exe
3304	AcroRd32.exe
3304	AcroRd32.exe
3304	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3304 wrote to memory of 828	3304	AcroRd32.exe	90
PID 3304 wrote to memory of 828	3304	AcroRd32.exe	90
PID 3304 wrote to memory of 828	3304	AcroRd32.exe	90
PID 828 wrote to memory of 3240	828	RdrCEF.exe	91
PID 828 wrote to memory of 3240	828	RdrCEF.exe	91
PID 828 wrote to memory of 3240	828	RdrCEF.exe	91
PID 828 wrote to memory of 3240	828	RdrCEF.exe	91
PID 828 wrote to memory of 3240	828	RdrCEF.exe	91
PID 828 wrote to memory of 3240	828	RdrCEF.exe	91
PID 828 wrote to memory of 3240	828	RdrCEF.exe	91
PID 828 wrote to memory of 3240	828	RdrCEF.exe	91
PID 828 wrote to memory of 3240	828	RdrCEF.exe	91
PID 828 wrote to memory of 3240	828	RdrCEF.exe	91
PID 828 wrote to memory of 3240	828	RdrCEF.exe	91
PID 828 wrote to memory of 3240	828	RdrCEF.exe	91
PID 828 wrote to memory of 3240	828	RdrCEF.exe	91
PID 828 wrote to memory of 3240	828	RdrCEF.exe	91
PID 828 wrote to memory of 3240	828	RdrCEF.exe	91
PID 828 wrote to memory of 3240	828	RdrCEF.exe	91
PID 828 wrote to memory of 3240	828	RdrCEF.exe	91
PID 828 wrote to memory of 3240	828	RdrCEF.exe	91
PID 828 wrote to memory of 3240	828	RdrCEF.exe	91
PID 828 wrote to memory of 3240	828	RdrCEF.exe	91
PID 828 wrote to memory of 3240	828	RdrCEF.exe	91
PID 828 wrote to memory of 3240	828	RdrCEF.exe	91
PID 828 wrote to memory of 3240	828	RdrCEF.exe	91
PID 828 wrote to memory of 3240	828	RdrCEF.exe	91
PID 828 wrote to memory of 3240	828	RdrCEF.exe	91
PID 828 wrote to memory of 3240	828	RdrCEF.exe	91
PID 828 wrote to memory of 3240	828	RdrCEF.exe	91
PID 828 wrote to memory of 3240	828	RdrCEF.exe	91
PID 828 wrote to memory of 3240	828	RdrCEF.exe	91
PID 828 wrote to memory of 3240	828	RdrCEF.exe	91
PID 828 wrote to memory of 3240	828	RdrCEF.exe	91
PID 828 wrote to memory of 3240	828	RdrCEF.exe	91
PID 828 wrote to memory of 3240	828	RdrCEF.exe	91
PID 828 wrote to memory of 3240	828	RdrCEF.exe	91
PID 828 wrote to memory of 3240	828	RdrCEF.exe	91
PID 828 wrote to memory of 3240	828	RdrCEF.exe	91
PID 828 wrote to memory of 3240	828	RdrCEF.exe	91
PID 828 wrote to memory of 3240	828	RdrCEF.exe	91
PID 828 wrote to memory of 3240	828	RdrCEF.exe	91
PID 828 wrote to memory of 3240	828	RdrCEF.exe	91
PID 828 wrote to memory of 3240	828	RdrCEF.exe	91
PID 828 wrote to memory of 1220	828	RdrCEF.exe	92
PID 828 wrote to memory of 1220	828	RdrCEF.exe	92
PID 828 wrote to memory of 1220	828	RdrCEF.exe	92
PID 828 wrote to memory of 1220	828	RdrCEF.exe	92
PID 828 wrote to memory of 1220	828	RdrCEF.exe	92
PID 828 wrote to memory of 1220	828	RdrCEF.exe	92
PID 828 wrote to memory of 1220	828	RdrCEF.exe	92
PID 828 wrote to memory of 1220	828	RdrCEF.exe	92
PID 828 wrote to memory of 1220	828	RdrCEF.exe	92
PID 828 wrote to memory of 1220	828	RdrCEF.exe	92
PID 828 wrote to memory of 1220	828	RdrCEF.exe	92
PID 828 wrote to memory of 1220	828	RdrCEF.exe	92
PID 828 wrote to memory of 1220	828	RdrCEF.exe	92
PID 828 wrote to memory of 1220	828	RdrCEF.exe	92
PID 828 wrote to memory of 1220	828	RdrCEF.exe	92
PID 828 wrote to memory of 1220	828	RdrCEF.exe	92
PID 828 wrote to memory of 1220	828	RdrCEF.exe	92
PID 828 wrote to memory of 1220	828	RdrCEF.exe	92
PID 828 wrote to memory of 1220	828	RdrCEF.exe	92
PID 828 wrote to memory of 1220	828	RdrCEF.exe	92

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\virusshare\1\VirusShare_3cd9a967b67fe69351e390195ca7a430.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3304
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:828
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=325FC1CF3EF47C3662E2374A5FF69C18 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3240
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=7B528993F6DF695E6F9585D7FD59B30D --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=7B528993F6DF695E6F9585D7FD59B30D --renderer-client-id=2 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job /prefetch:1
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1220
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=3743D18279C4F69DEF7B35956B1AFBE9 --mojo-platform-channel-handle=2288 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1728
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=2B3A5E2AF370E836692691A5A8503453 --mojo-platform-channel-handle=1856 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4700
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=5176127BC7F4DCF99E16C0381BD2D986 --mojo-platform-channel-handle=2308 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4792
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=8404616CDB04BD61083CE11F84AB7F8C --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=8404616CDB04BD61083CE11F84AB7F8C --renderer-client-id=7 --mojo-platform-channel-handle=2364 --allow-no-sandbox-job /prefetch:1
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://formormedia.com/uploads/1/3/0/2/130289443/130289443.html#auma+electric+actuator+catalogue
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Modifies registry class
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  PID:1280
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2cc,0x2d0,0x2d4,0x2c8,0x2a4,0x7ff87adaf208,0x7ff87adaf214,0x7ff87adaf220
    3⤵
    PID:3328
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1920,i,10802619945386296134,16826346014424287900,262144 --variations-seed-version --mojo-platform-channel-handle=2312 /prefetch:3
    3⤵
    PID:5440
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2276,i,10802619945386296134,16826346014424287900,262144 --variations-seed-version --mojo-platform-channel-handle=2272 /prefetch:2
    3⤵
    PID:5288
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2588,i,10802619945386296134,16826346014424287900,262144 --variations-seed-version --mojo-platform-channel-handle=2716 /prefetch:8
    3⤵
    PID:3472
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3512,i,10802619945386296134,16826346014424287900,262144 --variations-seed-version --mojo-platform-channel-handle=3536 /prefetch:1
    3⤵
    PID:3540
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3544,i,10802619945386296134,16826346014424287900,262144 --variations-seed-version --mojo-platform-channel-handle=3592 /prefetch:1
    3⤵
    PID:1804
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4828,i,10802619945386296134,16826346014424287900,262144 --variations-seed-version --mojo-platform-channel-handle=3488 /prefetch:8
    3⤵
    PID:1728
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5020,i,10802619945386296134,16826346014424287900,262144 --variations-seed-version --mojo-platform-channel-handle=5044 /prefetch:8
    3⤵
    PID:4676
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5572,i,10802619945386296134,16826346014424287900,262144 --variations-seed-version --mojo-platform-channel-handle=5580 /prefetch:8
    3⤵
    PID:4780
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5588,i,10802619945386296134,16826346014424287900,262144 --variations-seed-version --mojo-platform-channel-handle=5656 /prefetch:8
    3⤵
    PID:2116
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5588,i,10802619945386296134,16826346014424287900,262144 --variations-seed-version --mojo-platform-channel-handle=5656 /prefetch:8
    3⤵
    PID:3772
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
    3⤵
    - Checks processor information in registry
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Modifies registry class
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    PID:3120
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x258,0x7ff87adaf208,0x7ff87adaf214,0x7ff87adaf220
      4⤵
      PID:1476
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=1868,i,4055680397434761868,10041585724584455458,262144 --variations-seed-version --mojo-platform-channel-handle=2264 /prefetch:3
      4⤵
      PID:5908
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --subproc-heap-profiling --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2236,i,4055680397434761868,10041585724584455458,262144 --variations-seed-version --mojo-platform-channel-handle=2232 /prefetch:2
      4⤵
      PID:2000
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=2580,i,4055680397434761868,10041585724584455458,262144 --variations-seed-version --mojo-platform-channel-handle=2716 /prefetch:8
      4⤵
      PID:2044
  - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=4160,i,4055680397434761868,10041585724584455458,262144 --variations-seed-version --mojo-platform-channel-handle=4224 /prefetch:8
      4⤵
      PID:1540
  - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=4160,i,4055680397434761868,10041585724584455458,262144 --variations-seed-version --mojo-platform-channel-handle=4224 /prefetch:8
      4⤵
      PID:652
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=4596,i,4055680397434761868,10041585724584455458,262144 --variations-seed-version --mojo-platform-channel-handle=4604 /prefetch:8
      4⤵
      PID:3288
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --subproc-heap-profiling --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=4880,i,4055680397434761868,10041585724584455458,262144 --variations-seed-version --mojo-platform-channel-handle=4872 /prefetch:1
      4⤵
      PID:4856
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --subproc-heap-profiling --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4884,i,4055680397434761868,10041585724584455458,262144 --variations-seed-version --mojo-platform-channel-handle=4964 /prefetch:1
      4⤵
      PID:4728
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=5448,i,4055680397434761868,10041585724584455458,262144 --variations-seed-version --mojo-platform-channel-handle=5460 /prefetch:8
      4⤵
      PID:2904
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=5408,i,4055680397434761868,10041585724584455458,262144 --variations-seed-version --mojo-platform-channel-handle=5496 /prefetch:8
      4⤵
      PID:5460
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=6020,i,4055680397434761868,10041585724584455458,262144 --variations-seed-version --mojo-platform-channel-handle=6008 /prefetch:8
      4⤵
      PID:5368
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=6124,i,4055680397434761868,10041585724584455458,262144 --variations-seed-version --mojo-platform-channel-handle=6184 /prefetch:8
      4⤵
      PID:3160
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --subproc-heap-profiling --always-read-main-dll --field-trial-handle=6000,i,4055680397434761868,10041585724584455458,262144 --variations-seed-version --mojo-platform-channel-handle=6216 /prefetch:8
      4⤵
      PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://formormedia.com/uploads/1/3/0/2/130289443/130289443.html#auma+electric+actuator+catalogue
  2⤵
  PID:3820

