e65ba71059829986ecacdfff387d4cab5ad8063c8fd189832d974293585fcec0

Resubmissions

30-06-2024 09:01

240630-ky52zavhnc 3

30-06-2024 09:00

240630-kykq2avhna 3

Analysis

max time kernel
56s
max time network
56s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
30-06-2024 09:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

)~FREE-ROBUX-GENERATOR-2024- FREE-ROBUX-NEW-CODES-DAILY BONUS {d#Eki)pF}.pdf
Size

234KB
MD5

e5d677a8a0e8e3849dac4d97aa02688d
SHA1

79aa3882d716d5a13fe40bb63ed9521e49ccfe39
SHA256

e65ba71059829986ecacdfff387d4cab5ad8063c8fd189832d974293585fcec0
SHA512

b689872a1546b24b15d6bd48e948a4998c7b48b5b3095d7034b47397d7ab7f4569985754403dc1c9cd8faf3e11506fafb2d3f3724cd6cf7213c9a069446d3042
SSDEEP

6144:dHBXbn2NV+mcWF8O6kFHhypdNzj8uUCs9DaMPAoiP1K93Yj4vA:Z9KiWspdNv8uH8DRviPgKMvA

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

AcroRd32.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs
adware spyware

Modify Registry
T1112

Processes:

AcroRd32.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious behavior: EnumeratesProcesses 32 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exeAcroRd32.exemsedge.exemsedge.exeidentity_helper.exe

pid	process
2916	msedge.exe
2916	msedge.exe
1548	msedge.exe
1548	msedge.exe
2604	identity_helper.exe
2604	identity_helper.exe
4524	AcroRd32.exe
4524	AcroRd32.exe
4524	AcroRd32.exe
4524	AcroRd32.exe
4524	AcroRd32.exe
4524	AcroRd32.exe
4524	AcroRd32.exe
4524	AcroRd32.exe
4524	AcroRd32.exe
4524	AcroRd32.exe
4524	AcroRd32.exe
4524	AcroRd32.exe
4524	AcroRd32.exe
4524	AcroRd32.exe
4524	AcroRd32.exe
4524	AcroRd32.exe
4524	AcroRd32.exe
4524	AcroRd32.exe
4524	AcroRd32.exe
4524	AcroRd32.exe
4292	msedge.exe
4292	msedge.exe
5588	msedge.exe
5588	msedge.exe
5900	identity_helper.exe
5900	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

Processes:

msedge.exemsedge.exe

pid	process
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe

Suspicious use of FindShellTrayWindow 52 IoCs

Processes:

AcroRd32.exemsedge.exemsedge.exe

pid	process
4524	AcroRd32.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

Processes:

msedge.exemsedge.exe

pid	process
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
1548	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe

Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

AcroRd32.exe

pid process

4524 AcroRd32.exe
4524 AcroRd32.exe
4524 AcroRd32.exe
4524 AcroRd32.exe
4524 AcroRd32.exe
4524 AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

