hxxps://apkadmin[.]com/pqwcbmg84u34/LuckyPatcher-MOD-v10[.]6[.]9[.]apk[.]html

Analysis

max time kernel
124s
max time network
131s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
23/02/2024, 03:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://apkadmin.com/pqwcbmg84u34/LuckyPatcher-MOD-v10.6.9.apk.html

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-627134735-902745853-4257352768-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies registry class 9 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-627134735-902745853-4257352768-1000_Classes\apk_auto_file\shell\Read\command\ = "\"C:\\Program Files (x86)\\Adobe\\Acrobat Reader DC\\Reader\\AcroRd32.exe\" \"%1\""	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-627134735-902745853-4257352768-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-627134735-902745853-4257352768-1000_Classes\.apk	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-627134735-902745853-4257352768-1000_Classes\apk_auto_file	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-627134735-902745853-4257352768-1000_Classes\.apk\ = "apk_auto_file"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-627134735-902745853-4257352768-1000_Classes\apk_auto_file\shell\Read	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-627134735-902745853-4257352768-1000_Classes\apk_auto_file\shell	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-627134735-902745853-4257352768-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-627134735-902745853-4257352768-1000_Classes\apk_auto_file\shell\Read\command	OpenWith.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\LuckyPatcher-MOD-v10.6.9.apk:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
764	msedge.exe
764	msedge.exe
5104	msedge.exe
5104	msedge.exe
3504	identity_helper.exe
3504	identity_helper.exe
4576	msedge.exe
4576	msedge.exe
4568	msedge.exe
4568	msedge.exe
2876	msedge.exe
2876	msedge.exe
2876	msedge.exe
2876	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1020	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs

pid	Process
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe

Suspicious use of FindShellTrayWindow 38 IoCs

pid	Process
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe

Suspicious use of SetWindowsHookEx 37 IoCs

pid	Process
1020	OpenWith.exe
1020	OpenWith.exe
1020	OpenWith.exe
1020	OpenWith.exe
1020	OpenWith.exe
1020	OpenWith.exe
1020	OpenWith.exe
1020	OpenWith.exe
1020	OpenWith.exe
1020	OpenWith.exe
1020	OpenWith.exe
1020	OpenWith.exe
1020	OpenWith.exe
1020	OpenWith.exe
1020	OpenWith.exe
1020	OpenWith.exe
1020	OpenWith.exe
1020	OpenWith.exe
1020	OpenWith.exe
1020	OpenWith.exe
1020	OpenWith.exe
1020	OpenWith.exe
1020	OpenWith.exe
1020	OpenWith.exe
1020	OpenWith.exe
1020	OpenWith.exe
1020	OpenWith.exe
1020	OpenWith.exe
1020	OpenWith.exe
1020	OpenWith.exe
1020	OpenWith.exe
1020	OpenWith.exe
1020	OpenWith.exe
3304	AcroRd32.exe
3304	AcroRd32.exe
3304	AcroRd32.exe
3304	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5104 wrote to memory of 224	5104	msedge.exe	78
PID 5104 wrote to memory of 224	5104	msedge.exe	78
PID 5104 wrote to memory of 4624	5104	msedge.exe	80
PID 5104 wrote to memory of 4624	5104	msedge.exe	80
PID 5104 wrote to memory of 4624	5104	msedge.exe	80
PID 5104 wrote to memory of 4624	5104	msedge.exe	80
PID 5104 wrote to memory of 4624	5104	msedge.exe	80
PID 5104 wrote to memory of 4624	5104	msedge.exe	80
PID 5104 wrote to memory of 4624	5104	msedge.exe	80
PID 5104 wrote to memory of 4624	5104	msedge.exe	80
PID 5104 wrote to memory of 4624	5104	msedge.exe	80
PID 5104 wrote to memory of 4624	5104	msedge.exe	80
PID 5104 wrote to memory of 4624	5104	msedge.exe	80
PID 5104 wrote to memory of 4624	5104	msedge.exe	80
PID 5104 wrote to memory of 4624	5104	msedge.exe	80
PID 5104 wrote to memory of 4624	5104	msedge.exe	80
PID 5104 wrote to memory of 4624	5104	msedge.exe	80
PID 5104 wrote to memory of 4624	5104	msedge.exe	80
PID 5104 wrote to memory of 4624	5104	msedge.exe	80
PID 5104 wrote to memory of 4624	5104	msedge.exe	80
PID 5104 wrote to memory of 4624	5104	msedge.exe	80
PID 5104 wrote to memory of 4624	5104	msedge.exe	80
PID 5104 wrote to memory of 4624	5104	msedge.exe	80
PID 5104 wrote to memory of 4624	5104	msedge.exe	80
PID 5104 wrote to memory of 4624	5104	msedge.exe	80
PID 5104 wrote to memory of 4624	5104	msedge.exe	80
PID 5104 wrote to memory of 4624	5104	msedge.exe	80
PID 5104 wrote to memory of 4624	5104	msedge.exe	80
PID 5104 wrote to memory of 4624	5104	msedge.exe	80
PID 5104 wrote to memory of 4624	5104	msedge.exe	80
PID 5104 wrote to memory of 4624	5104	msedge.exe	80
PID 5104 wrote to memory of 4624	5104	msedge.exe	80
PID 5104 wrote to memory of 4624	5104	msedge.exe	80
PID 5104 wrote to memory of 4624	5104	msedge.exe	80
PID 5104 wrote to memory of 4624	5104	msedge.exe	80
PID 5104 wrote to memory of 4624	5104	msedge.exe	80
PID 5104 wrote to memory of 4624	5104	msedge.exe	80
PID 5104 wrote to memory of 4624	5104	msedge.exe	80
PID 5104 wrote to memory of 4624	5104	msedge.exe	80
PID 5104 wrote to memory of 4624	5104	msedge.exe	80
PID 5104 wrote to memory of 4624	5104	msedge.exe	80
PID 5104 wrote to memory of 4624	5104	msedge.exe	80
PID 5104 wrote to memory of 764	5104	msedge.exe	79
PID 5104 wrote to memory of 764	5104	msedge.exe	79
PID 5104 wrote to memory of 2680	5104	msedge.exe	81
PID 5104 wrote to memory of 2680	5104	msedge.exe	81
PID 5104 wrote to memory of 2680	5104	msedge.exe	81
PID 5104 wrote to memory of 2680	5104	msedge.exe	81
PID 5104 wrote to memory of 2680	5104	msedge.exe	81
PID 5104 wrote to memory of 2680	5104	msedge.exe	81
PID 5104 wrote to memory of 2680	5104	msedge.exe	81
PID 5104 wrote to memory of 2680	5104	msedge.exe	81
PID 5104 wrote to memory of 2680	5104	msedge.exe	81
PID 5104 wrote to memory of 2680	5104	msedge.exe	81
PID 5104 wrote to memory of 2680	5104	msedge.exe	81
PID 5104 wrote to memory of 2680	5104	msedge.exe	81
PID 5104 wrote to memory of 2680	5104	msedge.exe	81
PID 5104 wrote to memory of 2680	5104	msedge.exe	81
PID 5104 wrote to memory of 2680	5104	msedge.exe	81
PID 5104 wrote to memory of 2680	5104	msedge.exe	81
PID 5104 wrote to memory of 2680	5104	msedge.exe	81
PID 5104 wrote to memory of 2680	5104	msedge.exe	81
PID 5104 wrote to memory of 2680	5104	msedge.exe	81
PID 5104 wrote to memory of 2680	5104	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://apkadmin.com/pqwcbmg84u34/LuckyPatcher-MOD-v10.6.9.apk.html
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9d1153cb8,0x7ff9d1153cc8,0x7ff9d1153cd8
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,8452428347501725878,2267654594218749719,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,8452428347501725878,2267654594218749719,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,8452428347501725878,2267654594218749719,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2564 /prefetch:8
  2⤵
  PID:2680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,8452428347501725878,2267654594218749719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:1448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,8452428347501725878,2267654594218749719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:4216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,8452428347501725878,2267654594218749719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,8452428347501725878,2267654594218749719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,8452428347501725878,2267654594218749719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,8452428347501725878,2267654594218749719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,8452428347501725878,2267654594218749719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,8452428347501725878,2267654594218749719,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6500 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,8452428347501725878,2267654594218749719,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5680 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,8452428347501725878,2267654594218749719,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:3192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,8452428347501725878,2267654594218749719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
  2⤵
  PID:1984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,8452428347501725878,2267654594218749719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
  2⤵
  PID:4024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,8452428347501725878,2267654594218749719,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
  2⤵
  PID:1392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,8452428347501725878,2267654594218749719,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,8452428347501725878,2267654594218749719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,8452428347501725878,2267654594218749719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1
  2⤵
  PID:1156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,8452428347501725878,2267654594218749719,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6724 /prefetch:1
  2⤵
  PID:2452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,8452428347501725878,2267654594218749719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6824 /prefetch:1
  2⤵
  PID:32
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,8452428347501725878,2267654594218749719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7080 /prefetch:1
  2⤵
  PID:1144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,8452428347501725878,2267654594218749719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
  2⤵
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,8452428347501725878,2267654594218749719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1256 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,8452428347501725878,2267654594218749719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6560 /prefetch:1
  2⤵
  PID:1796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,8452428347501725878,2267654594218749719,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7416 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,8452428347501725878,2267654594218749719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7224 /prefetch:1
  2⤵
  PID:1624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,8452428347501725878,2267654594218749719,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1732 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2876

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4604

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4520

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1020
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\LuckyPatcher-MOD-v10.6.9.apk"
  2⤵
  - Checks processor information in registry
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3304
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
    3⤵
    PID:4164
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=DB8FBDD4D418244C1A848DD54F1DE9A6 --mojo-platform-channel-handle=1772 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:1348
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=3E060AFE9FFB065DBB37B7002D210373 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=3E060AFE9FFB065DBB37B7002D210373 --renderer-client-id=2 --mojo-platform-channel-handle=1780 --allow-no-sandbox-job /prefetch:1
      4⤵
      PID:2228
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=C6CEC307EF2F66D6EB8D1803849DF69E --mojo-platform-channel-handle=2196 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:804
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=94F12160E36D799DDF9CC12CAE22467E --mojo-platform-channel-handle=1856 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:4484
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=C27D25FC4FECF7ADA60FAD639225BA48 --mojo-platform-channel-handle=2516 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:4036

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d4604cbec2768d84c36d8ab35dfed413

SHA1
a5b3db6d2a1fa5a8de9999966172239a9b1340c2

SHA256
4ea5e5f1ba02111bc2bc9320ae9a1ca7294d6b3afedc128717b4c6c9df70bde2

SHA512
c8004e23dc8a51948a2a582a8ce6ebe1d2546e4c1c60e40c6583f5de1e29c0df20650d5cb36e5d2db3fa6b29b958acc3afd307c66f48c168e68cbb6bcfc52855

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
577e1c0c1d7ab0053d280fcc67377478

SHA1
60032085bb950466bba9185ba965e228ec8915e5

SHA256
1d2022a0870c1a97ae10e8df444b8ba182536ed838a749ad1e972c0ded85e158

SHA512
39d3fd2d96aee014068f3fda389a40e3173c6ce5b200724c433c48ddffe864edfc6207bb0612b8a811ce41746b7771b81bce1b9cb71a28f07a251a607ce51ef5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
19KB

MD5
7812c82fbef023b080743621f0229007

SHA1
01558368403e0125f506336f416d670715faa242

SHA256
5b9415d4856638503130965e450c9426004bff3b91e857a03ea24e2a33592475

SHA512
74ab0229fc29368e3d068ff20975cb2102f34bc7b6ccf37324df6eaf77a65b1102085c473e5f14aaf0da9fe7c49bc46145ee23cc95ef9ace88e3b9f6685b2447

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
28KB

MD5
6a03a2353c46de545436c57707c80f28

SHA1
c77f18d389ec06232af9ee9aa44ad5d2c21e9a86

SHA256
6746ed6d1be26fa179963acf13264c24e678d3a65e358dfd0d397e43e16d6215

SHA512
355e536b00fd923a874c8b72d9eaf5bc4c53b4780253013abb8e8c4dedc9177f891184c3f682fdc451e341a22806e83bd3c5c9ff54136a51aedcfae3381010a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
52KB

MD5
2e68ca1a0aee8ec68b1fe1418ac178de

SHA1
3d48db8ffacf2609b8f86ed9fb09eef9f8eb54ea

SHA256
820a521bc192506f361bed345ad5a251b8945886c7bca4948b31ad146e27e3db

SHA512
ef265994f463acf03a10c7d602bbcbc0c4a47d134fdd673d129b778fb3c9bac0f500d55022d758a8746d232e9b1ba7744dee0b7ec533934e862a59a594328198

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
134KB

MD5
4787dd34ac59f7876fc7a3e8c4d3c01c

SHA1
0a2fa42f0b64a361f9404802fc4eea75da616df5

SHA256
cebb59025c724f97697d4cfabceb05bb69c991351ef578467104cf1cbb35beee

SHA512
fcfe75082898e159cbd1b0a2d449df81c577c04822ba598431c179d40fd9c87e9f01376691993b8c1860c189543c1a16cb8512d60d01270bb411eec229b5caed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
89KB