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5168

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:3940

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:5456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:3164

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:3600

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:6016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:4248

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
acbbe66345aa3812f4ee96934b4963b0

SHA1
51415955702429342c60624e7c5be480460ab442

SHA256
8e3061981a521610edfd52df437fcf5282f91352327ae5434996804d4066d613

SHA512
dc44ef4e43f4e9c6ffb5149f22f0c4ce13e299fb59b222acd4d61e2671d6f8793e61841a815ccc1ea9d2fa4fc61d2c614b7dc811c152b27bd9fa59862a0622f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
36KB

MD5
b30d3becc8731792523d599d949e63f5

SHA1
19350257e42d7aee17fb3bf139a9d3adb330fad4

SHA256
b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

SHA512
523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
56KB

MD5
752a1f26b18748311b691c7d8fc20633

SHA1
c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

SHA256
111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

SHA512
a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\CrashpadMetrics-active.pma

Filesize
16KB

MD5
cfab81b800edabacbf6cb61aa78d5258

SHA1
2730d4da1be7238d701dc84eb708a064b8d1cf27

SHA256
452a5479b9a2e03612576c30d30e6f51f51274cd30ef576ea1e71d20c657376f

SHA512
ec188b0ee4d3daabc26799b34ee471bee988bdd7ceb011ed7df3d4cf26f98932bbbb4b70dc2b7fd4df9a3981b3ce22f4b5be4a0db97514d526e521575efb2ec6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
6ec80650bb87997281d6b2c490e5939e

SHA1
40faef4ca4833df8dd17c4a05cae8e4fdea72b89

SHA256
025280e5fdfd02d49c42c93e14cbc699b80eb10e21d31bd0aaa8a9b1067a80b5

SHA512
be947097b9fd14a716388b25cf4c253ee4d074a8b13370873b575ce5beb3843f1961df08e94eb07958657c64ae27bfb9f75ba9b2e19ac29985a5fc6813d500fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
9a186bc3b9db715cf32c917160c124d7

SHA1
d555613ce5f034d170c87c569309c459833f5374

SHA256
8f690aa971f930eb2d3acd39ab086b8b9560ae4531af43b69e0122dfc1cb0694

SHA512
7d83d17b64521f73eee3c2a6634105bff6f9dd5db3014b7067735677c7c932eca9846b1dc3f6ca53630c1fd036b1ae6da596b7d1ac472f5cfa864034dbb03361

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
2cd459453d00f8fb7c1b547977980e01

SHA1
ecff74e79561638b7e2bd4f5ab49b599d48d384f

SHA256
9b387af6585b8dc5d0b033c11ae4abf30e5e3503126fc62a5bc80e87d37932d0

SHA512
7e1405c39967340415b64a365ee0a743ba361efea5bf7ebf2ac3050a033484c95616b3936ad949f1f5cd7558da29f6e741bd9b00be2652252093c1e908f18167

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
bda27a99958dbf9261ad71d7ee38d8de

SHA1
2fbeee7bd81c10c6ddf0c368207ee31293e51859

SHA256
9495c23fd02886230c43c5529d9c16353a1a27231576d943f0c06261994382e6

SHA512
2ae24404b8adad0ec3e53895dede68c9f0691d2cdc0c83a84c3fd6c9c56f6102de31762cf0bd03e14de9bb3a0d9711a808a2e4590e97af7fa8d2660b09b6e435

