hxxps://cdn[.]discordapp[.]com/attachments/1164179095404425216/1168103060757827644/agepbidfkokeeojcgoaophdnjknncjiiahiflhjkhjin_EHW_1[.]_rocnik_uvod_opakovani_1[.]docx?ex=65508bbf&is=653e16bf&hm=48e2a56de275cec3c934b488e2d0aaf99418ea50ddc017a2fdfc8143bafd966c&

Analysis

max time kernel
153s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
29/10/2023, 11:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.discordapp.com/attachments/1164179095404425216/1168103060757827644/agepbidfkokeeojcgoaophdnjknncjiiahiflhjkhjin_EHW_1._rocnik_uvod_opakovani_1.docx?ex=65508bbf&is=653e16bf&hm=48e2a56de275cec3c934b488e2d0aaf99418ea50ddc017a2fdfc8143bafd966c&

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
2692	WINWORD.EXE
2692	WINWORD.EXE

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4808	msedge.exe
4808	msedge.exe
1096	msedge.exe
1096	msedge.exe
3784	identity_helper.exe
3784	identity_helper.exe
2296	msedge.exe
2296	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
2692	WINWORD.EXE
2692	WINWORD.EXE

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
2692	WINWORD.EXE
2692	WINWORD.EXE
2692	WINWORD.EXE
2692	WINWORD.EXE
2692	WINWORD.EXE
2692	WINWORD.EXE
2692	WINWORD.EXE
2692	WINWORD.EXE
2692	WINWORD.EXE
2692	WINWORD.EXE
2692	WINWORD.EXE
2692	WINWORD.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1096 wrote to memory of 316	1096	msedge.exe	52
PID 1096 wrote to memory of 316	1096	msedge.exe	52
PID 1096 wrote to memory of 548	1096	msedge.exe	89
PID 1096 wrote to memory of 548	1096	msedge.exe	89
PID 1096 wrote to memory of 548	1096	msedge.exe	89
PID 1096 wrote to memory of 548	1096	msedge.exe	89
PID 1096 wrote to memory of 548	1096	msedge.exe	89
PID 1096 wrote to memory of 548	1096	msedge.exe	89
PID 1096 wrote to memory of 548	1096	msedge.exe	89
PID 1096 wrote to memory of 548	1096	msedge.exe	89
PID 1096 wrote to memory of 548	1096	msedge.exe	89
PID 1096 wrote to memory of 548	1096	msedge.exe	89
PID 1096 wrote to memory of 548	1096	msedge.exe	89
PID 1096 wrote to memory of 548	1096	msedge.exe	89
PID 1096 wrote to memory of 548	1096	msedge.exe	89
PID 1096 wrote to memory of 548	1096	msedge.exe	89
PID 1096 wrote to memory of 548	1096	msedge.exe	89
PID 1096 wrote to memory of 548	1096	msedge.exe	89
PID 1096 wrote to memory of 548	1096	msedge.exe	89
PID 1096 wrote to memory of 548	1096	msedge.exe	89
PID 1096 wrote to memory of 548	1096	msedge.exe	89
PID 1096 wrote to memory of 548	1096	msedge.exe	89
PID 1096 wrote to memory of 548	1096	msedge.exe	89
PID 1096 wrote to memory of 548	1096	msedge.exe	89
PID 1096 wrote to memory of 548	1096	msedge.exe	89
PID 1096 wrote to memory of 548	1096	msedge.exe	89
PID 1096 wrote to memory of 548	1096	msedge.exe	89
PID 1096 wrote to memory of 548	1096	msedge.exe	89
PID 1096 wrote to memory of 548	1096	msedge.exe	89
PID 1096 wrote to memory of 548	1096	msedge.exe	89
PID 1096 wrote to memory of 548	1096	msedge.exe	89
PID 1096 wrote to memory of 548	1096	msedge.exe	89
PID 1096 wrote to memory of 548	1096	msedge.exe	89
PID 1096 wrote to memory of 548	1096	msedge.exe	89
PID 1096 wrote to memory of 548	1096	msedge.exe	89
PID 1096 wrote to memory of 548	1096	msedge.exe	89
PID 1096 wrote to memory of 548	1096	msedge.exe	89
PID 1096 wrote to memory of 548	1096	msedge.exe	89
PID 1096 wrote to memory of 548	1096	msedge.exe	89
PID 1096 wrote to memory of 548	1096	msedge.exe	89
PID 1096 wrote to memory of 548	1096	msedge.exe	89
PID 1096 wrote to memory of 548	1096	msedge.exe	89
PID 1096 wrote to memory of 4808	1096	msedge.exe	88
PID 1096 wrote to memory of 4808	1096	msedge.exe	88
PID 1096 wrote to memory of 1196	1096	msedge.exe	90
PID 1096 wrote to memory of 1196	1096	msedge.exe	90
PID 1096 wrote to memory of 1196	1096	msedge.exe	90
PID 1096 wrote to memory of 1196	1096	msedge.exe	90
PID 1096 wrote to memory of 1196	1096	msedge.exe	90
PID 1096 wrote to memory of 1196	1096	msedge.exe	90
PID 1096 wrote to memory of 1196	1096	msedge.exe	90
PID 1096 wrote to memory of 1196	1096	msedge.exe	90
PID 1096 wrote to memory of 1196	1096	msedge.exe	90
PID 1096 wrote to memory of 1196	1096	msedge.exe	90
PID 1096 wrote to memory of 1196	1096	msedge.exe	90
PID 1096 wrote to memory of 1196	1096	msedge.exe	90
PID 1096 wrote to memory of 1196	1096	msedge.exe	90
PID 1096 wrote to memory of 1196	1096	msedge.exe	90
PID 1096 wrote to memory of 1196	1096	msedge.exe	90
PID 1096 wrote to memory of 1196	1096	msedge.exe	90
PID 1096 wrote to memory of 1196	1096	msedge.exe	90
PID 1096 wrote to memory of 1196	1096	msedge.exe	90
PID 1096 wrote to memory of 1196	1096	msedge.exe	90
PID 1096 wrote to memory of 1196	1096	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/1164179095404425216/1168103060757827644/agepbidfkokeeojcgoaophdnjknncjiiahiflhjkhjin_EHW_1._rocnik_uvod_opakovani_1.docx?ex=65508bbf&is=653e16bf&hm=48e2a56de275cec3c934b488e2d0aaf99418ea50ddc017a2fdfc8143bafd966c&
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffbbe446f8,0x7fffbbe44708,0x7fffbbe44718
  2⤵
  PID:316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,6122084688807941514,13449529910849688578,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2488 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,6122084688807941514,13449529910849688578,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:2
  2⤵
  PID:548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,6122084688807941514,13449529910849688578,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2620 /prefetch:8
  2⤵
  PID:1196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,6122084688807941514,13449529910849688578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,6122084688807941514,13449529910849688578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:1028
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,6122084688807941514,13449529910849688578,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 /prefetch:8
  2⤵
  PID:68
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,6122084688807941514,13449529910849688578,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2020,6122084688807941514,13449529910849688578,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,6122084688807941514,13449529910849688578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2020,6122084688807941514,13449529910849688578,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3956 /prefetch:8
  2⤵
  PID:3856
- C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
  "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Downloads\agepbidfkokeeojcgoaophdnjknncjiiahiflhjkhjin_EHW_1._rocnik_uvod_opakovani_1.docx" /o ""
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  PID:2692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,6122084688807941514,13449529910849688578,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:2236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,6122084688807941514,13449529910849688578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:4104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,6122084688807941514,13449529910849688578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:5552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,6122084688807941514,13449529910849688578,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:5560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,6122084688807941514,13449529910849688578,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4052 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2164

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2268

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2668

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0629525c94f6548880f5f3a67846755e

SHA1
40ef667fc04bb1c0ae4bf2c17ded88594f0f4423

SHA256
812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee

SHA512
f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
186B

MD5
094ab275342c45551894b7940ae9ad0d

SHA1
2e7ce26fe2eb9be641ae929d0c9cc0dfa26c018e

SHA256
ef1739b833a1048ee1bd55dcbac5b1397396faca1ad771f4d6c2fe58899495a3

SHA512
19d0c688dc1121569247111e45de732b2ab86c71aecdde34b157cfd1b25c53473ed3ade49a97f8cb2ddc4711be78fa26c9330887094e031e9a71bb5c29080b0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9f097588622eb805464997ae830a3d32

SHA1
5f13c0ec8fa79b79d5d4e3748d9905c25b7f779a

SHA256
f39c9ef3e8e04c82e3393775b4f037abf5b73f840063d7c5c571ef34bee5eddc

SHA512
7b0e596222a282db99b33c36c8814a2611c2c04d95d79a7acefa5402268f286d71fb8e1ca51ad86ab34dd0d3b8ede644a6fc729fa33a54678f9c1288a7bd2dac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f83a76463372fad7ce7241e07ba73ca9

SHA1
b5eb525b4ec8910da5415fbc314ec0d1c035592e

SHA256
cefc05e13aca0d1a1f5d16d5b468c6ba1956dd59ecec2c3c14024db15379de85

SHA512
3337815c176b4d3831379a1564d2700e8e76bec1e9c6b0e1d5c461ba6b4bda77dbb782ddf7d1cfd1dd15918366aa40a1cce4ff2c043de39831cfb5dc20cdfbab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
19e43df521c87146083bc424d94f8c0d

SHA1
d53d88574252a2d7a6b4ee4fd67ff7a82d648fb9

SHA256
7980f16d4d746faca36dbf43a63583c1fc1e34d182f9f1ad750d5792ef673075

SHA512
2461a3f9af3873bd965941c7ee3d9c3640344b505ea355e34a18f7576b6ecbe7d1efe540be53f7af2a652584d87928521be57851839e9eeae36aae4f68b91b94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
fd20981c7184673929dfcab50885629b

SHA1
14c2437aad662b119689008273844bac535f946c

SHA256
28b7a1e7b492fff3e5268a6cd480721f211ceb6f2f999f3698b3b8cbd304bb22

SHA512
b99520bbca4d2b39f8bedb59944ad97714a3c9b8a87393719f1cbc40ed63c5834979f49346d31072c4d354c612ab4db9bf7f16e7c15d6802c9ea507d8c46af75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
40448550c7ab60c15035222fd6e5f80d

SHA1
8f5f1a2f169be925b218ca83a70d0275adfa93dc

SHA256
300392b65dd9e33337618dffc9a412eb77f0cd62e852810d4cb7c35025a3b0d9

SHA512
4c693401a965688ec6f4f14f19fe542632a91e546d2de2a5abcd7b16eb8178c533dd5cae1e4cea5a72c1db396c9f58be833ec83f943d02a647c04beb2513ffdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6079f9fc22d701ea8557b96df35d6925

SHA1
482472e2021f3a47d6e17d21af82ab8a2ab40e02

SHA256
126a834ea1983c621b103357d8b8177f1cb2bbb50690d8396f4756e87a2f3531

SHA512
48295340f44c44d7b3cd0bfd5db35d4949f1e8abf89ad70f447187a3d4bf125d289c82c69173a4ea0068285b2a12ec0efde29bd325f1c48fd01ece765ce4ac5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
94a3c8735e2b00ca28384034464a1ee7

SHA1
df70294016937f1c69e1f6c0135fcbe2645a609a

SHA256
0a76f1db9b102d0a6ebe7f606f3895860b3ccb6513c2713936db24d64a05bd9e

SHA512
b4be05bf444702f6485ca838729dc6854a5b4b34da923c0539198edc26d76474221e7f7ffab14b42e8a80b88ba22df554b33a5d98be6dc9213441f2b491f18d4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

Filesize
359B

MD5
1b043a57169e70c175f6d8402ce603b9

SHA1
8e60232b6f68f15315c35d218d8dddaa676f064a

SHA256
33d893a2c536ad5ede5295fa459afa62085a65ac80c5cee02b96eeb700757cda

SHA512
ce6530c759f11eba486a302ef03c51ccc91ab5d33a1a5e9b45fcf2d835adea0a420f7e07cfb000fbed36a915c60843a99a3f07019838bef7edd574b0353f85fe

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\MOAWM102PBIZO19S34TJ.temp

Filesize
3KB

MD5
56ecc507c53972c3b381e667b2e7d32d

SHA1
a4aea9a43c8b309c5a74264f1d26a2af0e856ff5

SHA256
0e8b50ed1021bcb9c31ea1eda53adf3d0b81ab64e2f8349fb2fa9d945eb12c9f

SHA512
928bf417891e0ccaa0246c5740a7439f0b1db89dd061169d1589a9daba6f9bac308b7b7015f2d56b15acb07a46a5b799d1cd81ec01ab6509c29d3397a685a892

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

Filesize
3KB

MD5
e454a18077aec3d9e8332cc43a372327

SHA1
55b6f96d76e4b74514868656454cc9c6b8414577

SHA256
cc3906d38294cc9548ef192f781ade1cf4bd5fd3322c43f9f16013c766921622

SHA512
1acc1316be503429e40c49822720be0c497983c096d762791bc01036924c5bf8dc13412843b68282bf3561b9cbfbe404a7c760e4fd0df53ae39092070045eb5c

Download Submit
C:\Users\Admin\Downloads\agepbidfkokeeojcgoaophdnjknncjiiahiflhjkhjin_EHW_1._rocnik_uvod_opakovani_1.docx

Filesize
11KB

MD5
d2eb0b542047cf75df636310e7f87f94

SHA1
632198cf769f18de692008a8ea2ced503a6144cc

SHA256
83180370cc8eb81a83cc90c4a2c49f8d122aa8d1eaad5384293a54862d14de51

SHA512
f98112b5aac9d661c6d979ab547405595b13c16bfff3604eb13e35e0ab42d87f5360495d7693a1f1dfceb9d3203ea5ed0977aa78f714b0fbef990648c1126a4a

Download Submit
C:\Users\Admin\Downloads\agepbidfkokeeojcgoaophdnjknncjiiahiflhjkhjin_EHW_1._rocnik_uvod_opakovani_1.docx

Filesize
11KB

MD5
d2eb0b542047cf75df636310e7f87f94

SHA1
632198cf769f18de692008a8ea2ced503a6144cc

SHA256
83180370cc8eb81a83cc90c4a2c49f8d122aa8d1eaad5384293a54862d14de51

SHA512
f98112b5aac9d661c6d979ab547405595b13c16bfff3604eb13e35e0ab42d87f5360495d7693a1f1dfceb9d3203ea5ed0977aa78f714b0fbef990648c1126a4a

Download Submit
memory/2692-54-0x00007FFFCA5D0000-0x00007FFFCA7C5000-memory.dmp

Filesize
2.0MB

Download
memory/2692-59-0x00007FFFCA5D0000-0x00007FFFCA7C5000-memory.dmp

Filesize
2.0MB

Download
memory/2692-62-0x00007FFFCA5D0000-0x00007FFFCA7C5000-memory.dmp

Filesize
2.0MB

Download
memory/2692-64-0x00007FFFCA5D0000-0x00007FFFCA7C5000-memory.dmp

Filesize
2.0MB

Download
memory/2692-65-0x00007FFFCA5D0000-0x00007FFFCA7C5000-memory.dmp

Filesize
2.0MB

Download
memory/2692-63-0x00007FFF87ED0000-0x00007FFF87EE0000-memory.dmp

Filesize
64KB

Download
memory/2692-66-0x00007FFFCA5D0000-0x00007FFFCA7C5000-memory.dmp

Filesize
2.0MB

Download
memory/2692-67-0x00007FFFCA5D0000-0x00007FFFCA7C5000-memory.dmp

Filesize
2.0MB

Download
memory/2692-68-0x00007FFFCA5D0000-0x00007FFFCA7C5000-memory.dmp

Filesize
2.0MB

Download
memory/2692-69-0x00007FFFCA5D0000-0x00007FFFCA7C5000-memory.dmp

Filesize
2.0MB

Download
memory/2692-70-0x00007FFFCA5D0000-0x00007FFFCA7C5000-memory.dmp

Filesize
2.0MB

Download
memory/2692-71-0x00007FFFCA5D0000-0x00007FFFCA7C5000-memory.dmp

Filesize
2.0MB

Download
memory/2692-60-0x00007FFFCA5D0000-0x00007FFFCA7C5000-memory.dmp

Filesize
2.0MB

Download
memory/2692-61-0x00007FFFCA5D0000-0x00007FFFCA7C5000-memory.dmp

Filesize
2.0MB

Download
memory/2692-58-0x00007FFF87ED0000-0x00007FFF87EE0000-memory.dmp

Filesize
64KB

Download
memory/2692-57-0x00007FFFCA5D0000-0x00007FFFCA7C5000-memory.dmp

Filesize
2.0MB

Download
memory/2692-56-0x00007FFFCA5D0000-0x00007FFFCA7C5000-memory.dmp

Filesize
2.0MB

Download
memory/2692-55-0x00007FFF8A650000-0x00007FFF8A660000-memory.dmp

Filesize
64KB

Download
memory/2692-53-0x00007FFF8A650000-0x00007FFF8A660000-memory.dmp

Filesize
64KB

Download
memory/2692-124-0x00007FFFCA5D0000-0x00007FFFCA7C5000-memory.dmp

Filesize
2.0MB

Download
memory/2692-125-0x00007FFFCA5D0000-0x00007FFFCA7C5000-memory.dmp

Filesize
2.0MB

Download
memory/2692-126-0x00007FFFCA5D0000-0x00007FFFCA7C5000-memory.dmp

Filesize
2.0MB

Download
memory/2692-52-0x00007FFFCA5D0000-0x00007FFFCA7C5000-memory.dmp

Filesize
2.0MB

Download
memory/2692-51-0x00007FFF8A650000-0x00007FFF8A660000-memory.dmp

Filesize
64KB

Download
memory/2692-50-0x00007FFF8A650000-0x00007FFF8A660000-memory.dmp

Filesize
64KB

Download
memory/2692-49-0x00007FFFCA5D0000-0x00007FFFCA7C5000-memory.dmp

Filesize
2.0MB

Download
memory/2692-48-0x00007FFF8A650000-0x00007FFF8A660000-memory.dmp

Filesize
64KB

Download