MD5
04ee5ebc4a4ad7dc0cdb58c92b81ead2

SHA1
93f6a27c5355195b4a9c03346f03de128e61c5b4

SHA256
3184020f3ec94cb568db5bff03728c442c00b5af36f7cfa6576c8aefb7aa651c

SHA512
2f3f5bfc2216d78635ae977ece67f54b8ca7abf652cda9d07d5e3a05d6404bac8fc42f9269d8103afeab2b0b703e1d8f7c8f729242826749cff752a505c00603

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
70KB

MD5
8102cc985a0a9546c5ade85c9bb5a875

SHA1
9cfebc29b57d74db9d1a613f6cac8793fd4b49d3

SHA256
be394703e8f3d90f3f02a9ede0200719a08f35100df47927a0c69902361983fe

SHA512
e008c269077ef313c185e6623770a1bf540532a6b668104388e58d441dad4fe54b3d4a0588c91bccedf6bbce2370bd96fca94d33d534994a83b411ea91f0281d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
28KB

MD5
a877796bf818c5557274568b351b5ef8

SHA1
9ddabe8d09940d930df9fa205104ad7bbf4e35de

SHA256
c14e9d194ca8c7290748fe25e6f40052191598e0b1749016432e144127afb985

SHA512
590fff9440bcc9bd1c898742abffea8352de510476bea1764a5b74603f383a54d21c0f4c7fe29ce1b1a3eb1ab84f89edc972baba8f7adb09fe1f11ba11146731

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
25KB

MD5
9ce259904849c13e4e082bbb136b9bed

SHA1
c5d49bd681e72e46a3f6afc0136e1c2b15a89248

SHA256
6283b261e2faca0872cd4200b78788bff996ed8b50e99e5c50b10b07c2277285

SHA512
2ed542c651031f4fe90ab86e80aa49132e024648f0885174ca11a64d4e9e4b765d70b55902be0a228a131ed34ea65f858fd342a636e35ac35525cd940e406c94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
16KB

MD5
89a574ff00e6b0ec61d995d059ce6e65

SHA1
aea09e96808ab77165ffa712eaa58b8f056d0bb6

SHA256
e5c29c139842fd487473d0824f2c01b374680fb35d22fa929686d17896602a44

SHA512
30d0d40bd680e61968273155b740901cdfa66670fc2af6f23e44c6b998b67cc1fcd0b51bd5f9470f209f188e75d071355e592b2a7c97f4bfd15d07d455e0909d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
16KB

MD5
cfa2ab4f9278c82c01d2320d480258fe

SHA1
ba1468b2006b74fe48be560d3e87f181e8d8ba77

SHA256
d64d90cc9fa9be071a5e067a068d8afda2819b6e9926560dd0f8c2aaabeca22e

SHA512
4016e27b20442a84ea9550501eded854f84c632eeced46b594bcd4fc388de8e6a3fbfe3c1c4dbd05f870a2379034893bfd6fd73ac39ef4a85cbf280ab8d44979

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
62KB

MD5
bd7413700347d61e76c331f09e872ad0

SHA1
edcf8c0e570d8f6dd4251bd68a2800d4dfce4235

SHA256
0ea7fbc16f020a826084718b4a536bc6b5d0a8315687b2833f64294d833f25a7

SHA512
90028946c4504663bddcd07afd11ac964b4d34cd63d090f4d1dc2d4ce34ef540efeb6a9f7412dd4a9e5691718fa0927e0f3c52a2d1a5a9e4512e19071a9532ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
31KB

MD5
13cfa53cd77baa3cd8f46b2649ce0a06

SHA1
dbdbfe23ab336a3a5ca28bfca16197624b85955f

SHA256
a2306ee57d806468b732988af50f9c991e0b8d005283339b8c24130a455df109

SHA512
80a07ac13f9b730b90bd81565fd611be03eab85c407819f800772f136ed4b35eb2bb1c56841b2b3ba63236c91d98137138e0f149214216d5af84beaef0f42ad1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
93KB

MD5
6b9679b865e03ba98830cc0f8087e576

SHA1
0407099ae2be0bbdc9933f2d0b7e8a32d02ff45f

SHA256
0ca96dd5251cb3c97de8c0d63c6965ac7a2912c2b8360b723234c546681ec3fd

SHA512
dde29394e9cbed908a48817cf6e2e838725dc647dd1ea37a92b0d367342da739baba57efba3dfbac874b9a1f2bec6be9328acf10a2d22f55f33e07eefd0c018f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
65KB

MD5
8a42ba5472aa4afa3d3ac12f31d47408

SHA1
2add574424ac47c1e83b0b7fae5d040c46ac38a7

SHA256
759bfec59bce5ddea7751b7f93408074a8c27cb2c387b08b6b9f4aa111266ec4

SHA512
3e1081a6e1c29f6dae28ab997c551a6d107d4f4b7e0981a19ba81a30a4e420dee1791321dca8f4b500c9e7e4a41c5e5c75013a72e5a5cde3f7e6c50393eb10b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ade865aa82ae53e345dd65e87ebe31ae

SHA1
0700e4d5dda5d129df33472e9c98b3a65de8eada

SHA256
88bc04f3f53d9ebcd7cb409c0c644175093ff3d1ac0d6d826047d1d45cc4d5bb

SHA512
1ec0a181d50290e4957c39e8f0014986985d2077c2b6d227e39c6b7d043c91d56af3e1abbba7da55a5db1b137175fe74e0ca8471a8a7b0beffbac050e29f9f7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a9e4629ce8a3432947372d7008096c44

SHA1
45ef1669ce39bae30cdcb825c7a02dbdd5226890

SHA256
afc0ec46659d99d7765bd7a98b1e671b19db37ed38a3e0821d49fd89ea8de669

SHA512
e7f7c7850befbe8cfc031047e81ad555919bcc7a722be711e064767419cbcf8d4ae789760a0582bb93d8486167abb46de778c204500be2ff97d9abaf6be07555

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
07a615288bf76da4b1954ada803a5037

SHA1
b006fd9e64a2a7b2443547265ea04c5c9a8149a9

SHA256
3145382bf4551b3db3ef165804b64e60748420904cb7d95c62c3d4659792bfad

SHA512
d3e536f25e1699bd59ce97d29e32c05d36359b2ab1319cd3963faf376bdf132c6828ae6256d299ad279a28972d0bc8dc80817cad7cc18880a5477396b30768f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ed46eb15028be7ebcc801de4a0e76ac5

SHA1
a6a9e273b122dc021c04c2e3af30729ad49e4db6

SHA256
656ce65aa75285d2fa8b09609c3d0e1f4e3ec775b6781ac2b2bc1fe3688abe47

SHA512
7d2c679d3d90ead7d9ad01c01f2ab513cb7085208c653868bfad7915bd998b5d202e16e33b1c7095619cbd1f89fb72403742c40ce2e81a6ada6149e1bd7849c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
c21af73bc5f7f4ff4fafee0ee0937e72

SHA1
7e27f025956fab56edb73b72122f81d0bf5dc45c

SHA256
e3416c9e805d95bf0bddcbff4aed3b4a510df79ec4a0bfa085776c5ee3c5d531

SHA512
1b9d3217b2b8de1294b5b2e95c15cd810f06d410183bf41abe044f12acdf775654de532f7c9aef223efbb9541f3eb1a4352155383975a81208233065397c51f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
3fcb0cbfdbb0c080fda37d4d5deef7fd

SHA1
1338f3e2a58455c5a9603e5f85abd88d14bce7ab

SHA256
f720fa20fce44f3679e80f72e071bc3d2e94bc806555d251d56e928aa72b54e1

SHA512
bc43b88f243b2fafcecad672cfe553985d300c8e226ca5528f95f11b813977990c391e52303a80a6f5a4ff680c9e0f815b9fbab85cda564a23cda6f6e8f1afc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
4e6c175782bba87dae944dfa80946821

SHA1
dd5a1d2ddf1d0a556b9e6ec66dc37c57f6f8209f

SHA256
4dbf17716427cceb70694ab36ae4cf87ac7c64526f2c66f3bdf56bef51e48eae

SHA512
0212e94f164cc9dd51cc0519ff91c828a23e8817989e1ab99a9ac09b88dfc6ff27bc9b339a9e03e36cc5110eb186c4508c77b1b190df7abe58357842c9f4c57a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
fc6878e8a55f79c784ba8ccb11813c7b

SHA1
f6d706f853299b2e660a6c523684e89d62b23bff

SHA256
055ab247580d102ed712aef542e22ae37895bc3eec3dc25a1d04fd0723bb1c5d

SHA512
ed937d09711c92f1ecb79c22aa2fdfeb72b973cfc2fe3c36d419908e7c780e730be514a3b07ae27fa1b2254057efebaee09ac87ef00fef6b56944bb229a35d2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
e64c84966300ae04a5d1f814b1c71300

SHA1
5e2f3e0aa55b512b25ad8957de0876cc91d7b53d

SHA256
a5a162a364527b5321951875d0e6d068cba33889234c1030db0ffbce5f2632a8

SHA512
211d711a15ff1c2f2411e7c8e19a5fef82cb7735511d079f6d9fb96b2f602acb2e03ac2b186934b64e14f17f376c7df922f995257cc4a9399b5cb633bc7a1523

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
fcb6a8a36ebba662ce637ea4c2d31bdb

SHA1
145678149d422679c4f524b45f9f2f3b1000d045

SHA256
83157760a6be3872977f36366fce4c6a7d71546239004d1e50ba6fe99e7138bd

SHA512
3ee88fe9ab1b6d4426d82e1cd8bd0370b3f2959a45b8723b311c334c28e43eefc5dec43a578b42397b4a71ec6b7fd6a2dec0ab9833c82c5e46c15e4ecaf645e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
a8fead0148d953b39eef3a28a55ea617

SHA1
8ebb96e958c55d4d42b58e009bb4f49934a1ed44

SHA256
0f556b91d2feeb8c8a7721ddcdc77eec05dd44843a1090ffb4bdc890883932b6

SHA512
00cd2233dbf867c5659af036bfa1cf7a5d46a25d20e8e5f7ba1cd1f44cd0fdf9949c4186142db3290cb1f780a4ec57beee85d9d408f1ee52b3886a0f3a09c475

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
0678860eaac7b8ec2dc6f2c97f3aeec4

SHA1
ab4543e754a8121fcb2c9c742007af91bfa05e26

SHA256
0ece08520f0af2faa2e26f67b24f237f674fcd3796bfaa5f52e53693d4aef3e6

SHA512
ea7f69e10bff2cfd05988c2f5ea2841cc6b9d0ff37a6c9c0b545bc78542a1304a08f6c881f1e3e235e0688d39406e534176da6fd4d437aac2cfd90d374a69095

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
02ac0435cd139470bf2ef3e7804eedad

SHA1
ace35e7f517647e8647d608dc0c25d4f8d724167

SHA256
63b6654fbfd5d1462b7c2f0994e7ea815e283915d5cb386634cdc5272614f338

SHA512
696d197002e52a735d8a99775b6b4b99726960daa4e4f13e986ad6b5e512ac0cca8f689d422e6028ae4737fc3c2b85ee8632afff8f3b308896e2ad92816b8d7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
26414f056d6dbb66b2824ce7b61c0235

SHA1
ed476c66e3b19654a255324987da5d4b5c083d65

SHA256
1bbc38b90832773f8dc5f0e20fb2a78cb2083ed2079fe2f676cb9758235e5a38

SHA512
ba391b1d89ddb494dc2d4ab1cf1144de716a648430d3f768c792518a4e143611544ae4f52b46462eb738eef9ae62603861b8ca26a0cab61a9219b53a994f35e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e3e5f4153173596c4d1384a68a9fded6

SHA1
19415d29861707fc46bcebd49809702b89ec916a

SHA256
a91a534ebdf8f2840ac2ad01022f20d1e4199d26874e462e3dcfd925a49c6f52

SHA512
524f19467fad2ca528512cb4239d29019deb19cc8d9b13549745dd01cafc2aca312a190fe0956d5ee05c6a3b16e8b0e1caf5737ccaa6d14dc88600f9258ebbb0

Download Submit
C:\Users\Admin\Downloads\LuckyPatcher-MOD-v10.6.9.apk:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 817500.crdownload

Filesize
10.0MB

MD5
b495698d7957bba948fca5e94e750a5d

SHA1
edd05a0cdcbee9bd01bb832a1c46d88a9b5a5abd

SHA256
454bed4656ac0b78aafb9d71f135587c7c55825e0beb06543155c0894ed37f07

SHA512
b8183443fa3e7cc3720de8ea9926bf9f9ee7b9de68dd10748b6cc97c251e89ee5b68ef370afd42d6313d6b9b8cfc8cc97be2a80c92c03f59f64a01989d52c78c

Download Submit