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
ae7bd1b349700c9a03a752eaef6c99f5

SHA1
ce064a09eb8e04022601b08ddbebe013daf4f953

SHA256
e1dde0300fbdf95bd7cc27874485a964feec5395571040add14a922e42a877a3

SHA512
db436c433f8074e4d71e9dd1c81adf19b6222bdfa223e69a320de4bdae90daa025a10570a9a90a842e81b497a6029295820e367f2928bf3e1c2d7c19b8ddb86d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_3

Filesize
8.0MB

MD5
5c57c46e677821bd13fb02c049c03784

SHA1
b2aa45ef32cad41f405a84869b70428a3d077279

SHA256
f99cbaafc299143671321e53ee22714c23ae9c6547d22c9b5936184398f86c62

SHA512
7b5b58013bd32341a0c5437367704eedd36ab0435ef628fed9cd37de90a1cf8fe8b8d08acb734a23eff682e296ca2b5afc9662f6099f57f78a7885dd11d17b18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000063

Filesize
44KB

MD5
861dfbee66a135b4421ba3f0f3bc297f

SHA1
1b379173b64e92893538ff39da0b16410dd5f653

SHA256
abbc659e9c167b41e012d7b7d7f8cf22d4edd74a7ffb85704e213b1418c8b177

SHA512
3397aba8b2be2b5269899accea9106f6895cda10a17d8e9d92f86f914386f1903087cf87878504db9bc8bfe1fd461b165197966aa7186fd1ba5570fb2c31d84b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000064

Filesize
44KB

MD5
61f3bc4fc6146cc65961a8c8e917855a

SHA1
02e25e22cf1c0a26d838a477b1f21bf33b71ca38

SHA256
aabc1a485e0941f1e2927b6a4beed2b368431466977483068bbe367de253a05c

SHA512
77cda181f023ff6597d3b7a0fd269cee76306ea650e2cc6fddcbef675c245b3d9f95178fe8a9d5ef65a5d8ca3dc0d3f675dbfb49db05dafc1fe822d79506c7b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
06692812cf0a53e3d98675fadf838d71

SHA1
66b6df2ccfdaa3cfa40aa8548b043f3b2f128f60

SHA256
33c3e475deaffe224e9d6f6761fc9126a0bd52cb2d4e5f9ee0ae8e06c5fd3c26

SHA512
ce5b7ca6dcf1856b7314010f2fc82a96e481be9ee8ad13dcfff093a0d2a0a049e57174bd1e7b87b8dea84fd5ed35f7559c7b54cd9deaf46dc8c79996144d8b80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DawnGraphiteCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

Filesize
346B

MD5
ec8d887a5549701823881d7e018efcbe

SHA1
62da5ab85bb9aecccbccbc7203e0ecaf0ba275c7

SHA256
a0dc7284c7e8a6fa4cb4616dbd0bd305582fb1b88b643b042dadd58c5c0644d8

SHA512
f5f3cd11b15ea02bc764f94363675ed7c503cfb617b1e2fcc353dc1488b4823e58409f4732213509494b0becc47743b285b70146809830abecd4afc839de215d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

Filesize
32KB

MD5
e8e62c804d48cdadbed72bd76c824692

SHA1
38b8232327ca88fa0a0cf0cf72a71c4550da033f

SHA256
84b60a322e208c993a92bee8b679f5d1f1d18a1c8909d04377cb6fd67215925a

SHA512
c63facd958ad45791b42b482eadd1d3f0152fac494e0b56050f43e7310bd287e41acb215809f04bc14f694ad5a6fec79e36dd2646636ea3991f7f906036ffadd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
e7ed8cb03760ed7c40a15547a9fb1a62

SHA1
5802a51fb0803307ac0bc3346875aeb4d2d0231f

SHA256
54b66326ee22253809fe2921fa06890a64126fdc2482b94c3079580c0e3ee262

SHA512
9ae0775f5baaa8570ce4b93b71d308407ff6abc61a37ae655291c1e33b01fe2d88d11f09bf63fa8533d48c26d85ba50defdb3898928f07676b64dbac9d998494

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
a057f79e187b537fcc8873c4627efe58

SHA1
6f47eb52397674c8a059f0f28f10cfc5fe8a568a

SHA256
6f19ecea833a8240179a26b8ee03caa9f4ab10d51d76cd89d46863a2d212d355

SHA512
be87cb9b33d2917d2347ae80660301eaedb0282391c25b92a3910a4ac71606d3bac1dcffdff7e175f5c71407e028c841bf2bd67846e00d2ac48f687411065b69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
2b66d93c82a06797cdfd9df96a09e74a

SHA1
5f7eb526ee8a0c519b5d86c845fea8afd15b0c28

SHA256
d4c064db769b3c109da2ed80a53fbab00987c17421a47921e41e213781d67954

SHA512
95e45c0aea0e704be5f512dffaae377d4abef78da99b3bca769264d69be20f2570daf2f47905645217e1b2696e42b101f26149219f148b4d6dd97a6c2868b6f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
334B

MD5
3d6cca3204efed01d6b3e17250749518

SHA1
7cdc822cf02b00383c75ee01ad70a25c6abe4c72

SHA256
8c71c6f61cc7376f9eb53b568d2fbcbded967e38ba182e486b9aba6f25d5f719

SHA512
568846390ac03fdcf9501e4d98b1d55a0c89cb8d5ead18047c8e46eb2acba9bb58ed711fe68f5e7994fe015d84bd4f3c521478a147c0a73da187055024bc1820

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

Filesize
20KB

MD5
49a9a18d41b0d64bc0a00da8436921bd

SHA1
c8a0cecfbb1960c8bccee0082b2667985e084b6c

SHA256
536a2a4704ee39fdab6a08c5b5fff287710f0fe31bc845008d2f69fbe0012ce1

SHA512
c54306f174139e35bc489edbf2e9f9dc7f5caab6bb067fef9861758b10da1351c9e15184c3c9d911a1720abf4d10d52482fffbd77b90ae24452d7df532fe5e3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
12a2a7e669d313d842aac32ee4c53b92

SHA1
f237cdc08bdac0eec7acf92c31d77c3f5a337e94

SHA256
19d074c2025b03cdc265559dff333fcae706112ebc3cfd62e1f2a96172d0ae11

SHA512
1e086f8973961fe972d5a4eece87e8208365131813148722649aaf341f78350cbee0d9c3f104c87173f5be5b0fe94eddb70bf534c23f4ba8d2a9d73a329244f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
433dfd075f5265373a343f1fa325881c

SHA1
745f4b14c044ae86ab469eea6b66ac918bde9760

SHA256
134a183b86db1f3fe3715475de7e95f66c5c16cddc9b21643f461159416358ea

SHA512
a80b79df65301373acb619f233196e595342da67087bec284d5a19a41cf36424044213f2b43c6c278af8fca1261c2ee5179a53b516ed547adea7369b1cef4a59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
3c6c80420606360508068af831fe82e8

SHA1
6500c0cc8702b8f2e8036f160b42b2f0ad7ac7fa

SHA256
3ab0b3236a70a304dc924fbf176b2328ad8a342eac1db73da4bb7b57808b2a24

SHA512
41c4fdfceb820e2aad6edfb4a9f9c1337893cdf4d29f90e361d228d404d1de11485d68ce8a36df8116a9e42458d68568ea2f37d6d41b7b917a94a331d529cc28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
856df4bf8c285edc27cf0ea08eb62ce4

SHA1
e44f6f1e3181c7b7b6174271efd62023c7cb3030

SHA256
99fe55278e11bbbc19b01fd65fcb6b88ecd7fdd223467b3baf04101cb16e6ff3

SHA512
7df5ccd8f634caaed4de4a2bd5528888ffecb437c2c4c46c1f42dd99e66180634d226d0424057cae2749aad843bfbb84b81502d2512870b0998a8439895a9e45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

Filesize
338B

MD5
5bc3849c3d5b8f9fc0d2e02af96a1c45

SHA1
07842f0090076768c75ab7b87091cffd546ababf

SHA256
07ffebdba27a1b26109967428b7d33d762d94afbb5430fe4438e6d712b2f8ead

SHA512
a4cb1c0d175895d48571ae562f29384cdbb09d973bcfee539e3633fda8a8607bb661b4ab3f3506f0cec99c2252240b0a2ac902c17995585d2ad08d6bdbf90d5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13389262361612310

Filesize
1KB

MD5
a60d84c628b5be9d2877ff83b5408b42

SHA1
dffc9507088f9f62f9a34523eb74058d37bd2715

SHA256
a935154b8c0d307df1a535481e8205a3a2cb4f03a5b4390a6ad1c7308be95dd6

SHA512
f530c4f1d8e887702ac67e1d7a8dacfc423bbdb7243cea2fb3f44678e83643984f1c3a35037e9999f0d650a0ea86786adac98b5101002964ea3d5c7596f58fef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
6a5c5063c33b88f643fed3e1c303dd9a

SHA1
1149c3819395e39837fa18c3964b2206aef91d1b

SHA256
7a516b30bdfdaf3dc4e42bc8d96f7c091d1df0777b007d900e41d76800fc1ac6

SHA512
a871f539d7e5ce4b0b839450cd41ee1a9e3de61832f9cef6166bec0b2b50d9e2059d9758a6108820f41a098ebedc85108314822179bf50438ba0aa04bb5d227f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
d79fcb7abd1fbf37f514169dc1c3a48f

SHA1
3e97d727d6602de67f2ab282ff7375b20e92f8a6

SHA256
15c15637704a4245562346b50acfe6117bfc46bd246e4f9385c6874fff541853

SHA512
a0bd02d7806cefdd9d14a3e39279867d047c95f4179cca583babf4d6626b18da3a012f7875f446d445c4087b65f59c53bfb9f9647f42cfdaedb72c254d8a0ee4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
4250d853d25157238b607ef672e3b8d2

SHA1
301724fea5d96986189c844fa667a23ced5354a0

SHA256
7b6ecb5139e607a55a59bd02c20fcd2fe8112cfe4064d26cff0b76679cffc2df

SHA512
1e2b468de7092a6dea5e34aaed598cd19c96a9fcbb8d9eab1eba4a0b3b0168a2bf17a6ce932c73a7cc7f6ecbd5f08de36c30988d1527ded4c789b9b87714708c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
b83dbf03d0f4d316367fc7b4a0c29e42

SHA1
d317208869684dc56d922852307c014707499337

SHA256
991f05e8248e54667aac44ada620302a888bc3779e607c231cae2d786fac4c49

SHA512
cb319b211e6fab22581948d37a53d948bfa8b51a321dcca65d6b5ffb1e767894873d15c3540570b952f5476d6b57f21d70071eaeb191cd2f03c06fdd461ed942

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
25KB

MD5
e662281664dba4b1be5e88d9523a4ac3

SHA1
7fa8d7bb1c4c0a7f300d9529e15577b4c371ef51

SHA256
bac1c582d71a3e91062e7e30a0bff8d5b5988bbcdfdb3d9584799a8593bc6b0e

SHA512
b6b35c340a9453f9007d8cc1ae773702b5522237ae3a7230fbb54a78b16aceb5c9a65b2021699b75c67ff71bb48568f4d70823a013df5429cc51111d8df5acef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
228KB

MD5
f235b900e1c486b68ed58fe35bae6bc1

SHA1
230c31ae468970381a8fd54409d0a7d5cf3b10d3

SHA256
99345eb611a4fb9b83f4e1ef93658b024a50d401e1392669aa2847b3b644e68a

SHA512
5c53c7de0b5bbc0065a5cd8be2b1b324ff39e0992298f53ad05dd71241df7bceb218b17b33817f790ab8b92b065c449884b8af21b5583eb51bdf2e3682bc38f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\default_cloud_config.json

Filesize
13KB

MD5
cf9a0cd1d5f9c8cdeb87ef3f7d30d15c

SHA1
c543e62aab24c205db6014414161c13375e9a71c

SHA256
b24f36278e4c85a8fcd66021d48c69d6b07be605673e02f0fe185bf3319f47f4

SHA512
39ad5c5753e5398906b94ab039d2eae7fe420fe35a53f190bda84d4f9262f3b14841cdf4ec76cdbff6a4578a26ab1e6c4b11ba326ec8cc38a2e2904a6f2c0d8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\favorites_diagnostic.log

Filesize
3KB

MD5
25d8d4acb582cf626b2f9105f3f720f6

SHA1
925817b125e4c9c74960cc8412908d57915d585f

SHA256
5f984f2e0edec5200b865274baee698e64eb4c3a3bca49a34570f99564d3cb87

SHA512
8b0354a1a163fc828d2de57a7e78c229db0f7ccd742dbae98b76ce8b8fa8831ce8247c16f8d863f3a32cd351e469be9cbb14ac96dc2e5d0d558b33b13988ad0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
10KB

MD5
d8c4a6184e6981bc7d35a7a1ab984ddc

SHA1
f90b3fa2651595b799355c5060e474d123fc2147

SHA256
8396402c052b94010004c1285dd262429c29bd352c544e14969a94c4654fd89d

SHA512
e4284a4c303f7c8c6e5c0bc4ba6aace092af62a2365eb6b8f83c954f85616e2d845f315be006e7a9a582de900c61be587cbb03b3f8a003b5d770c5566b65d6a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
8304a329edeed1c331f26451223da6f9

SHA1
3476d4a5a136ee143cb14929d75d33486a03cbe8

SHA256
ce508b7129bde2d220b5876e2c9d4f1efa1a65c906527cb9c6b622237be3dbf2

SHA512
d5da20b550f24270093d8fd6504fe9b4bd6d5248cb4459dbe7e6cba08fa96cd75ad41780e6d3c7be156387f645abb22d75f06449d613e0fb2a7d0380599dac65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
1KB

MD5
95c93b63c4e928dbd4b79080f45f5f41

SHA1
76c6d82fa8d917aacfd98a14289a20c71f18d508

SHA256
8d2eba817d7b7e50ce652a7c30a9d000c0ff8932f37d5375577f6890737e1007

SHA512
854184fcfe30496a8c3eb5529abf05192eb945077c0730e7bf4b870c1a1f43505460585bef29ab4dec76c5571697eb44429aaa6e956f14fa68d2dda3418797e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
3b3f34ae5388937a1d912b0fc1d413d6

SHA1
6b2992adf158d0db7a9b15806eeb802c67b4c7fd

SHA256
f7234f3473770917218cc3ea09ff775ec0c352031bb0a919fd2b0fcc8fa86eac

SHA512
cc189317fc8405459fdd4316221aafc6f6eb08b48e865975c6b8503f993033b213684fb4696f0a4970d8cff8bd0bcc21f68824bf0487b43517743bd260ca6777

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_0

Filesize
44KB

MD5
256c6a1f527064bc7a85b662302c0adf

SHA1
38388f1b1efe010c97f4584b16ce7b753d07a7b2

SHA256
dd736fabc3582153b65869b6046fb6676a730012b0b985f20affa7e572398167

SHA512
fa499d4ee74f19fb368771791e2b82be1cf5867c8c983e8a7542f7250797221f069fd23221ee6119459bebe2702db594659d458394eaddbdd950d2e8a8d600f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
cf7a63914756d4de627ef233502b2efa

SHA1
d5e11365bc96113c3dd242f2335702da37733235

SHA256
b43a5ff64f9a98e53e14255867c50dd13760580a91a75b11e866f56bc913d34a

SHA512
beefe5f7f1645950432b1c2dd6e119882a17557af508cf24371b6e62c5efd6f4ecafc8c94e90bcf88699ccf8d83a64acc5a3782c54cc51d054d4005e41244f35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\data_3

Filesize
4.0MB

MD5
f4e4a23c3538c049c11c3006a162ce53

SHA1
beae5e8c37986b57fbf48f9a84462e02ac58e9f5

SHA256
445f19c9660b333ae79b1ec8cc133d942101a3a393d83aa035cb90baafed018e

SHA512
5bc2c49ba4225a145ea63c896fcbc7e8111865f276baaf409a06368496a3bf7dd143d2bc04facfd2b9bf09854aa0f69b3f5d6e5df0678a1c1fa0ff053e4b0682

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_1

Filesize
264KB

MD5
e7d9f38a6a16522b0b6a04d538dc73ff

SHA1
2030dadc201a81c82abb4aae65f5086cbf5e3970

SHA256
48bfdf717ecf22c6211f9606031e0da982bf17a321f6bc5e6ca12494fde74033

SHA512
bf5b3ec79b32905d710e7f045b0c282511af06033c7b8e16227a8c8799c6d7d26bb3e35ca944bd16bbeb3502c00c5ddcc051bb26beae4c1c54cdaceb24fb1401

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser

Filesize
120B

MD5
a397e5983d4a1619e36143b4d804b870

SHA1
aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4

SHA256
9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4

SHA512
4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
13B

MD5
3e45022839c8def44fd96e24f29a9f4b

SHA1
c798352b5a0860f8edfd5c1589cf6e5842c5c226

SHA256
01a3e5d854762d8fdd01b235ce536fde31bf9a6be0596c295e3cea9aaf40f3dd

SHA512
2888982860091421f89f3d7444cacccb1938ef70fc084d3028d8a29021e6e1d83eaef62108eace2f0d590ed41ece0e443d8b564e9c9a860fc48d766edb1dc3d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
ce38ee6898d3196dbe439fd2260f7663

SHA1
015551236abc7e197442f06a022bc1c1e48ad5e6

SHA256
3a39c7d3d0a69fc427d56788d3fb2045e1fbc8df9087d40ba25a2b21df81bbb0

SHA512
e2cd7f0b2481ab44699273b8c4a1fd559099ed322d632ccdea75a5c1be4ed7ff6b3d9228275221284119d39d2f2649159e45fde6a6de02aa91272ca84ad66fc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
82e04940370cd13ef25ef2d30262de49

SHA1
4c0c6002ea62ae004b596a3c210d7af7ad157121

SHA256
f69d8eae2658f5a523ddaa3b2fc9f8a6be2144901ac8957bd315f99fef6a6d34

SHA512
057499ee90d5ee4669e08602098d23586a91004c4a9c7cac73299ed07a2d61d32abc4cb41791d563bd1c6967771770488439caa813186a9e7fa16219c216d5ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
d552ebbf9571b77dfbbdb0c5aa582bbd

SHA1
d77ca62967bb7209057d838f9ca2fbc81e7e89c9

SHA256
34bde5ffd6bc11f51c22b5db7765d38c1788eab96de2e52a8aedb25b9b773dff

SHA512
93d7ff4c5b829a4659a54b61a3c5a103212feb1720120723bd2bf032cde69d241dd2ca9c0aea0d7498f3b84a25f66e291d641cf61c99110198e29b5bcc07561b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
54KB

MD5
7cf1222bf59c25f8e3e294533043b98c

SHA1
0350d00408a7c00d1de76fbb29477961b5416366

SHA256
5587735cbce2bf39a1de632c1539125f2e7d009d05169949adff1b0ec1aa6997

SHA512
22d87dd4ff3e62b962d068d20fe4160a12c62c2247d3d18ba41734b396b941b59754961d2b09bb2fe3549116445ea20d4109171bca4d3d3cc60d93773fc782c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
54KB

MD5
9fdcd9700d28184cccda15e925f8ee03

SHA1
28915593a8bf0e57d837922787857c8c1160bbd1

SHA256
263c79a2ba2c0760fc49d2b3ab2042e76ff8f829652f5cb0ab25ef963a147f6c

SHA512
d72ae3f16d61a747efc19faa59eda38f8dc656cdc477b52463ed369e14ca3ba60d4790e605aa5d456ddf74a35e6c932d28eed5f80a82b7778328ee5e139a338a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1

Filesize
264KB

MD5
271183876a1b28cf3dea49334e217e37

SHA1
4b4a604c477a9013a86f996489b46db5e8c9cdda

SHA256
75e329a789beb8065ef61deb0ae12a261b35b35333f973ac48d714b43928ed08

SHA512
eb83ed8a83fc59cff0a431d199be978e06894f098108019e677a8a0e58dfc511b1691e4cc15eec2b66e63237de717727a35641809d1206b8e668847af430a7aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\first_party_sets.db

Filesize
68KB

MD5
c485b2f56d3cd9104905a14de0e6f3ed

SHA1
011c8a86414ef18a36d5501534fd2cad5ae63011

SHA256
7f456393457a1aa02eddc37069d74a0a9e19062086a66333763c8127177c5c9c

SHA512
7347e4ccf623cc2f3bc05cfe15906e212bd2a1631dbef1cad20dcd8179b7d0184b1f6332116ee9b42f75ebfcdc36aa2dcfcb210c1a31bbcd5bd50a2c1db55498

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\first_party_sets.db-journal

Filesize
12KB

MD5
7a67694d6cedff73390ad816333c8556

SHA1
3d60d37d8aee69053bb0c3bebe37441e2fae2035

SHA256
0e301f1bd6f7b79f3883dea0171cc128cc193faa25d5a467be5ae46af452d061

SHA512
7b39c409cd94aa342c96415189ca25443a948d40a1c4ec60165007ffcafdf17b21fd13d45e2fff9b7c3fee8e5513e299aaeb3d8cb3abd6a344fc8d513fe50158

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
595eb2b1f3c310d0dd96be5e2b7a8967

SHA1
1907b96fdcd80d60cd4fe641589f52b8710e27d1

SHA256
66a36ae223aa06a06feeff9528daf988386fa6f21f73218360e69f8ca40bd889

SHA512
12152cee63cc27a36fe9b35bc9c8550292831c4f843bf078625e1a0954b04893aa3bd7e8d02446236b8b49066d445412f72829a1affc9dfb4b38c22504ffbf27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\8b0d4544beb97a69dbb9583fca5575a9aba6e37d.tbres

Filesize
2KB

MD5
e2035350d5f982a42c48196eeb456ecd

SHA1
4b21b3cb60da0679da894f538f0a7dcf0b36fd58

SHA256
0055fb1383119e65bad11852765cf7fde71dcbb85b64ca95b91b9f9ee2dc69fb

SHA512
68ab9a4e73ead5b975b8e4b6e8e386602626999b5848cf64044ccb2676160dcdb7f2979f1883c1941db9d4d33accbfda647079960dbf91ac6c88234c7cf2223e

Download Submit
C:\Users\Admin\AppData\Local\Temp\cv_debug.log

Filesize
2KB

MD5
660539c5e9d39bad806cb08fedfe6055

SHA1
07a8f491aca4da70b709b3bbacd5045fe83e2ca6

SHA256
cbedaf26bba04ce5b2c724d88f5a052a398257ae4546b6561f8630bec79a88b5

SHA512
2152eb4431917980ea4446b66b2ddbcc26042862fbd22abe8809e30c63492d7a8fccfc65e1b6dd1292e5d7f3e7759740a0fa1cc13f24c8e9c1ecf0dc19b0ac41

Download Submit