AcroRd32.exeRdrCEF.exe

description	pid	process	target process
PID 4524 wrote to memory of 4528	4524	AcroRd32.exe	RdrCEF.exe
PID 4524 wrote to memory of 4528	4524	AcroRd32.exe	RdrCEF.exe
PID 4524 wrote to memory of 4528	4524	AcroRd32.exe	RdrCEF.exe
PID 4528 wrote to memory of 2996	4528	RdrCEF.exe	RdrCEF.exe
PID 4528 wrote to memory of 2996	4528	RdrCEF.exe	RdrCEF.exe
PID 4528 wrote to memory of 2996	4528	RdrCEF.exe	RdrCEF.exe
PID 4528 wrote to memory of 2996	4528	RdrCEF.exe	RdrCEF.exe
PID 4528 wrote to memory of 2996	4528	RdrCEF.exe	RdrCEF.exe
PID 4528 wrote to memory of 2996	4528	RdrCEF.exe	RdrCEF.exe
PID 4528 wrote to memory of 2996	4528	RdrCEF.exe	RdrCEF.exe
PID 4528 wrote to memory of 2996	4528	RdrCEF.exe	RdrCEF.exe
PID 4528 wrote to memory of 2996	4528	RdrCEF.exe	RdrCEF.exe
PID 4528 wrote to memory of 2996	4528	RdrCEF.exe	RdrCEF.exe
PID 4528 wrote to memory of 2996	4528	RdrCEF.exe	RdrCEF.exe
PID 4528 wrote to memory of 2996	4528	RdrCEF.exe	RdrCEF.exe
PID 4528 wrote to memory of 2996	4528	RdrCEF.exe	RdrCEF.exe
PID 4528 wrote to memory of 2996	4528	RdrCEF.exe	RdrCEF.exe
PID 4528 wrote to memory of 2996	4528	RdrCEF.exe	RdrCEF.exe
PID 4528 wrote to memory of 2996	4528	RdrCEF.exe	RdrCEF.exe
PID 4528 wrote to memory of 2996	4528	RdrCEF.exe	RdrCEF.exe
PID 4528 wrote to memory of 2996	4528	RdrCEF.exe	RdrCEF.exe
PID 4528 wrote to memory of 2996	4528	RdrCEF.exe	RdrCEF.exe
PID 4528 wrote to memory of 2996	4528	RdrCEF.exe	RdrCEF.exe
PID 4528 wrote to memory of 2996	4528	RdrCEF.exe	RdrCEF.exe
PID 4528 wrote to memory of 2996	4528	RdrCEF.exe	RdrCEF.exe
PID 4528 wrote to memory of 2996	4528	RdrCEF.exe	RdrCEF.exe
PID 4528 wrote to memory of 2996	4528	RdrCEF.exe	RdrCEF.exe
PID 4528 wrote to memory of 2996	4528	RdrCEF.exe	RdrCEF.exe
PID 4528 wrote to memory of 2996	4528	RdrCEF.exe	RdrCEF.exe
PID 4528 wrote to memory of 2996	4528	RdrCEF.exe	RdrCEF.exe
PID 4528 wrote to memory of 2996	4528	RdrCEF.exe	RdrCEF.exe
PID 4528 wrote to memory of 2996	4528	RdrCEF.exe	RdrCEF.exe
PID 4528 wrote to memory of 2996	4528	RdrCEF.exe	RdrCEF.exe
PID 4528 wrote to memory of 2996	4528	RdrCEF.exe	RdrCEF.exe
PID 4528 wrote to memory of 2996	4528	RdrCEF.exe	RdrCEF.exe
PID 4528 wrote to memory of 2996	4528	RdrCEF.exe	RdrCEF.exe
PID 4528 wrote to memory of 2996	4528	RdrCEF.exe	RdrCEF.exe
PID 4528 wrote to memory of 2996	4528	RdrCEF.exe	RdrCEF.exe
PID 4528 wrote to memory of 2996	4528	RdrCEF.exe	RdrCEF.exe
PID 4528 wrote to memory of 2996	4528	RdrCEF.exe	RdrCEF.exe
PID 4528 wrote to memory of 2996	4528	RdrCEF.exe	RdrCEF.exe
PID 4528 wrote to memory of 2996	4528	RdrCEF.exe	RdrCEF.exe
PID 4528 wrote to memory of 2996	4528	RdrCEF.exe	RdrCEF.exe
PID 4528 wrote to memory of 2996	4528	RdrCEF.exe	RdrCEF.exe
PID 4528 wrote to memory of 3868	4528	RdrCEF.exe	RdrCEF.exe
PID 4528 wrote to memory of 3868	4528	RdrCEF.exe	RdrCEF.exe
PID 4528 wrote to memory of 3868	4528	RdrCEF.exe	RdrCEF.exe
PID 4528 wrote to memory of 3868	4528	RdrCEF.exe	RdrCEF.exe
PID 4528 wrote to memory of 3868	4528	RdrCEF.exe	RdrCEF.exe
PID 4528 wrote to memory of 3868	4528	RdrCEF.exe	RdrCEF.exe
PID 4528 wrote to memory of 3868	4528	RdrCEF.exe	RdrCEF.exe
PID 4528 wrote to memory of 3868	4528	RdrCEF.exe	RdrCEF.exe
PID 4528 wrote to memory of 3868	4528	RdrCEF.exe	RdrCEF.exe
PID 4528 wrote to memory of 3868	4528	RdrCEF.exe	RdrCEF.exe
PID 4528 wrote to memory of 3868	4528	RdrCEF.exe	RdrCEF.exe
PID 4528 wrote to memory of 3868	4528	RdrCEF.exe	RdrCEF.exe
PID 4528 wrote to memory of 3868	4528	RdrCEF.exe	RdrCEF.exe
PID 4528 wrote to memory of 3868	4528	RdrCEF.exe	RdrCEF.exe
PID 4528 wrote to memory of 3868	4528	RdrCEF.exe	RdrCEF.exe
PID 4528 wrote to memory of 3868	4528	RdrCEF.exe	RdrCEF.exe
PID 4528 wrote to memory of 3868	4528	RdrCEF.exe	RdrCEF.exe
PID 4528 wrote to memory of 3868	4528	RdrCEF.exe	RdrCEF.exe
PID 4528 wrote to memory of 3868	4528	RdrCEF.exe	RdrCEF.exe
PID 4528 wrote to memory of 3868	4528	RdrCEF.exe	RdrCEF.exe

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\)~FREE-ROBUX-GENERATOR-2024- FREE-ROBUX-NEW-CODES-DAILY BONUS {d#Eki)pF}.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4524

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
2⤵
- Suspicious use of WriteProcessMemory
PID:4528

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=BB1452962987A0256FB451709DFBFD99 --mojo-platform-channel-handle=1732 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:2996

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=B14C91DE54BE052A22220B956D1B2FE1 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=B14C91DE54BE052A22220B956D1B2FE1 --renderer-client-id=2 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job /prefetch:1
3⤵
PID:3868

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=292EC0F37B2A5DDDBC03A979999A6D91 --mojo-platform-channel-handle=2320 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:1788

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=C2906933852C209DD2F144F74B0FB9DB --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=C2906933852C209DD2F144F74B0FB9DB --renderer-client-id=5 --mojo-platform-channel-handle=2524 --allow-no-sandbox-job /prefetch:1
3⤵
PID:436

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=37564517FADB72B28B7A994C826C6089 --mojo-platform-channel-handle=2772 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:1604

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=6F135C455006ADE2529A6ACEBB52F657 --mojo-platform-channel-handle=2964 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:3812

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://zipurl.fun/robux
2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff82fbc46f8,0x7ff82fbc4708,0x7ff82fbc4718
3⤵
PID:732

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,15746043820982109729,6202633791726913832,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
3⤵
PID:1428

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,15746043820982109729,6202633791726913832,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2540 /prefetch:3
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:2916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,15746043820982109729,6202633791726913832,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
3⤵
PID:2124

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15746043820982109729,6202633791726913832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
3⤵
PID:1372

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15746043820982109729,6202633791726913832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
3⤵
PID:2588

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15746043820982109729,6202633791726913832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
3⤵
PID:2860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15746043820982109729,6202633791726913832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
3⤵
PID:412

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15746043820982109729,6202633791726913832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3660 /prefetch:1
3⤵
PID:5216

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15746043820982109729,6202633791726913832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
3⤵
PID:5344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15746043820982109729,6202633791726913832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
3⤵
PID:5428

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,15746043820982109729,6202633791726913832,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4344 /prefetch:8
3⤵
PID:5976

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,15746043820982109729,6202633791726913832,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4344 /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:2604

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://zipurl.fun/robux
2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5588

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff82fbc46f8,0x7ff82fbc4708,0x7ff82fbc4718
3⤵
PID:5612

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,16930218554849886062,5172622370046946545,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
3⤵
PID:2068

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,16930218554849886062,5172622370046946545,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:4292

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,16930218554849886062,5172622370046946545,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
3⤵
PID:5856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16930218554849886062,5172622370046946545,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
3⤵
PID:5520

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16930218554849886062,5172622370046946545,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
3⤵
PID:5936

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16930218554849886062,5172622370046946545,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
3⤵
PID:3972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16930218554849886062,5172622370046946545,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4360 /prefetch:1
3⤵
PID:2600

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16930218554849886062,5172622370046946545,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
3⤵
PID:4004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16930218554849886062,5172622370046946545,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1
3⤵
PID:4056

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16930218554849886062,5172622370046946545,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3584 /prefetch:1
3⤵
PID:5236

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,16930218554849886062,5172622370046946545,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:8
3⤵
PID:4104

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,16930218554849886062,5172622370046946545,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:5900

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16930218554849886062,5172622370046946545,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4264 /prefetch:1
3⤵
PID:5948

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16930218554849886062,5172622370046946545,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4272 /prefetch:1
3⤵
PID:4316

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16930218554849886062,5172622370046946545,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
3⤵
PID:1672

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16930218554849886062,5172622370046946545,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
3⤵
PID:2996

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4844

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
Filesize
36KB

MD5
b30d3becc8731792523d599d949e63f5

SHA1
19350257e42d7aee17fb3bf139a9d3adb330fad4

SHA256
b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

SHA512
523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
Filesize
56KB

MD5
752a1f26b18748311b691c7d8fc20633

SHA1
c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

SHA256
111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

SHA512
a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
Filesize
64KB

MD5
905dcc9390df55cbf1d56a310439cce5

SHA1
2fd20d0dd6b984075737fe7484304404932cb53e

SHA256
ad40da090a46f490ad98115f00b2f92c9fe90cddfaf55b76cc3bca755d93b574

SHA512
ac689e65f04148755b942873a29313b85d849a3e1c8ec9db84f02098f3ee906dcdf360301b7ee76bc2e4494db7a30f5fb6a76e60d17f2799f119e3c1e0325c13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
c39b3aa574c0c938c80eb263bb450311

SHA1
f4d11275b63f4f906be7a55ec6ca050c62c18c88

SHA256
66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c

SHA512
eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
dc9fb7b8358f460503f0a5d57315bc1d

SHA1
42fc51e6320320dfec06b77b86251c08808b4cc1

SHA256
58acc6b6440146131cfbaf73d46efc10235b1babf9c6470bbaf2f3644df6e2d4

SHA512
2dbe6bb418b5a89b932a0eea7aeeb128d13e605a5925e2ad80277e88e4be5499ddb2c75f472184e0256f63b46cc7c27160f0ac08c8d7313ed68ab2cb028028cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
ebdc6f4443172279886f495a6342295e

SHA1
8174ea285bdf72a39851b3cc96c7a454589f097a

SHA256
89ccf7a20805dfdbdc710215b44796f675fd5dbcd30990067a663e7fec948e70

SHA512
93d719927d45e9d8860de08c682e92a43a9818051dd6bb3e2be10de8edd410927b4f043013ab9bf9ccc5a8d2b837ced02e5ef910871836d7cde3c9f7bfe1136c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
dabfafd78687947a9de64dd5b776d25f

SHA1
16084c74980dbad713f9d332091985808b436dea

SHA256
c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201

SHA512
dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
Filesize
44KB

MD5
be637e306f66c867c9eff48c5f480f3d

SHA1
57cf8eb9206de5e1840512a623f9f9a91a7a27f1

SHA256
9198d556cacd84f6f5921430e2af7c4537555502dd3c918c8d8ced29570daeaa

SHA512
c5e5abc718ad9d4125cb5c35ad468789e63a5cb9182dd4e3cf934c9c8d1c8c44a784084f092e73bcf71c75a79c86a97c72048e17f4bd065c1e119ab68c2c5fe0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
Filesize
264KB

MD5
918f34c9b44989ddc34398a7abc0d401

SHA1
c96e73adf408f9d6e549b24f3fd84e39a2869933

SHA256
1264680eb314b6c9e5c97605e6965579ff54bbac86fe70e253c374d007cd7aad

SHA512
2401f26a4dd338e7e07f699258e2c88c7df171fda9b3ad514a88b897e9512385b3b834dad5bbf95a75c373efbe513eac231419e817701406061c4fd0ceb461de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2
Filesize
1.0MB

MD5
beb690cf95c4c2ba0c125b683e619d70

SHA1
fb65dd2c33818427f0ab21af6acd08f31166dfb5

SHA256
78c7cc9d7efc87744dc9be43ac0c714aea37272352c63d2d79acd0a5f89c6abc

SHA512
2f9629065ef4097c71ff7b7fa311ca366971683f5d57aa4f4f684f5ac6fcf0ac3a6531b43b6f72489d5f5da9d7dbaf798450db4086f977591dc30a22bb6ecec4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3
Filesize
4.0MB

MD5
6f38062bf609ceb9cfe8a1b3bb538960

SHA1
c227d9c47d7bf0589e702edbab68d35b9f9c6fb7

SHA256
82b962c23808e404f4068217abc9449d6ef98b481b54dc00daf3785b9ebc143e

SHA512
8dfc6ac89a0f754b59178a4b9d75d3a5c22cee0dadae66d082c3299691bfa6507a472980545859adb2349803cbc3924ddaf47bb6c8bb2f44ce4610ad44713679

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
528B

MD5
ab2fc5f94058c92c6b8b3f0e18c26787

SHA1
8f15e5d44ed8cc6bfcf780a52dd9f0840931051c

SHA256
3cf6e21c3eac1dd4764a8d4149bc12f1ddf86e8191a9cf22bc3cbc6afbe21aec

SHA512
91fb5f339a79f2d10ce4a2347764c1a1ecfa4d34b626901e0655a85f8311cf14a694b098e2405ede98fc416b020978a9754502e93de4c577178f7570552531ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
Filesize
20KB

MD5
1da8e46a339c850fe29ffd3f79f22aa2

SHA1
fec26175c97810bfa36e6c97c4241eb01aaacbb2

SHA256
a3a47224426e08dc216099796a89cb128cf6c7ec2b756e0add3ee33a060a42dc

SHA512
636955177948a32e5a93194085d8ac318948c6356166c31f6a7ca380a59aeeefa8cdea8d4ad3e2ef78e474b0447c92dbd73f167a726aace163fdd718d1eb0216

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
Filesize
319B

MD5
b8d521ce5c21e67593e2fcf89ef40e00

SHA1
8c9cd2f8f989425ec34101a19d17840e5b1e3da4

SHA256
ad35086faaa69fe19cc33b9c787542ed041ac609427a517d13dc28c9c8e81235

SHA512
aed6a49d6dd2c2a01d87bf224e89ddcd7f238c1170a93e85b2a8e0ec252f5763ced8473cfd34e806827e256802d5fbd135bdc98a44670209cc60458d6cdb5c98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
Filesize
24KB

MD5
f21bb0e29ffda00ad496ae7f782b0ecf

SHA1
911680e6566f0ab2e6aa96717b2fe7872925e52f

SHA256
d1ac672ca93ea37f3dc6e0fb0ece1630f38f1c4c969af768b706b98797384521

SHA512
87311189e7dab2831fcb3f5ca5f5c1afe813f8fccf28591cb9f72aaec79a65da02bf6eb21303612c09d89d0278ed88e018551a5d126fff119db8470a2fa06d44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
Filesize
124KB

MD5
9ece7e36dd752ba2106571cfb29a613f

SHA1
1dfa1aef7246d963916fecd1c7f3447e1466ecba

SHA256
9dcf215edb6238a83df10d6965486c956840a5fa0a4397655fd6035dda8362ab

SHA512
2e523ae07c5dd772025bdbef5f945596835931eeb82dbeb1d3dc5a8606931455a098f5bd9a8eeac0f2ef2893b14f1e1ce75ece4374e3bc53006bb6ee7db80893

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
Filesize
2KB

MD5
cac8a8e33c5ee966619f8f335688602a

SHA1
3567ec2a65d86a8a30bb3df1735422c31d75bce2

SHA256
bf243f14f009cd73c3d0488ce58995cca45c05e469b8a89079aa38a3f9931b22

SHA512
2c4c11bf94faa34fd593564e272ed8e678bceacf98b7f057cfafe49c966492770622d957b0793fceb566ca6300a29bcdd07926ea964b2a7aca0b75440f25f0c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
Filesize
20KB

MD5
e7f7a2e607cc2cd7c7a472c19d8b5ea2

SHA1
df1be909e0d5421839a54b8eb204047fba765d74

SHA256
37d662bb7dbdf1d9b6d1718f18b373b2d38ce366584ce9012b8da8b2e3ec0e63

SHA512
a8b25973cd84340349b3dc8654c2a435ed6c2b92f5cd7472df94efa8ee75256222094c4790a5384dad14c4ef02b5cd2483c55fc75d5338f0e249ed06daa03dd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
Filesize
783B

MD5
0d6fcf3b38840e15754df7fc2a0485c5

SHA1
a70b7773ca5f93245c6c292684191b31deea8a13

SHA256
87987bd45f5b4cc3f4da294eac90c07298c84a4948fc4a8461ebc7e9d728b39c

SHA512
896ee2323a6b8be586b0742d7967be0b39c538eef168cb81fd01aa2f66e575265122b30420a7a27488a3d67908108d8cb97c990c1bc4e443683686b7d26e5719

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
Filesize
334B

MD5
ee62a77c7d91236addcf12afa871fe7a

SHA1
8f7492b7b9d6d1b3efa196eb4d5bb79ca100ece7

SHA256
b5eb21a4d888ee91c529e6dd85dc5e714d81f64c613166caadd69d5363341aee

SHA512
289a40e48a1cf07a6ab96ae9b71f320dadbcfc153334cb1bd8e46c6a4d79d8942906b83138210998c1bb455b298da49d29cc191b9e1afc269a6e7ed93f8d24b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
d4ec182b0bb1dc4612188ad8469ff443

SHA1
a5cbe98d84237fa0a9e18fb1e24d04d51406eff0

SHA256
99458786cca37a42c5883874aac188187dce0075babb8ce647b29dd1359b4a00

SHA512
0a8eb349cef7cce7baa037debf7447353406f739f1d56dafb041a02a94722df93146c7f39359e2a82df40ae80100d6c90d54536906655d5bc693f36b6b0bdfd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
519fc7855f1001804c4bacac809d4f72

SHA1
9b293d9f48a10ff7b13772fdf4ebcd1f885fe07f

SHA256
6d17ca262fe9dc8db36a35e5656a20ce9ba8a6b96e30edc455400b11d95766d7

SHA512
a2267ace537c2dbdca14e7d21c155f38c3200a30ce41a4e261112edeaf8c24311824d56bcab6302e7a3d76cd3368b678d296560c81afa244bf21f349b30f4bdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
0736ebeff0d00457d6e141cda3b3bea0

SHA1
eee0fd2fb5275d9d4599a94185371fdd2e15b360

SHA256
6a38dfa75ac482a04ee12eed38da74f594985afbe0f603f6387885bee6c45d62

SHA512
c36109664cc555160abf94c49ee0d7e06a1f991f66750e5318bfbd7fda7bee8c4360ba068de195c09670c441ffb23f0737c8b93d8616ffa363d347e971e98dbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
bb0d5be37aeacd877c6d01e896d678b9

SHA1
3806ec1e9ad9c4707da47a0aa3c755cff601d82b

SHA256
82f46a412bd11a19dc8d2e54a728cc5a78a87737e72e41a421d5a3dfa9b37dcd

SHA512
aa8983d89acf9dc20e8e36a54a87b945928d9062892d8bfc2cca95aa1c09eff4c1a09daa4f79e08e70c12d99ff04d7d16c23e4835fad7aaffbb1724065dccaff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
3e465b9d87f0dd536dd885f85ad558cc

SHA1
f8610e5b757edc9a61a91bc85b13d55b3db737e1

SHA256
cce5f72131204d4e7319145a4a1c3f5856df03fb5056db80b8940bd6c0061d4c

SHA512
f5529dd431a28e882e075e54f23d899820ec90f84c5541001eacd04208c865be8bc202ffb180ec7a2bcf90e35ff0f19bc5c6dfafdce025f19de6ec969b8749a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
0976527562a74c8e610ab3b81b8ab354

SHA1
05b308035eb6e64c1d859cdde54c1d25e317accd

SHA256
fcefcf077bdd750349da996befadb2133cad1b0481d99c8e795adc1b8ac95a18

SHA512
ac941c20bd6e03478b6a6d6658d1a09ce978324d3cbe0dbb8106ccc73f9581a5070608daae4074bbc86b297220ee4276cf360cb0e3493c1b3fddede2fbf50f0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL
Filesize
36KB

MD5
52c3981f140556da30eceaccc2ce5431

SHA1
1c93a4acd18d2d0f39896547f7853523d556b6bf

SHA256
2265229f49b0dceb6a4d143658357e1c89ba53de288108b79466dd3554aed1da

SHA512
a3ed1715a42c6d53256f68949232a94d2eb10fdb0d1c7d104420bd2444836586fead80af38cca9dad88b3a74322365c3e5ccdcfb5b65bdef9eccb430c70d2c28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
Filesize
137B

MD5
a62d3a19ae8455b16223d3ead5300936

SHA1
c0c3083c7f5f7a6b41f440244a8226f96b300343

SHA256
c72428d5b415719c73b6a102e60aaa6ad94bdc9273ca9950e637a91b3106514e

SHA512
f3fc16fc45c8559c34ceba61739edd3facbbf25d114fecc57f61ec31072b233245fabae042cf6276e61c76e938e0826a0a17ae95710cfb21c2da13e18edbf99f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
Filesize
322B

MD5
822a918e4fec168885ed691f746cc644

SHA1
65ae530aaeb6aa157ce557ccb4f356ed06d66a7e

SHA256
7d27805b27268a30bef163c5dc34dece11e4d1d20c1219b30476668d64123a1f

SHA512
eded7ce35ec17deaacc43561e9e698796008a48b8105fa3207472b154bbaee8ffa95758e796dcf971db864e8ffeabd07d3ee9e1daf4896c5e2ff6f8681902eb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13364211716185887
Filesize
7KB

MD5
8b714ef12a1e5b71cf7d6435751c7811

SHA1
2d3c5252f5ebc37dc0b3b1a512dc601723584e8e

SHA256
4a69d2da47df7eb523cefa45be8bdd1b0e103812f95743e2e3e5ffa8bbb0cdcd

SHA512
df61bbf78ff0f5a94bbd3d361a47753dff72ed16efbd7e404508645b00d185cd2c12df567e6406067ae27e269e04fead2de4dea11820e25cd8558e96cbdbbc4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13364211716434887
Filesize
3KB

MD5
affddf738d5bc86ff967408bcf339a4a

SHA1
b75796a2497fee75c4850e06198ead26d0885afe

SHA256
2634bb461c06a2875c5ef47e142198e6158066aa4dcc12e1c1140b09e7f67c82

SHA512
cbf5d790c457b27e85728c75616cc44e6b7aa0f1160b4fb27fe5f94d176d71127a49e3b1a91bd6891b8edbbd6216e26c0cf015275cd104f142035ea582f40123

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
Filesize
112B

MD5
c2196aba7cfbb19dcc2c02a048a01929

SHA1
856021013db77a0cb69d8475467aa31667929278

SHA256
d5a6720c6c6b1d8e17c40783abc95c45c69f8c4853b031fb10dba42c0d4e423c

SHA512
6554c10b12030620b7c960df6b35f866fd87d2a1018e05696fdf53fde271dfc8303dd76d98c50d6189979d76f33cc770c8930d611270a6247f45b848de4ce3c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
Filesize
350B

MD5
c57a048f833b92a007dd21cf1a5a51b0

SHA1
03765b772c3c32d8a7e959686cb1b1c154dac52d

SHA256
d21afaf465c83273e9d5e8a14cbe4085571e163b27438d59fb90329b113a2755

SHA512
060dc245f435b36300144c5c01eb899afc6bb8427c65c117be3034188d5433ca137b770f1f66c5a4c502f0e0a96fa94a8f4a3a6746c16ac034e8f06209946f13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
Filesize
323B

MD5
9660f7e1d912e18d83876bc2fc8ff3b2

SHA1
140675e753488d307d5b16f2319ab935720f80d3

SHA256
067f47e7ce3f8ad085171522210023ee384fb948eac113b05738ab1d9f11b3db

SHA512
af8b70b938a08fba4b7ffa907c6bc8e69d3599c80cef9486dd381922ef0da635295bb8e2452069cedd5678f314101b46ee31c68e87552bc049de7e1df82d74f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
5a9e19fd932353c2541df16f8607f5b0

SHA1
9ea423ad8c471d9ceb923e3608df2b5429a7e988

SHA256
9e1af627ed23c2aa70cc7191de84aade455621ce0850c92b5b6485719dbfb4bc

SHA512
356b7831e114b7edf2731c54beb15d10333c54c254e285feeaf976a77f4d828a5eab9ce1ca9a0a7431e9c49fbd100650d9c6d1d1fc6c7090b829e1a4ed746cef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
2c55c2fcd3a2e33553193464049ec50d

SHA1
027b1a08f95df4a490996ac4890353efa3623847

SHA256
74fe0fc7da29d80db5ce966de37023b838e91c2460034832b00c3f6dbe03d3b0

SHA512
af2cc3d8aa12b2308266a94cbffb565378240cf4055fba75627dbeb3eec4dfa54e06d197fe2ed7f291263455c638de152f25a46a3ef186384b41aaa3b0775101

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
Filesize
128KB

MD5
f5711edb1e9b90a5d28bdb963cdde454

SHA1
de848cf804b2e2a822fd485b956bdd0c048442a2

SHA256
3f2b220ce4fc192d12ea7c11c095e8f2a4a867930c2f9c0736fd3cff92a62565

SHA512
449fc5afef13fca6dfa9853a0d2815553d8454f608599a54c4d10933ad9d5ed9eaf08684b6d8adf90d8ca05a76ff95f99533210fb757c3d8afb321bec9944873

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal
Filesize
1.7MB

MD5
010be2cce0ffa16339dd718bf6551e3b

SHA1
c64f7f81abbde72945265baefda98814b542973d

SHA256
5bb95f474e416b1332b597caf815e793e2aa7063c09d90aa9e15302e407896a9

SHA512
6d297e26d8840e0ac80baf341617d926147c8ff8ccc7c40ef9c924e0d4c529ad3b46142be73b1de661e3a08b323f3cc37e2e44b772391bfa156ce33204859b24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
Filesize
187B

MD5
d84717daa3b1601f76e995042253642a

SHA1
f09c5973786e7640c66cf04892d16ad3cb28c456

SHA256
9a4c8a684455eb87bf8ac6da6d9f177182b4cbf2efeca63f987eb9a101ceeac4

SHA512
a601288cafccb446fc1eda05fdb81f80899c24403db58c6a6e831a23ab4df5176455097a2d58f1ff4a63f32a33fd78781f77a56f072fed75b44ef37bb098c614

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
Filesize
319B

MD5
7b94bf836ae60bfe7e344a548bf1632f

SHA1
53cbb964994bc0a8ee02dca143d27a9f95e96785

SHA256
3eb9f736d9d9588e8618f0f30775ce08438368b162b8cd676ec93b54092c877d

SHA512
bf3169be6fe381b192d5938910ea225cb46f186dad3aba566dc8feea7cfa6cb7c31c87b75756b0b3f50c36127e78bf7b3b5464908698ae691443f9ec960e6e16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
Filesize
565B

MD5
ab7f2f8f728ab1a519ff95e6af07c963

SHA1
e6ce97351653d327edb286b552c5faa7b4fb20c6

SHA256
76cabb1fcdece95812f950a8cba9ab09cc451bf29bbecbc6c5a343835f0a5b8d

SHA512
cd032fd11a60b888baad339e5a25acc5a010db76c3c87ea99102e1be37d2f621f1cd95a3efc05b1e60f5c7573115c08d63b00aa389f3cdde944c2f379188b61d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
Filesize
337B

MD5
f1bfd0aa99963d73b18df2cce6d6ab63

SHA1
feadfbc0275f3ae5ef461be4189bb0bb31dfec14

SHA256
4a52fa76c3671f521187723aba7381b90942506a32a14b6f2bec12c603f6f5d0

SHA512
663fc443e8763ad83ff882a7b6ed1d3314340bf5a6a3dfa9a55b936c0f62745d4b1eb4ca08dd7eaa915b8ea00791804902cce56d78e55645b6004570e2d03d98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
Filesize
44KB

MD5
15b00a6ecdd35af882827da6e8e282e8

SHA1
78efe44c42c95d6fd4cb41f2dc04b1762ff1f658

SHA256
5f4367e6d22d65e7365007e059311c59913f1da99234feb1b37839d67f313794

SHA512
0224036f3bef086b07dc932126cc2851b2e17772d0dacbbc906fe937b8d940925113289d86a4263e04bc12e72ff10f0dfcb2901ee9ce038ac9aa6e8cf209375d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
Filesize
264KB

MD5
586da34168ff50d08fddf027d4540ce1

SHA1
b8ac9f8c4a0333ccad6c5d9062a36c44ab929353

SHA256
b7f241b4cff7e9006497d2501ca43beed069beb97d12515bd5b83dfd471ec4ee

SHA512
571aee3c6264a9622a54b86563046b10787af03993319b4043a6d4f2fc05f73150d7a1ed35c047a58f0525122751053a208ce49cd79e2c105ef0a7a6ee7d6a57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3
Filesize
4.0MB

MD5
b1c9f7aaf608bcc7f2bd1a2bdc757dec

SHA1
db2bd9123c9ebb43fda73838ded3c7822e458cc5

SHA256
b4bc7402ee7b0085b88c37f5600b963a2b727e2b8a6e24322ba47cb00d046b42

SHA512
4000ec1bc611aaf0db1335ac9a304bae0173ce2176fa1a235849da031229f06e4781d1c931cf786cd4b1960bbe17d45ce3d949d2febe6e0cb136f43408ac363d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001
Filesize
17KB

MD5
6bc4851424575eaf03ebe2efee6073ab

SHA1
2d014fe2feb929d03a46322645a94556ca5c9e96

SHA256
abaded8e235fdf329521806af30a1cc7701eaca3fe2efccb9da760ec6d8e5e4e

SHA512
af3b7d93fa2243475d74d4bd7f918ce2706bf6eca28029b9e49869f5f793e483efaafdfab1fed6306d5fc77a5ed3b27097b27448cd04560bed4df6fa3268ccf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002
Filesize
17KB

MD5
fc97b88a7ce0b008366cd0260b0321dc

SHA1
4eae02aecb04fa15f0bb62036151fa016e64f7a9

SHA256
6388415a307a208b0a43b817ccd9e5fcdda9b6939ecd20ef4c0eda1aa3a0e49e

SHA512
889a0db0eb5ad4de4279b620783964bfda8edc6b137059d1ec1da9282716fe930f8c4ebfadea7cd5247a997f8d4d2990f7b972a17106de491365e3c2d2138175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000003
Filesize
16KB

MD5
4517391bc8c55acdbe1f4c2f0d1c1fc8

SHA1
ac51fcf3271333d222e4cb526431817f48345a43

SHA256
3c82cfe4ef2e80ad0aff5da477f399da7d5c0169968b800b1bd730c7eadbcd8d

SHA512
e85033dd2a4a4038512102052bff9e8a76e7a43d609431d987d436f262e21fcf1e298441cd378590db0742ca65845bd1585a7cba496aebe245a8084dd616e5ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000004
Filesize
16KB

MD5
8feb503d057a1dfc7121b0aa2c7cc10f

SHA1
0d25b47e8482de37b7f615205b8a45162e1049d4

SHA256
e816b1086f600fa2096189c847f34de90dabd33b899de28ce199682eaf17c713

SHA512
a193f820d8719a47d6f52ff9ff2bf76c27ea3611e87a582543c8a55595af25cb3d1bb00913f8c2a4f2ed027ea2749717faf84d75e887f32610dce4d6ce105595

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
d787bb316ac6e1dbfe868a5189921224

SHA1
dfcb307b887b42e15bb63d1bb4ddc06b3443d9b5

SHA256
de72a3ace987a7467a52da7c03c57e29f81d0316303e1d84108732bc135aa56d

SHA512
8cbcb275402477cbc01bd159e4d65c97c6d5d7357e7e615ccbc0d0ee57c05da9627ec1d9ecd1bd9affd55b351837f8bc0c731ffac77678667714b95cf89b22a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
d10ae1b4fe047315f64e2cd4c022a744

SHA1
ee9a2f2c5914af24715fee1cd36766a0b4a2ba6d

SHA256
d90d27ee7b2ef5f941d023c13486c3ae03c0f16f0e91910439b3e0fa19e8c69b

SHA512
64886e10334199cb0c51a20b12e44404c14f1b2920bc0eab22b73d72fb69bb0f130115f61ec20b67d58dd94f38cbc69c1ae5fca6942708a426dbf26313dbdfbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres
Filesize
4KB

MD5
20b338b59134c6516451a812ec742fe6

SHA1
4d6348d89655bce1d9e8533b39575b88ea37892f

SHA256
5aab630314f736b6b7c58a04600f918c515a1abda24d1187c73d9215145f3856

SHA512
6acde37079f133e08467aa2f6f82d57b63cea67d3f36b2f055cf114746a8ba77fd158985e9ba8e6fe31ba15c8b2c78d3186491013d39114f8b7be75c44190115

Download Submit
\??\pipe\LOCAL\crashpad_1548_RKDAUEWHQBKVWAQW
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit