hxxps://acrobat[.]adobe[.]com/id/urn[:]aaid[:]sc[:]VA6C2[:]e3596c10-4fac-4caa-b1ac-0de0482adb0a

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
24-06-2024 16:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:e3596c10-4fac-4caa-b1ac-0de0482adb0a

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3169499791-3545231813-3156325206-1000\{20FE8019-8329-4BDB-9A60-C8B17188DD44}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exe

pid process

2968 msedge.exe
2968 msedge.exe
3740 msedge.exe
3740 msedge.exe
3252 msedge.exe
3252 msedge.exe
4848 identity_helper.exe
4848 identity_helper.exe
980 msedge.exe
980 msedge.exe
980 msedge.exe
980 msedge.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

Processes:

msedge.exe

pid process

3740 msedge.exe
3740 msedge.exe
3740 msedge.exe
3740 msedge.exe
3740 msedge.exe
3740 msedge.exe
3740 msedge.exe
3740 msedge.exe
3740 msedge.exe
3740 msedge.exe

pid	process
2968	msedge.exe
2968	msedge.exe
3740	msedge.exe
3740	msedge.exe
3252	msedge.exe
3252	msedge.exe
4848	identity_helper.exe
4848	identity_helper.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe
980	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

msedge.exe

pid	process
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe
3740	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

SnippingTool.exe

pid process

3444 SnippingTool.exe

pid	process
3444	SnippingTool.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3740 wrote to memory of 1516	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 1516	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2556	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2556	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2556	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2556	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2556	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2556	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2556	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2556	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2556	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2556	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2556	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2556	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2556	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2556	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2556	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2556	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2556	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2556	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2556	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2556	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2556	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2556	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2556	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2556	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2556	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2556	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2556	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2556	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2556	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2556	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2556	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2556	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2556	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2556	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2556	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2556	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2556	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2556	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2556	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2556	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2968	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 2968	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 1832	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 1832	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 1832	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 1832	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 1832	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 1832	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 1832	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 1832	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 1832	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 1832	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 1832	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 1832	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 1832	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 1832	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 1832	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 1832	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 1832	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 1832	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 1832	3740	msedge.exe	msedge.exe
PID 3740 wrote to memory of 1832	3740	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:e3596c10-4fac-4caa-b1ac-0de0482adb0a
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3740

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaa53046f8,0x7ffaa5304708,0x7ffaa5304718
2⤵
PID:1516

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,15253208593184419356,16607948309293444492,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
2⤵
PID:2556

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,15253208593184419356,16607948309293444492,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,15253208593184419356,16607948309293444492,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
2⤵
PID:1832

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15253208593184419356,16607948309293444492,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
2⤵
PID:3860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15253208593184419356,16607948309293444492,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
2⤵
PID:1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15253208593184419356,16607948309293444492,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
2⤵
PID:2840

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2108,15253208593184419356,16607948309293444492,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6008 /prefetch:8
2⤵
PID:4336

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2108,15253208593184419356,16607948309293444492,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5688 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:3252

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,15253208593184419356,16607948309293444492,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6188 /prefetch:8
2⤵
PID:4296

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,15253208593184419356,16607948309293444492,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6188 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4848

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15253208593184419356,16607948309293444492,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
2⤵
PID:824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15253208593184419356,16607948309293444492,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
2⤵
PID:2360

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15253208593184419356,16607948309293444492,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
2⤵
PID:5344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15253208593184419356,16607948309293444492,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
2⤵
PID:5352

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15253208593184419356,16607948309293444492,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2376 /prefetch:1
2⤵
PID:5852

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15253208593184419356,16607948309293444492,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
2⤵
PID:5956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15253208593184419356,16607948309293444492,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
2⤵
PID:5996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,15253208593184419356,16607948309293444492,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4772 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:980

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4544

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3144

C:\Windows\system32\SnippingTool.exe
"C:\Windows\system32\SnippingTool.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:3444

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
c5abc082d9d9307e797b7e89a2f755f4

SHA1
54c442690a8727f1d3453b6452198d3ec4ec13df

SHA256
a055d69c6aba59e97e632d118b7960a5fdfbe35cfdfaa0de14f194fc6f874716

SHA512
ad765cddbf89472988de5356db5e0ee254ca3475491c6034fba1897c373702ab7cfa4bd21662ab862eebb48a757c3eb86b1f8ed58629751f71863822a59cd26c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
b4a74bc775caf3de7fc9cde3c30ce482

SHA1
c6ed3161390e5493f71182a6cb98d51c9063775d

SHA256
dfad4e020a946f85523604816a0a9781091ee4669c870db2cabab027f8b6f280

SHA512
55578e254444a645f455ea38480c9e02599ebf9522c32aca50ff37aad33976db30e663d35ebe31ff0ecafb4007362261716f756b3a0d67ac3937ca62ff10e25f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
5KB

MD5
3a5bd77d7c20beda0bc9a9e739eaee69

SHA1
02d7617f08832b01b650ef6634265a039c2872b0

SHA256
b337784209301f566ff96bea24f95341ef1b1bf078cd58a147031c9ec86a58f4

SHA512
63119d30041bdeada7320ae4f97b8ba8ecff2c41ca90296790dbf73f7719119a20ed2c88adc9466b0c208d220f5d5b194e88d61bcf52c9dcc5742b71389b36d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index
Filesize
96B

MD5
82b0888786cbb04d4e58fb875acff8f9

SHA1
a7d77900f11dd7508a94cabba99ae4f7ae61156c

SHA256
d7614020278b5b3f21de5c9e03e706157b4776b7b4da832280138e6386312547

SHA512
33ce294cc358abea8c76185b71234f171776ea14858af03589ea00eccfce8ec9b73531ffc7bc3b359effa36518d8ec478cb2cc9b0a473b4fe34bb93e5d3fae24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_acrobat.adobe.com_0.indexeddb.leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_acrobat.adobe.com_0.indexeddb.leveldb\MANIFEST-000001
Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
677ae364c9e240ecaa05c363e17af99b

SHA1
3fa970c4310bfa032ddd25ac916ad537daa2948a

SHA256
6f22f3706d3460ff6770d7f1737a1325551fb7178275ab57d21a273a7b366c67

SHA512
38d6280bad3052199147891b1310dd9ea01df7649f67ab43a547ae59cc415813d4da361b10c65f5592aef020da72d20732e4f63fd4a7b1bbabcd4084c2630d51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
8580a5676dc8fd937288992b46e652a0

SHA1
696ce5ac0c61e12610b3b2be33ee13dd81251858

SHA256
b5f3058bd055af7ca1bad82eb03691c1b22baa805330cc66156247a1538ab1c9

SHA512
06b29bae085b9cc3d2c32fa68f8df12ca6b77cf187467d7057b06ad28d09fa5692c75438f819f4ddb25b98a7740d15ca7074879cc06040ec65db47a313513602

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
1c225a31f01ccd6a4ce8950b8c1d2e7f

SHA1
f5f4bdc197c9cfab195e982d8d2843a60741f4d2

SHA256
0c12c25e9bfdc63d35d409c95701d4bffe1a65a2d0ea63d7611c3afc2d2d6420

SHA512
642ffbd0e546d53b7321dd58e86d17fb6c777934e3b01a0ad59cf03e25ea2f2662b89e45b266db2bb1e8ddacceab8a1802d1af947197b20b54dfe4af1c686be2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
c714268846c16d3ec592ca67d662cfb4

SHA1
6dda15bfbb0bf11f95d6fe940863626c7802e757

SHA256
88ee9b278c1af4935a9e9f2a8041237e76fd090b8c6782b6ca5c42957f1e1a8a

SHA512
a23a757ea642167247200501700d3331c80e3a9dc78146c3289a47e024e793c948fc2479bd4c96c8433d35cf84d9f728325d9b4a85496831a0984377effe7e9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
203d867699e0b8549465a1d4fe8c7ec3

SHA1
7b7933ecd16b12b0919274a42e64ddda39c70d17

SHA256
7a9a9f47072f66d102e6c3bc84339c74d14f672383dcb6b7447e10601249fdfe

SHA512
8c47cb6b5dfd5bf85f3fe3a80f3f6893979c0538ac50166a1a2493b41bb8302d5b2cf88b49c24810cdae6be24053ab467d9574b365bd270b253f9bbc82379a4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
c7b6a1e0536dffa3a3cb5dd1b5b274cd

SHA1
666bafdb4cc364cc87ee7a4ff13c78c9b7b9416d

SHA256
bfb751bb318e4ab52ee0124fbac6676c11404a5f78ef9be4e8b428b2a0964bb7

SHA512
932811b24892bc214eed7641295d53ff0fc5d789b6f71dd4783f49bec60206df11e316c0ec6819efc4d29ca0fc73b8ed34ab05c021cb4aac7ec480f5f0dabbd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\7b539bde8ca0807396a791d6ee4db1189d0e5380\deca24a5-2d2c-4367-93d2-0159057ab127\index-dir\the-real-index
Filesize
72B

MD5
ce6f436d0a04cce4cc2c19eea87beb45

SHA1
7294100f685eeae0f14c4a609e6a901596c1353c

SHA256
8c69b25f295e1208c840366c0515576344a495082bfae42880106edc36aac953

SHA512
73fe71e24cb83c8edc391dbac6b28a5ca5c12c004f83160654105fbb046e72d7e8bdb23526340ac4a6465bbc80f08cecca7f4b05e4576cdd890d0809d6b19c82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\7b539bde8ca0807396a791d6ee4db1189d0e5380\deca24a5-2d2c-4367-93d2-0159057ab127\index-dir\the-real-index~RFe57bf58.TMP
Filesize
48B

MD5
782d5fca322cdd9326adf49c0623b8ca

SHA1
b92402679578ee52b0c9b3cfc00408c8bce26400

SHA256
f7af87b48601da78db76872f2d60f9b92279cdd3e0d5f831d9b630b061747f9e

SHA512
86f02c9d3063d7ba91d10de764f46077882167e763544d7c9ce42ae73aa270667f484550226caf7a5de72327118ff4de187adfb3b001eab934ace6ccc8d12431

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\7b539bde8ca0807396a791d6ee4db1189d0e5380\index.txt
Filesize
129B

MD5
115162fd9659a39a8b14eb416f912f35

SHA1
10d66ab14df18062e1e76099ecc157e12ebbc35f

SHA256
0d2ab5b2666d927ead8f1ebe3eafe5258c0aa672e02a3c62f164c3a9f2dbedb7

SHA512
d082e3b55f5df1090e963fa4dade472d76840a4c265281431ccc8bdaea4d317da27a31c81aa63d5006f921c68e0c7a6ddebd39f062250d705759c9d5abb644f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\7b539bde8ca0807396a791d6ee4db1189d0e5380\index.txt
Filesize
123B

MD5
131c1e2bd17c79e7ec51647dcec698d9

SHA1
04643a2d669d436ab26291bb64010d743b9e7e3f

SHA256
0ab1bbec53932ff2483f9c1e598daf9f95d48a60e9088f7c8e1016cdd5bcb27f

SHA512
9e279321e2618bbcf74fede7f499425e62e85390c5b62cdd87edb582a3fbf8eace9add60d544d922b3d9f60b2175aa2d6f03f3b1a06b6b6d896af4667727e2e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
72B

MD5
86667ca09e64a150fd1255223d0fa692

SHA1
b0c89ab0af929acb76b9ccd859507003127bca00

SHA256
114cd940f87e42dd997a46955a789b562bcff647515b49a12236abf205e9371d

SHA512
62e66a9f93f9280c19cb9320f5b00bb459983ff68bfded4c22ac5161d07a6a41f470fc3d73201309007f5cb03282ab2d96f8c48e28b20351c689538bba13ca14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57bc7a.TMP
Filesize
48B

MD5
28fa3d2bdfb78d18009833f79316d284

SHA1
d617d1df07d3a0b927d3aaa76757bcb71aef7c3c

SHA256
31412bedca47269810a420835f1cf95d10cbc913fdf86d954e53fe4bc030959a

SHA512
9d36de8220c210a695da20f4ed714787c7c5c529383dfd6b69055c322ebc2bc4b9f62880acd85e8ec135c2160864c8b8d5215fefff2b637d8101bd0a9f548888

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
4KB

MD5
ff2122287c4fcb171d46d7f5281bc22c

SHA1
cd5adbd72ceec1cbe7175e166b9c14248714680d

SHA256
96c19d089247bfc80789a1ed8488d227725b8c3a8c840f2a20c6f6e62de22325

SHA512
f243e67016b17968408674ec9db512631696292ef5fd55b84a69eb0ae74b54f6c4487ed2b85747a2c080db02857f3b2935d8ffe4f03e142a6bc5ae0a573f866d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
3KB

MD5
8e16b5c20343a903cc542ecf0f665c65

SHA1
6971dceaf495d482bf9aa19ec712e158cd9851eb

SHA256
957b8e3065a2da305e9d80ec1a851c2e083f067f498285c255660dc17f4f89b4

SHA512
29a8dafbc6b7df8f5b7c6ec350399851e39b8ef079e5dce3ad4da0867e17f92847f04e39de23446f540ee58d7dbba495df1a5701a7ef25aa904d1c4fc731594f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
3KB

MD5
7d60aa79162a6465c4238c2d23ce0e09

SHA1
4eba7ad18dbb47e2d54a151d16d7fb85e3eee8d5

SHA256
49be0c0310d31c31a34f28d58f4ee7c844cb03214e77d748854266818934a36c

SHA512
85b7fcd64e1e63638c9afcb9a5319039699624d8db8ca86488e8b206f255da9b7bfaa0f80dd0900bde51f3eae2d4e0aed76a272788c63081b17a81891f49d9a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
4KB

MD5
669457a10388de2cd7b03d1b2649db8b

SHA1
cecf110c74e22cbd913592a2345e35b0b75bb56f

SHA256
8f0470960f259084465c92814d98a6b6441a889e76482508c06d8738f5b9ab99

SHA512
28fa3f5f17502c755f31cee320865320fb883b0f0e7df85d2016388551a3c92312e0f6fc45aa8d42a0cfe73bb24b92d43b56ae4c5fca62b35c623ef5ee2ed4d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b16e.TMP
Filesize
2KB

MD5
86c09d5ad6d17a9cd6889698a4967ae5

SHA1
2d20937642e4f0c4dbf608e951a87a357faf1372

SHA256
303704d08f3779f70e13e1c43f778a4d6fe01201ae249d0980124aa783347619

SHA512
0bbe0ee6e1ad2c95c6bde1805204f80c589b184c57e7247e094af9a25367c1a1da2e2f9aecfb3343f0c8450e2bfa207d8d0d16bda702388fa8e298cb282723d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
788f61f29de98127840d5ce28b576c03

SHA1
bc2550d739635c0d39f8fee6f1bb29938b194873

SHA256
ce6fecee9fe6451f629c7c39112d768b808e372fbc3500cf76f2b78bfc4baf04

SHA512
40edec9ce34ae193743a6d35d4259c1694653e5398142826d1d72a759429e6270e72621560655f3f8c193c13ba4300acedc4e14e3cf6a6356c9c8bb608a025e3

Download Submit
\??\pipe\LOCAL\crashpad_3740_BPYOAOUGKYABSDSW
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit