d9d4c5f3120a9420e2dbaf0ee8931556e161787fbc4297d5fb4e4c7616fdd668

Resubmissions

21-02-2023 02:49

230221-da7sbsfc3x 7

21-02-2023 02:48

230221-dafzlsfc3w 7

Analysis

max time kernel
70s
max time network
75s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
21-02-2023 02:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

iview462_x64_setup.exe
Size

4.0MB
MD5

d3cc699bd13e8257109df8704ed4804c
SHA1

ea47f92d438b150f02ac6922e4f92224b1c17991
SHA256

d9d4c5f3120a9420e2dbaf0ee8931556e161787fbc4297d5fb4e4c7616fdd668
SHA512

e78c7582afde2e6c51c3dbd6891869c51237a7d80e89966d5809db850dbbe5d062c63d512f89ee08fe43bce08cf8b0a12db7122752d1de1c63040d901b8b6fff
SSDEEP

98304:hSrSl80MMjJkOV+Yy/QnUpoSjMDv4C5DNyhUznQWCcx87aQ4p:hNlRkbYyCUpxMDv4C5DkuQWCj+b

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

iview462_x64_setup.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Control Panel\International\Geo\Nation	iview462_x64_setup.exe

Executes dropped EXE 1 IoCs

Processes:

i_view64.exe

pid process

752 i_view64.exe
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

pid	process
752	i_view64.exe

Drops file in Program Files directory 64 IoCs

Processes:

iview462_x64_setup.exesetup.exe

description	ioc	process
File created	C:\Program Files\IrfanView\i_languages.txt	iview462_x64_setup.exe
File created	C:\Program Files\IrfanView\Toolbars\Samuel_16.txt	iview462_x64_setup.exe
File opened for modification	C:\Program Files\IrfanView\潔汯慢獲䜯潲扳牥彧㐲琮瑸	iview462_x64_setup.exe
File created	C:\Program Files\IrfanView\Toolbars\gnome-colors-human_48.txt	iview462_x64_setup.exe
File opened for modification	C:\Program Files\IrfanView\汐杵湩⽳敍慴慤慴搮汬⸀汤l㍟⸲硴t	iview462_x64_setup.exe
File opened for modification	C:\Program Files\IrfanView\汐杵湩⽳捉湯⹳汤l췻Ƹ	iview462_x64_setup.exe
File created	C:\Program Files\IrfanView\i_about.txt	iview462_x64_setup.exe
File opened for modification	C:\Program Files\IrfanView\彩档湡敧⹳硴t⹳汤le	iview462_x64_setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230221035014.pma	setup.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\0c8b40d7-6ff5-4725-94ee-8f896d62c253.tmp	setup.exe
File created	C:\Program Files\IrfanView\Plugins\Slideshow.exe	iview462_x64_setup.exe
File opened for modification	C:\Program Files\IrfanView\彩楶睥㈳挮浨洀l瑨汭	iview462_x64_setup.exe
File opened for modification	C:\Program Files\IrfanView\汐杵湩⽳瑓扵偟畬楧⹮硥el㍟⸲硴t	iview462_x64_setup.exe
File opened for modification	C:\Program Files\IrfanView\瑈汭是慲敭栮浴l瑨汭	iview462_x64_setup.exe
File opened for modification	C:\Program Files\IrfanView\慌杮慵敧⽳偉䑟略獴档氮杮	iview462_x64_setup.exe
File opened for modification	C:\Program Files\IrfanView\汐杵湩⽳獐潈瑳搮汬昀敦瑣⹳汤l硴t	iview462_x64_setup.exe
File created	C:\Program Files\IrfanView\Plugins\VideoExport.dll	iview462_x64_setup.exe
File created	C:\Program Files\IrfanView\Plugins\Effects.dll	iview462_x64_setup.exe
File created	C:\Program Files\IrfanView\i_options.txt	iview462_x64_setup.exe
File created	C:\Program Files\IrfanView\Html\frame.html	iview462_x64_setup.exe
File opened for modification	C:\Program Files\IrfanView\汐杵湩⽳灊彧牴湡晳牯⹭汤l㍟⸲硴t	iview462_x64_setup.exe
File created	C:\Program Files\IrfanView\Languages\Deutsch.dll	iview462_x64_setup.exe
File opened for modification	C:\Program Files\IrfanView\i_view64.ini	iview462_x64_setup.exe
File created	C:\Program Files\IrfanView\Plugins\RegionCapture.dll	iview462_x64_setup.exe
File created	C:\Program Files\IrfanView\Languages\IP_Deutsch.lng	iview462_x64_setup.exe
File created	C:\Program Files\IrfanView\i_view64.exe	iview462_x64_setup.exe
File created	C:\Program Files\IrfanView\Plugins\Paint.dll	iview462_x64_setup.exe
File opened for modification	C:\Program Files\IrfanView\潔汯慢獲术潮敭挭汯牯⵳畨慭彮㠴琮瑸	iview462_x64_setup.exe
File opened for modification	C:\Program Files\IrfanView\彩慬杮慵敧⹳硴t汤le	iview462_x64_setup.exe
File opened for modification	C:\Program Files\IrfanView\潔汯慢獲匯浡敵彬㘱瀮杮	iview462_x64_setup.exe
File opened for modification	C:\Program Files\IrfanView\潔汯慢獲术潮敭挭汯牯⵳畨慭彮㠴瀮杮	iview462_x64_setup.exe
File created	C:\Program Files\IrfanView\Toolbars\gnome-colors-human_48.png	iview462_x64_setup.exe
File opened for modification	C:\Program Files\IrfanView\爣慥浤彥楺彰獵牥⹳硴tel㍟⸲硴t	iview462_x64_setup.exe
File opened for modification	C:\Program Files\IrfanView\汐杵湩⽳晅敦瑣⹳汤le	iview462_x64_setup.exe
File created	C:\Program Files\IrfanView\i_plugins.txt	iview462_x64_setup.exe
File opened for modification	C:\Program Files\IrfanView\瑈汭琯畨扭慮汩⹳瑨汭	iview462_x64_setup.exe
File created	C:\Program Files\IrfanView\Html\slideshow.html	iview462_x64_setup.exe
File created	C:\Program Files\IrfanView\Html\thumbnails.html	iview462_x64_setup.exe
File opened for modification	C:\Program Files\IrfanView\潔汯慢獲䜯潲扳牥彧㐲瀮杮	iview462_x64_setup.exe
File created	C:\Program Files\IrfanView\Plugins\PsHost.dll	iview462_x64_setup.exe
File created	C:\Program Files\IrfanView\Plugins\Icons.dll	iview462_x64_setup.exe
File opened for modification	C:\Program Files\IrfanView\彩灯楴湯⹳硴tt汤le	iview462_x64_setup.exe
File opened for modification	C:\Program Files\IrfanView\癩畟楮獮慴汬攮數氀le	iview462_x64_setup.exe
File opened for modification	C:\Program Files\IrfanView\瑈汭振灯役楦敬⹳硴tlel㍟⸲硴t	iview462_x64_setup.exe
File created	C:\Program Files\IrfanView\Plugins\Plugins32\Effects.dll	iview462_x64_setup.exe
File opened for modification	C:\Program Files\IrfanView\彩扡畯⹴硴t瑣⹳汤le	iview462_x64_setup.exe
File opened for modification	C:\Program Files\IrfanView\汐杵湩⽳敒楧湯慃瑰牵⹥汤l	iview462_x64_setup.exe
File opened for modification	C:\Program Files\IrfanView\慌杮慵敧⽳敄瑵捳⹨汤lel㍟⸲硴t	iview462_x64_setup.exe
File opened for modification	C:\Program Files\IrfanView\彩楶睥㐶攮數攀挭汯牯⵳楷敳㍟⸲硴t	iview462_x64_setup.exe
File created	C:\Program Files\IrfanView\Plugins\Metadata.dll	iview462_x64_setup.exe
File opened for modification	C:\Program Files\IrfanView\汐杵湩⽳慐湩⹴汤l琮瑸	iview462_x64_setup.exe
File created	C:\Program Files\IrfanView\Toolbars\Grosberg_24.png	iview462_x64_setup.exe
File opened for modification	C:\Program Files\IrfanView\汐杵湩⽳潔汯⹳汤l档氮杮	iview462_x64_setup.exe
File created	C:\Program Files\IrfanView\Plugins\Tools.dll	iview462_x64_setup.exe
File created	C:\Program Files\IrfanView\Html\copy_files.txt	iview462_x64_setup.exe
File created	C:\Program Files\IrfanView\Plugins\Video.dll	iview462_x64_setup.exe
File created	C:\Program Files\IrfanView\iv_uninstall.exe	iview462_x64_setup.exe
File created	C:\Program Files\IrfanView\i_view32.chm	iview462_x64_setup.exe
File opened for modification	C:\Program Files\IrfanView\潔汯慢獲术潮敭挭汯牯⵳楷敳㍟⸲湰g	iview462_x64_setup.exe
File opened for modification	C:\Program Files\IrfanView\汐杵湩⽳楖敤⹯汤l췻Ƹ	iview462_x64_setup.exe
File opened for modification	C:\Program Files\IrfanView\彩汰杵湩⹳硴tt汤le	iview462_x64_setup.exe
File created	C:\Program Files\IrfanView\Toolbars\Samuel_16.png	iview462_x64_setup.exe
File opened for modification	C:\Program Files\IrfanView\汐杵湩⽳楖敤䕯灸牯⹴汤l⹳汤l硴t	iview462_x64_setup.exe
File opened for modification	C:\Program Files\IrfanView\潔汯慢獲术潮敭挭汯牯⵳楷敳㍟⸲硴t	iview462_x64_setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 64 IoCs

Processes:

iview462_x64_setup.exei_view64.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IrfanView.sid\shell\open	iview462_x64_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IrfanView.mid\DefaultIcon	iview462_x64_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IrfanView.gif\DefaultIcon\ = "C:\\Program Files\\IrfanView\\i_view64.exe,0"	iview462_x64_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IrfanView.swf\shell\open\command	iview462_x64_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IrfanView.asf\DefaultIcon\ = "C:\\Program Files\\IrfanView\\i_view64.exe,9"	iview462_x64_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IrfanView.cr2\shell	iview462_x64_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IrfanView.cr3\DefaultIcon\ = "C:\\Program Files\\IrfanView\\i_view64.exe,0"	iview462_x64_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IrfanView.tga\shell\open\command\ = "\"C:\\Program Files\\IrfanView\\i_view64.exe\" \"%1\""	iview462_x64_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IrfanView.swf\DefaultIcon	iview462_x64_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IrfanView.g3\shell\open\command	iview462_x64_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IrfanView.iff\ = "IrfanView IFF File"	iview462_x64_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IrfanView.qoi\shell\open\command	iview462_x64_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IrfanView.au\ = "IrfanView AU File"	iview462_x64_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IrfanView.ogg\ = "IrfanView OGG File"	iview462_x64_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IrfanView.crw\DefaultIcon	iview462_x64_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IrfanView.cr3\shell\open\command\ = "\"C:\\Program Files\\IrfanView\\i_view64.exe\" \"%1\""	iview462_x64_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IrfanView.qoi\DefaultIcon\ = "C:\\Program Files\\IrfanView\\i_view64.exe,0"	iview462_x64_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IrfanView.wbmp\ = "IrfanView WBMP File"	iview462_x64_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IrfanView.jxl\ = "IrfanView JXL File"	iview462_x64_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IrfanView.pbm\shell\open	iview462_x64_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IrfanView.wav\shell\open	iview462_x64_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IrfanView.cr2\shell\open\command\ = "\"C:\\Program Files\\IrfanView\\i_view64.exe\" \"%1\""	iview462_x64_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IrfanView.dds\ = "IrfanView DDS File"	iview462_x64_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IrfanView.jls\DefaultIcon	iview462_x64_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IrfanView.jpm\shell\open\command\ = "\"C:\\Program Files\\IrfanView\\i_view64.exe\" \"%1\""	iview462_x64_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IrfanView.mng\shell\open\command	iview462_x64_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IrfanView.xbm\ = "IrfanView XBM File"	iview462_x64_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IrfanView.xpm\DefaultIcon	iview462_x64_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IrfanView.swf\shell\open\command\ = "\"C:\\Program Files\\IrfanView\\i_view64.exe\" \"%1\""	iview462_x64_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IrfanView.dcm\shell	iview462_x64_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IrfanView.hdp\shell\open\command	iview462_x64_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IrfanView.jls\shell\open\command\ = "\"C:\\Program Files\\IrfanView\\i_view64.exe\" \"%1\""	iview462_x64_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IrfanView.webp\shell\open\command\ = "\"C:\\Program Files\\IrfanView\\i_view64.exe\" \"%1\""	iview462_x64_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IrfanView\shell\open\command	i_view64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IrfanView\ = "IrfanView"	iview462_x64_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IrfanView.png\DefaultIcon\ = "C:\\Program Files\\IrfanView\\i_view64.exe,0"	iview462_x64_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IrfanView.wmf	iview462_x64_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IrfanView.rmi\shell\open	iview462_x64_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IrfanView.iff\shell\open	iview462_x64_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IrfanView.pcx\DefaultIcon\ = "C:\\Program Files\\IrfanView\\i_view64.exe,0"	iview462_x64_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IrfanView.mpe\DefaultIcon	iview462_x64_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IrfanView.mng\DefaultIcon	iview462_x64_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IrfanView.ras\DefaultIcon\ = "C:\\Program Files\\IrfanView\\i_view64.exe,0"	iview462_x64_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IrfanView.sid\shell\open\command\ = "\"C:\\Program Files\\IrfanView\\i_view64.exe\" \"%1\""	iview462_x64_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IrfanView.webp\DefaultIcon	iview462_x64_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IrfanView.xpm\shell\open	iview462_x64_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IrfanView.asf\shell	iview462_x64_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IrfanView.dcm\shell\open	iview462_x64_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IrfanView.eps\ = "IrfanView EPS File"	iview462_x64_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IrfanView.jpm\ = "IrfanView JPM File"	iview462_x64_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IrfanView.pbm\shell\open\command\ = "\"C:\\Program Files\\IrfanView\\i_view64.exe\" \"%1\""	iview462_x64_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IrfanView.dxf	iview462_x64_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IrfanView.hdp\shell\open	iview462_x64_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IrfanView.mov\DefaultIcon	iview462_x64_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IrfanView.wma\shell\open	iview462_x64_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IrfanView.pcd\shell\open	iview462_x64_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IrfanView.qoi\ = "IrfanView QOI File"	iview462_x64_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IrfanView.flv	iview462_x64_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IrfanView.mp3\shell\open\command	iview462_x64_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IrfanView.tif\shell\open\command	iview462_x64_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IrfanView.xpm\DefaultIcon\ = "C:\\Program Files\\IrfanView\\i_view64.exe,0"	iview462_x64_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IrfanView.ttf\shell\open\command\ = "\"C:\\Program Files\\IrfanView\\i_view64.exe\" \"%1\""	iview462_x64_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IrfanView.cur\DefaultIcon\ = "%1"	iview462_x64_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IrfanView.hdp	iview462_x64_setup.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exeidentity_helper.exe

pid	process
4144	msedge.exe
4144	msedge.exe
4804	msedge.exe
4804	msedge.exe
4168	identity_helper.exe
4168	identity_helper.exe
4792	msedge.exe
4792	msedge.exe
4512	msedge.exe
4512	msedge.exe
3092	identity_helper.exe
3092	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

Processes:

msedge.exemsedge.exe

pid	process
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

AUDIODG.EXE

description pid process

Token: 33 4944 AUDIODG.EXE
Token: SeIncBasePriorityPrivilege 4944 AUDIODG.EXE
Suspicious use of FindShellTrayWindow 5 IoCs

Processes:

msedge.exemsedge.exe

pid process

4804 msedge.exe
4804 msedge.exe
4804 msedge.exe
4512 msedge.exe
4512 msedge.exe
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

iview462_x64_setup.exe

pid process

776 iview462_x64_setup.exe
776 iview462_x64_setup.exe

description	pid	process
Token: 33	4944	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4944	AUDIODG.EXE

pid	process
776	iview462_x64_setup.exe
776	iview462_x64_setup.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

iview462_x64_setup.exemsedge.exe

description	pid	process	target process
PID 776 wrote to memory of 4804	776	iview462_x64_setup.exe	msedge.exe
PID 776 wrote to memory of 4804	776	iview462_x64_setup.exe	msedge.exe
PID 776 wrote to memory of 752	776	iview462_x64_setup.exe	i_view64.exe
PID 776 wrote to memory of 752	776	iview462_x64_setup.exe	i_view64.exe
PID 4804 wrote to memory of 4568	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 4568	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 4508	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 4508	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 4508	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 4508	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 4508	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 4508	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 4508	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 4508	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 4508	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 4508	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 4508	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 4508	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 4508	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 4508	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 4508	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 4508	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 4508	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 4508	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 4508	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 4508	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 4508	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 4508	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 4508	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 4508	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 4508	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 4508	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 4508	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 4508	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 4508	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 4508	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 4508	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 4508	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 4508	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 4508	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 4508	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 4508	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 4508	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 4508	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 4508	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 4508	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 4144	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 4144	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 4100	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 4100	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 4100	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 4100	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 4100	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 4100	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 4100	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 4100	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 4100	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 4100	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 4100	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 4100	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 4100	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 4100	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 4100	4804	msedge.exe	msedge.exe
PID 4804 wrote to memory of 4100	4804	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\iview462_x64_setup.exe
"C:\Users\Admin\AppData\Local\Temp\iview462_x64_setup.exe"
1⤵
- Checks computer location settings
- Drops file in Program Files directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.irfanview.net/faq.htm
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:4804
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff90cd946f8,0x7ff90cd94708,0x7ff90cd94718
    3⤵
    PID:4568
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,8220070275245203189,22733286538606020,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
    3⤵
    PID:4508
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,8220070275245203189,22733286538606020,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4144
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,8220070275245203189,22733286538606020,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2984 /prefetch:8
    3⤵
    PID:4100
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8220070275245203189,22733286538606020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3752 /prefetch:1
    3⤵
    PID:2956
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8220070275245203189,22733286538606020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3772 /prefetch:1
    3⤵
    PID:4440
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,8220070275245203189,22733286538606020,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
    3⤵
    PID:4784
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,8220070275245203189,22733286538606020,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:8
    3⤵
    PID:3508
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
    3⤵
    - Drops file in Program Files directory
    PID:2888
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x228,0x22c,0x230,0x204,0x234,0x7ff7e24d5460,0x7ff7e24d5470,0x7ff7e24d5480
      4⤵
      PID:4184
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,8220070275245203189,22733286538606020,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4168
- C:\Program Files\IrfanView\i_view64.exe
  "C:\Program Files\IrfanView\i_view64.exe"
  2⤵
  - Executes dropped EXE
  - Modifies registry class
  PID:752

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff90cd946f8,0x7ff90cd94708,0x7ff90cd94718
  2⤵
  PID:3736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,13003666982093812335,5634875972405428154,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
  2⤵
  PID:3888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,13003666982093812335,5634875972405428154,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,13003666982093812335,5634875972405428154,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
  2⤵
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13003666982093812335,5634875972405428154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3600 /prefetch:1
  2⤵
  PID:1452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13003666982093812335,5634875972405428154,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3612 /prefetch:1
  2⤵
  PID:3400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13003666982093812335,5634875972405428154,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:1
  2⤵
  PID:984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13003666982093812335,5634875972405428154,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13003666982093812335,5634875972405428154,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4264 /prefetch:1
  2⤵
  PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13003666982093812335,5634875972405428154,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4216 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,13003666982093812335,5634875972405428154,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:8
  2⤵
  PID:2204
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,13003666982093812335,5634875972405428154,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13003666982093812335,5634875972405428154,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
  2⤵
  PID:4104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13003666982093812335,5634875972405428154,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2144,13003666982093812335,5634875972405428154,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5180 /prefetch:8
  2⤵
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13003666982093812335,5634875972405428154,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:3812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13003666982093812335,5634875972405428154,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:3992

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1964

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x510 0x468
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4944

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\IrfanView\Toolbars\Samuel_16.png

Filesize
10KB

MD5
49b9e25c8f622c2344e00665a40aed59

SHA1
5f977c67185297c2ed29c0ca32230e4f4ace7555

SHA256
07a1b34d2a6e259a515d179caa01df67e7a2ded0522919df80abb6281e73a4cd

SHA512
0c771762ae53ac8e610e2b1f58920c683fa8167c546eb99b37e055b10daafb347e4bcc91c00aecb5d8d4b2122437f4e8f99014f91acfc19d8922a4458dd4b47c

Download Submit
C:\Program Files\IrfanView\i_view64.exe

Filesize
2.3MB

MD5
75df432a4d2f45a620af22ba60aa711b

SHA1
bb07b1b9204f76a030db3f89e094676eb48bdb8c

SHA256
497e5e9d5aaeeb5e8d75a49ccd3181ec2aae822fc2edaf1f070f7118db54e2bc

SHA512
76cad6f7d1db02ad262667c96fdf28967d49a6ab60b018703fcd1b6dc9023a47c4b902aba2fdf8e24b372d7fea22e37b027557fbdb8a4fa4cebfd73a4089e7d2

Download Submit
C:\Program Files\IrfanView\i_view64.exe

Filesize
2.3MB

MD5
75df432a4d2f45a620af22ba60aa711b

SHA1
bb07b1b9204f76a030db3f89e094676eb48bdb8c

SHA256
497e5e9d5aaeeb5e8d75a49ccd3181ec2aae822fc2edaf1f070f7118db54e2bc

SHA512
76cad6f7d1db02ad262667c96fdf28967d49a6ab60b018703fcd1b6dc9023a47c4b902aba2fdf8e24b372d7fea22e37b027557fbdb8a4fa4cebfd73a4089e7d2

Download Submit
C:\Program Files\IrfanView\i_view64.exe

Filesize
2.3MB

MD5
75df432a4d2f45a620af22ba60aa711b

SHA1
bb07b1b9204f76a030db3f89e094676eb48bdb8c

SHA256
497e5e9d5aaeeb5e8d75a49ccd3181ec2aae822fc2edaf1f070f7118db54e2bc

SHA512
76cad6f7d1db02ad262667c96fdf28967d49a6ab60b018703fcd1b6dc9023a47c4b902aba2fdf8e24b372d7fea22e37b027557fbdb8a4fa4cebfd73a4089e7d2

Download Submit
C:\Program Files\IrfanView\i_view64.ini

Filesize
42B

MD5
25a92f802d3ffd5519f7dab35c0aec3f

SHA1
dcbf6d35f41452515fa4a0402da6a8fd89bc0ac0

SHA256
668c0ba227f3b0c95419dbb9328311961346dfa42ab17da4f13e9777ddecf58a

SHA512
0928c2c9dc3136a83d90598afb5b51887950a671dd23e34a7a6a4ac5fa5c3497e13d00fe39527f13e2e9ef9088d2c7553a682589f5ac70e7cb593376276e2427

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8c9383861d9295966a7f745d7b76a13

SHA1
d77273648971ec19128c344f78a8ffeb8a246645

SHA256
b75207c223dfc38fbb3dbf03107043a7dce74129d88053c9316350c97ac26d2e

SHA512
094e6978e09a6e762022e8ff57935a26b3171a0627639ca91a373bddd06092241d695b9f3b609ba60bc28e78a5c78cf0f072d79cd5769f1b9f6d873169f0df14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
91fa8f2ee8bf3996b6df4639f7ca34f7

SHA1
221b470deb37961c3ebbcc42a1a63e76fb3fe830

SHA256
e8e0588b16d612fa9d9989d16b729c082b4dd9bfca62564050cdb8ed03dd7068

SHA512
5415cd41f2f3bb5d9c7dadc59e347994444321cf8abe346b08e8c5a3fc6a5adae910eda43b4251ba4e317fbb7696c45dba9fd5e7fa61144c9b947206c7b999c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d6244d8b623b8d1d89b4565032ca11bc

SHA1
4dc82939e3aaac68f1fa113197acc9ef9cda7f85

SHA256
93815a17254e6d25f6204e693dc8e13ad86050659a6cec12af82f1af56d5fa21

SHA512
0db939f05b89c761eb3d8772e288165a9aaa1f7bc0f7d9f49ff3e1d4ac24647725b78b0b248bc28653ff25e2818dad444548459df382ff426897b8b4f14e2130

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d6244d8b623b8d1d89b4565032ca11bc

SHA1
4dc82939e3aaac68f1fa113197acc9ef9cda7f85

SHA256
93815a17254e6d25f6204e693dc8e13ad86050659a6cec12af82f1af56d5fa21

SHA512
0db939f05b89c761eb3d8772e288165a9aaa1f7bc0f7d9f49ff3e1d4ac24647725b78b0b248bc28653ff25e2818dad444548459df382ff426897b8b4f14e2130

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27a0f81e6706b2db0b342376bdfb5fa4

SHA1
5096ee7288468302b7eb815a186ba271db4481be

SHA256
d14bac4a25699668dbd23880af887a0f2446f73c143502ea1f5401748240cbac

SHA512
0874023e433a9330aed7c2466b157c8633f6f1ebaf1587092c2066fd01dc093cb040c22ecb8e1f701e936479d1ac78ce15fa2a89db1007e5edfb047968cbe22d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
d3a2298100543957be6cb7af19ed31a3

SHA1
f084f4ec923512ac140a587ac5b3b4e973641b4f

SHA256
296c98c9517f81beee98a34f1ffa5be0614c5d82013922afe08388bd475c7561

SHA512
c0c29eac48034d74306e5f5e0f9c00203d854067b66b1ad28335216b12951ff170516d48a0936207680d7d39323d6fdfebaae485dfb133542c701c88b44430cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
c45124a97574947669a7588cf9d69c3d

SHA1
118856df6aae710fa1b0742ad02d4fe75a28ae3e

SHA256
1b7f704ca2ffe3998ee086376126b9eb7c6663efe44a7039ef48db438187f0bd

SHA512
1bcec5e9cdeb24aafd3edf61ea79728df602c1ca6f550ff4d2f1e23eb10fad2c9a28805b8f10e894ece8457250e61f81bcfcb0d8a8ce57862b46817767d851de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
04ce760c3888f3daec47fba821991f58

SHA1
a453bebf36a35490bcf7e9dc813997ebf28b7105

SHA256
d7eb880c8df4889810665a6507d21cc3b2b0bc6f3fde60e182fa0b95b4cd7c9e

SHA512
f9d8654a54273c8a856ac32cb2ac877d3d3fd33a10795046feae4c7a3b288f4663dbb10a2ef96677be32d1700ae3e52e227f14a978d256ef1aae83b1e54fb15d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
7f003ef670c7599fde68f323f8ad2310

SHA1
39770445b5cfa95544d18777363457b96339048d

SHA256
5521c4b1aefb4d19aa544810ba61d5c4b39c689ad29ac9a847202445cd5c5af5

SHA512
d0a5ef2a0073a6ccfa325fc746fb794c43b3f0af5de0260a42dccdfcc6bea6c73e5828daf09fb84f06dde70e2a08fd51943d13b1fa1ddab7bdb56467f59799f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\index

Filesize
256KB

MD5
b1537a98dff6198caf3382c628639473

SHA1
3cc443cac84a115c422640fd6ee753e127c571b6

SHA256
33585c6eb6a26b7ea536c316994e41e838ece907aa52ec3ca6725dc1f0ed7ec7

SHA512
45407a0d75681aa06951a7e3c8e228202fa0296305f40948eb2dcc7c7b013a7ba06b339dd1bc8ad6568aae2844534494cfecb85e396a34625af34cc75e6d3b4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
b75073621982842cd2f49adb71b11529

SHA1
52b38a719549e058e5012fc2b8863338a284442f

SHA256
a23568c82243cc18115f1bd64ce5b6a56eb4ed268ad5781b6825473789b58a05

SHA512
a6d5aa40c6dfbc50dc7cee0101c0fc2367feaf943e7d1498649d77630f111c22ce5a72d46f1dc010888f6715a919d9e4f9bf6235322914d7f851aac8b06eb395

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
1313f269a274900b1aa5c9b35b78fd58

SHA1
39f4b3f786b40c3b850b124200efa4f893c05640

SHA256
35031527b73425780ed7986e4fa983762ed090e47285dcbfb4b94e63537e95f8

SHA512
a2d2b15180217483ea4ec41c52375231d7529a0b66efb9950a08288b0804d2c63fa12403711e528bd76897796b868a860a03e3c3b23a56642fe5187beae99027

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
48B

MD5
b75073621982842cd2f49adb71b11529

SHA1
52b38a719549e058e5012fc2b8863338a284442f

SHA256
a23568c82243cc18115f1bd64ce5b6a56eb4ed268ad5781b6825473789b58a05

SHA512
a6d5aa40c6dfbc50dc7cee0101c0fc2367feaf943e7d1498649d77630f111c22ce5a72d46f1dc010888f6715a919d9e4f9bf6235322914d7f851aac8b06eb395

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
49693267e0adbcd119f9f5e02adf3a80

SHA1
3ba3d7f89b8ad195ca82c92737e960e1f2b349df

SHA256
d76e7512e496b7c8d9fcd3010a55e2e566881dc6dacaf0343652a4915d47829f

SHA512
b4b9fcecf8d277bb0ccbb25e08f3559e3fc519d85d8761d8ad5bca983d04eb55a20d3b742b15b9b31a7c9187da40ad5c48baa7a54664cae4c40aa253165cbaa2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
279B

MD5
3761bee4c39213f0ae61ac33735548a2

SHA1
8338f6a95410eef45ad7cd163692c2697ee27207

SHA256
d1f97a19f2d4d83d116ac6dd3790ac857bf6352011d191c730bf754d8507b92e

SHA512
d978d8e59da16a72bd0495812a4f911ef78754073d40523a0150b722765cd5af009412ff870fe1d094f9189e02b1cf74aafbf41098cce7f4819375cef32d98b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
24KB

MD5
25403a1f310d2e743ef221671dd0ced7

SHA1
216716575865c54c1de3a619e5afad036c99d71d

SHA256
ec1c13505b87802b261150454bb86ee4549182b79baa32a209a874dd95befea1

SHA512
79744c55c82dec21c9c8f68b1a10729302e6ef957faeb0d45ba9800f657d5e04f8ab729476cc427bcbb61a4dc058c0e59edf2abcf8042e7a60d38b4edb016e1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\index

Filesize
256KB

MD5
ba01f71d997b074a4171a32db1285128

SHA1
87381e43633b52d7f19db799f5f66a2b09f751a8

SHA256
77a2aa19bab1a937ed37f2977575f41936e1f2ae1e0f22bf91cb3c7ab44af8f0

SHA512
1046dacf39ffc8cc2be340c565c41605b30d94996a6028732e04ce3dfb14b866d4cac0a2b908b3a7f88f7ed1537d7fa9e1e2528a3f91de1f6b12e82f18d8def5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
8d38fb7423542a65360c8f91add8e53f

SHA1
555dd6adbf1e83ddf929099badf7cf0fe1b7c109

SHA256
5ce9ec5c849617901a55b422d47087b8ac310ad867089c58d66d0c67ca62026b

SHA512
17f800b83f629def4d28b9206eb1937bb01ef9a6db8edda61310ed719e65ab3c2c1c7e51179fceb0aa8b23fca6830893d010d063cc32a28df0aa0ed8331b5c36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
779B

MD5
dfdb2dd41fd26585d4d21021c3f28ffd

SHA1
4ec729449632821da6a8909730efe1da8aaaaa0b

SHA256
ad7d5b82a4580249b6ff1a3db61a078a7b2270db3f689538c4240ad5ae4907b8

SHA512
fbeab06ca4f93bb1b5ccbdf2c6c23e7652202c0c5705a92308ce527be7187f0209712ff48612a34e6dce0dfa25c30086c981448b2cb5ccffe7fd143c81de4107

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
774d1a62e27457a51799b75c9362d8a9

SHA1
7752b0cd148dbe3d436aeb513e29bf36f3b2bb89

SHA256
af8858b66352662497fee42af55354753ab1d3feb8f52e6a1166403a6767ee91

SHA512
382e535c82338ff26f8b2a7b48d536b61c836ef01f695bae3166b173ebdd26c98fc5ebccee4ba463197f294a73036d21ebf3715e8bf11c88b64c3dd137466ba7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
afcedfd4b542c47e100816d5a023c5ab

SHA1
257017ce31dce4375a502d9430b733f6ed1f6cd2

SHA256
4dad7db24555fe328bb3e3a7de926dcd32367a1a8dc85fb7fed3827477149dd2

SHA512
c07fd9bfa5360d2c17d0ee701c822a866911f93e1bb092bff1ddf94971ec785997ee456013e064cebbc304e93b6c27a0cec5b152ca1c9dc44bcc45ba9cfc71e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
248B

MD5
aa5c9ef101e0cca61678dcaed524270e

SHA1
94f9882349038ee458e04301b6ec123b0952860f

SHA256
cf77a8227d134ac5fec1aff2b71ab2d8ff3f89b588639ee06904b6578eabf404

SHA512
81717f814dbccb17f1dab5c07b48c63a43ab326bd764e7ffef704567a99356bdf66bc47e3a06b3cf9ae9c0d09e872d5d7415fff1282d7ef759278832a8fdfe1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7a3f98251dee9861b98e2fffaa567519

SHA1
de47ad013e1a572d0008db91a0d4c24d642956df

SHA256
fad8178e4755c303692bc1c1cbee4bfb87dfb7b4f4231be3d497c0637db1c9f7

SHA512
9775540a96471dda548b8ececb9cbe730867be11ba2d2e9fd3d4ece0ad790af94281fe705279736f25616c611cfe21fca6ab46d60557c40937aaa2ca83c833b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
22534cf1f7383c5baa0a72a589d96e7e

SHA1
84523dd4019c7b78488497282c5f2aced1455c4c

SHA256
be4375041205c8247da221f86a13c4a4bb3ed9a28ed205c9c4f6a4309d38da39

SHA512
3a525ee695a37eca66138986c52de0b36b926eb0d96e5cf69e5e56c748e2c13f3ab94d1f248ac433458d4f10e302a79caf435a0836dae11a5d35cdf564282067

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2565d93ef8f6e6fb93dbfb90401c22f3

SHA1
9aea529e13a0f4f8ef7d990a5cfb1c3621bb69f2

SHA256
a6475e0d29b416f4d83989a17c9011bfdd30dfddf010225e9d20feba8520189b

SHA512
9f2f292f8388324ed9a9ebc4acdef66cbe2e489b453c362c465aba88c011cb682b89806e83ab453bcfa948ca75f57fc6dafc8c9ac4373201114234c8b04a0790

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8061edf2cc34d5a41f1919e0d52e7afa

SHA1
5115a4e78722f8f4abd2f934923b9e3395bb6804

SHA256
d98db3edf327f2edeb0df516c84589be3daae211ff68a9d8ecb33a182a32e1c8

SHA512
247a42bd367ae8f4262024618a251cebfe22f0c5e0a2377ca0e836a58e5d08c27a877e94263c1dd0a090a26ee74e164094a653ef53b5eb9992315223cfab4cb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8061edf2cc34d5a41f1919e0d52e7afa

SHA1
5115a4e78722f8f4abd2f934923b9e3395bb6804

SHA256
d98db3edf327f2edeb0df516c84589be3daae211ff68a9d8ecb33a182a32e1c8

SHA512
247a42bd367ae8f4262024618a251cebfe22f0c5e0a2377ca0e836a58e5d08c27a877e94263c1dd0a090a26ee74e164094a653ef53b5eb9992315223cfab4cb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
26a4ac878d0d39c2ef6879769b01db2d

SHA1
69273d64f218c0f550a9241e20be1fe0462546f3

SHA256
1b146ef81d39cd8afbc41b4387214caace904838c0d594aa60543ef03a690ba3

SHA512
1f4991dfedb90539079b52dc9c78f40049927ee1b398b803317713aba88675ee274ec2547eacd8884d974aed21023b38343ddbcce82fbb6d8f1733c7b411dcfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
60b345592703258c513cb5fc34a2f835

SHA1
39991bd7ea37e2fc394be3b253ef96ce04088a6d

SHA256
7e358b4f7553c9385e8eb2c5692d426bc257bbd4c0213e6c69294459734f6300

SHA512
0346fb4096eb285ab0fdf7e7ec38c4daf7bbb0c506f09975eb2290121d169a34c886fca342c3e06371cb697f2753a697ca4f72af7817ed340eee6063897110a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
acfcbb16fadae6fbaa1ab8bf894730a3

SHA1
510627ecc38d01212d10f8fd77798a1804b2edb1

SHA256
0409ba629e259ef5eff0e3cc33a267b3234e4a4eb46992f090764416a93ed89b

SHA512
dbc17293c4149a45787bfbc8d6ba156232ed7bb7c6a63d29ffdb34a68919f96be86338c9b858b7e0ae4e3b23cbd01c9316f500b6af5573da7e8318c642015502

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
99B

MD5
ba92e5bbca79ea378c3376187ae43eae

SHA1
f0947098577f6d0fe07422acbe3d71510289e2fc

SHA256
ccf4c13cd2433fe8a7add616c7d8e6b384cf441e4d948de5c6fc73e9315c619f

SHA512
aa1d8b7eb9add6c5ed5635295f501f950914affc3fa9aa1ee58167ed110f99a1760b05e4efb779df8e432eab1b2a0fc9cf9d67a05b2d5432ff8f82c620a38a62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
279B

MD5
ffb16014a4eeea72495b8eae51e48784

SHA1
305c054c1a0afed114a2e0739daff9c2cf51e2a4

SHA256
8a8173b962683957f948b8627cd5e3ea27aaf67feb240ee789c400b5536320da

SHA512
6851affdb1b0da9e902903997c7d85b5bf59ab7b299bd2c2b418c030014ce5a2b83c95c81e8f2a774327c134412ab48e283724ef1d6512667427bd1710daf7c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13321425014175662

Filesize
1KB

MD5
94a372e4577cc8c542d7eb9144daf40c

SHA1
1d93eae5cc225f0cb57938261766518d9b9aca25

SHA256
1ab01bbfb8f89f43a877ddf71bf8275b7d9ab8eea3233aafa81b3303d7ba798a

SHA512
e17ba366e17882937564fa1c02889974dcf084055138fd80a156f5a218e4e92f17dc2655592edd9a1e7857940bdf0c3c42f51b6f77a507eefe677766b2b86317

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
357aacfdf541396ae6c175b5c05decbb

SHA1
bfe80329a873698b951e08049d14759f37b298d7

SHA256
a13ac7b927980a124221a3c9c6f00da317d2a2a38b1428fef5d5eaa487ff7323

SHA512
896fb66672eca5bef9b1879464ea2d8fbe20282f65b57c6d43e6f85115530e68d1def418e214631c8f3c14907db8b930399bdbf0ab6de03a33c25df882c21778

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
d89aeb869ffa82e4feefac7f2c42daba

SHA1
8433a785db57c5952aae6fb3796c716d554b99e5

SHA256
9384b89477ef53d4af620673b4db5e969b6c839b02df4841b564bb997003b64b

SHA512
2423b9de6513d491d1a15a309119c239db93f70e24790002147c237390e1e2b273be11dc5af1bcdf033d65e9ed78bc4f046776e436a0f5f8a357e6b563fe0098

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
28c9ddbb98d078e0a05ae153c5360762

SHA1
5b9d5e389ee6e0055b4c5be518aef98cbe185404

SHA256
83cc57557bdf6a93d1846080f64f91799251b8e107d2917e60ff648c787e41ec

SHA512
fcf10c715bf2db9f922a727356b73f5badf8aef080ba9b818b47419ae61215f8405ea3d71e5494273c2c958fcf5df1a5f34084bba7f9bd320a72b710388f97ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Top Sites

Filesize
20KB

MD5
f44dc73f9788d3313e3e25140002587c

SHA1
5aec4edc356bc673cba64ff31148b934a41d44c4

SHA256
2002c1e5693dd638d840bb9fb04d765482d06ba3106623ce90f6e8e42067a983

SHA512
e556e3c32c0bc142b08e5c479bf31b6101c9200896dd7fcd74fdd39b2daeac8f6dc9ba4f09f3c6715998015af7317211082d9c811e5f9e32493c9ecd888875d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
4a74e866084c14c748f3ffddb113d4c1

SHA1
d856f35c0f90ffdee5c0783e427bb52b85d4fd12

SHA256
dcf237f9a3cfbe8e9784e8c4a7d1d7c13ace9d4a4b34290927a0ab140674b91f

SHA512
43fb89bbbe026c61b9517fc36cdaa13f8f641ff7c559ad53c5560ca2867ea68ebdbf4da714b4d2e76fce26856530c3383235222c6ac9e3e9f04388cc7313242f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
116KB

MD5
f70aa3fa04f0536280f872ad17973c3d

SHA1
50a7b889329a92de1b272d0ecf5fce87395d3123

SHA256
8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8

SHA512
30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c318bb79-5b84-417d-a117-eeaad304e4f7.tmp

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
90650ed90f9d443ad2041188c5285695

SHA1
7444222dd6c23f1825e86778d86b8f9721ffb48c

SHA256
c04ffb18dad5563edbf5210ef8cb4fd83a7b6014775ec8e3ec76865a6ea4428c

SHA512
9389b6f7c0c2886d42d34032dacd35d617b3834ba88faf80b84d31cd73dc3112c02a797d87b31e1a071144bf067b347c32203ba189af303fad8c686172c537a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
281B

MD5
c84a31d34d9c30725e3525f75814b6ef

SHA1
df6c99185988f97a25a881e9be09c77a932543c5

SHA256
132a425048abb3a34626c76730e6d373f528bae9a0b2f58918715736fcd8bc9a

SHA512
93c4cec0d37c4c0c252c76d498beb173473ea61d0d071fc21787d5d3ae9116fbe7a23090f2be62a2950c974eff0bd4e04697a7e2cbe678ccb4c8f9d72538f145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
160B

MD5
2e19a9040ed4a0c3ed82996607736b8f

SHA1
5a78ac2b74f385a12b019c420a681fd13e7b6013

SHA256
2eeb6d38d7aad1dc32e24d3ffd6438698c16a13efd1463d281c46b8af861a8ce

SHA512
86669994386b800888d4e3acb28ab36296594803824d78e095eb0c79642224f24aca5d2892596ac33b7a01b857367ed3a5e2c2fb3405f69a64eb8bf52c26753f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
297B

MD5
dadac3a02170d04b470f89e25a31a684

SHA1
cb342f7ae3bd436bec5617b45751d390fd614125

SHA256
8e9bbe0180a8c86145bc2627a4d3b609ac533dfdfb9907508c9ec88e70a4a8b7

SHA512
baeae2f5c86cf5dc242a0157a43455921e23c324d06af41dcd9fcb099dc3f58587d84e8e46cd3f923e0cd0f115e91fb1c036c268b39749b13262a50a8bf283e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
ea96a2dd190c3c3430a5a69f9f889f9d

SHA1
baffe96d62461b9a8c25465e5e36e916e2a8694c

SHA256
2f4a939d99ae6aba7fd10003ea96f70b970da7342fe356b1da111238555c5d0e

SHA512
421b4ad3c3efc20dda128bebe9eb58364534c62aeeca1cbb9417e69bfe55ed3f71eb6a73803ed896539abfb6c7e222794168a2dca82df8d97adf8cd9a092d221

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
bdb336e1d11d29673e93ea5eed03bb70

SHA1
56920d4cd3296c8177e5324c45e962438514cf4f

SHA256
94d1e23dc1bb271ddad3a1415c978b3b1308387ec49ba1db43919520ba852ae9

SHA512
734c2c1766ae0e04baa2f82198e1f265a2a2d8de7951da760f797b2069ac32bcfff19fd815ee82b66609a7959b20979fb05cd64e3bd129b9bd6761b9103fa407

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
bdb336e1d11d29673e93ea5eed03bb70

SHA1
56920d4cd3296c8177e5324c45e962438514cf4f

SHA256
94d1e23dc1bb271ddad3a1415c978b3b1308387ec49ba1db43919520ba852ae9

SHA512
734c2c1766ae0e04baa2f82198e1f265a2a2d8de7951da760f797b2069ac32bcfff19fd815ee82b66609a7959b20979fb05cd64e3bd129b9bd6761b9103fa407

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
79e49d56eac9840388dddb1e5ae116d7

SHA1
d1d92a9ca339cabe48754d96ffda6f61e5111750

SHA256
726a287a28402b8b5637e78263d09b26aaa8c15897d93799a888588a92b7c398

SHA512
931f3ac8dc386648bf83fc4290532da090087c85c85833fb59781da101e456741ce150b2a64c44bd7efa6e2ea1cd93169e9f23bd1cc6b65fa2c44b23a995263f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
170e9235580639f17d5769cf54d294b9

SHA1
21e543244cb5637cf4c48765101981188115afe8

SHA256
4a9ff76d54e445af30763405d6d5749af9a4f99e9e27df8fd96540e235b9a94c

SHA512
8f5d4275e5fb0faedac894bf6505356c6db7fe2dc9203eb96b695090f2febbf352ae8deae8747822f1e21088dd62a5750a241751dc5bda64778791a3ed2e70b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Roaming\IrfanView\i_view64.ini

Filesize
79B

MD5
f92e1ae28962ce5925a9d459ac6324de

SHA1
6a89d4f0a03ed3fbae7e80fe39b94fc32ae87cdb

SHA256
8558f9e261a7b1b482ba9c258bceceb3cf6e37832d92b875a2a28d1d2b6109d1

SHA512
9d4c02ad819748809205edd7a7b0150a844cd67e4e8152c15c5a0b6a6a2c49d22d07467871c2bebc5f92de03bcaa7d4666c32f5355ce09e10fb4abf776164590

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
ccbca7c9d39313caa2880913bed6c03d

SHA1
fff6a171f3a5b409a787b13b7aa7aa585465859b

SHA256
21b030bc8af91c2fa0829271920584650eaa472286044099f9e23c8ff05a12e2

SHA512
538f8d1bc00585f34ffac07b26aaf33bcd836c0d9e64bb268335cc4744d9bc09c122d90b435ab65738f09246115206142f488455b43a3be74c94cbe2da5bdf86

Download Submit
\??\pipe\LOCAL\crashpad_4512_DDYPKOJLZZVKZHKA

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\LOCAL\crashpad_4804_TPZBZRBFONWLPHMV

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/4100-231-0x00007FF928440000-0x00007FF928441000-memory.dmp

Filesize
4KB

Download