f6e41201565634f720add92bd51325b9dab77d0a82ae33c93a2ffe23c1e90a7b

Analysis

max time kernel
359s
max time network
359s
platform
windows10-1703_x64
resource
win10-20240221-en
resource tags

arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
submitted
18/03/2024, 22:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Johnston chamber #94562.pdf
Size

29KB
MD5

929321817a430e1494bf5e482e9144ba
SHA1

da554dd010089a1dda3a9206e64b7ec49e97ae08
SHA256

f6e41201565634f720add92bd51325b9dab77d0a82ae33c93a2ffe23c1e90a7b
SHA512

95e7c4eb06781d872be727c6c2f2f31b47971fde9fbcf9b83d5afc06b4be038de4df81eedfc4cd9d793ddf522e3ae98d043c24fd7156f70bc13aa95d0290a75d
SSDEEP

768:rwm5B3d0IOh6hrl47ojoauKb7eXsOxuRpR+VkNea1BtvkX9:MIBm7Sl47ojoaiXsOx8p2aPc

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 5 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe

Checks processor information in registry 2 TTPs 7 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133552732160321648"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState\EdpCleanupState = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = f635aa698079da01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Revision = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\ = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Rating Prompt Shown = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\adobe.com\Total = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com\ = "23"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 7ba0b6858079da01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\NextUpdateDate = "417613090"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "268435456"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "1472"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Extensible Cache	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CacheLimit = "1"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Discuz!	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$WordPress	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\NextUpdateDate = "417564505"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\adobe.com\NumberOfSubdomains = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory\NextBrowserDataLogTime = 30f494cab279da01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com\ = "1310"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "1419"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\FileVersion = "2016061511"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "132"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$MediaWiki	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2852630833-2010812756-3750823755-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdge.exe

Suspicious behavior: EnumeratesProcesses 24 IoCs

pid	Process
3504	AcroRd32.exe
3504	AcroRd32.exe
3504	AcroRd32.exe
3504	AcroRd32.exe
3504	AcroRd32.exe
3504	AcroRd32.exe
3504	AcroRd32.exe
3504	AcroRd32.exe
3504	AcroRd32.exe
3504	AcroRd32.exe
3504	AcroRd32.exe
3504	AcroRd32.exe
3504	AcroRd32.exe
3504	AcroRd32.exe
3504	AcroRd32.exe
3504	AcroRd32.exe
3504	AcroRd32.exe
3504	AcroRd32.exe
3504	AcroRd32.exe
3504	AcroRd32.exe
5072	chrome.exe
5072	chrome.exe
7216	chrome.exe
7216	chrome.exe

Suspicious behavior: MapViewOfSection 8 IoCs

pid	Process
4768	MicrosoftEdgeCP.exe
4768	MicrosoftEdgeCP.exe
4768	MicrosoftEdgeCP.exe
4768	MicrosoftEdgeCP.exe
4768	MicrosoftEdgeCP.exe
4768	MicrosoftEdgeCP.exe
4768	MicrosoftEdgeCP.exe
4768	MicrosoftEdgeCP.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3680	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3680	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3680	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3680	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	5700	firefox.exe
Token: SeDebugPrivilege	5700	firefox.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe
Token: SeShutdownPrivilege	5072	chrome.exe
Token: SeCreatePagefilePrivilege	5072	chrome.exe

Suspicious use of FindShellTrayWindow 31 IoCs

pid	Process
3504	AcroRd32.exe
5700	firefox.exe
5700	firefox.exe
5700	firefox.exe
5700	firefox.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe

Suspicious use of SendNotifyMessage 31 IoCs

pid	Process
3504	AcroRd32.exe
3504	AcroRd32.exe
3504	AcroRd32.exe
3504	AcroRd32.exe
5700	firefox.exe
5700	firefox.exe
5700	firefox.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe
5072	chrome.exe

Suspicious use of SetWindowsHookEx 17 IoCs

pid	Process
3504	AcroRd32.exe
3504	AcroRd32.exe
3504	AcroRd32.exe
3504	AcroRd32.exe
3504	AcroRd32.exe
5040	MicrosoftEdge.exe
4768	MicrosoftEdgeCP.exe
3680	MicrosoftEdgeCP.exe
4768	MicrosoftEdgeCP.exe
4264	MicrosoftEdgeCP.exe
3504	AcroRd32.exe
5040	MicrosoftEdge.exe
5040	MicrosoftEdge.exe
5700	firefox.exe
5700	firefox.exe
5700	firefox.exe
5700	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3504 wrote to memory of 2916	3504	AcroRd32.exe	73
PID 3504 wrote to memory of 2916	3504	AcroRd32.exe	73
PID 3504 wrote to memory of 2916	3504	AcroRd32.exe	73
PID 2916 wrote to memory of 1424	2916	RdrCEF.exe	74
PID 2916 wrote to memory of 1424	2916	RdrCEF.exe	74
PID 2916 wrote to memory of 1424	2916	RdrCEF.exe	74
PID 2916 wrote to memory of 1424	2916	RdrCEF.exe	74
PID 2916 wrote to memory of 1424	2916	RdrCEF.exe	74
PID 2916 wrote to memory of 1424	2916	RdrCEF.exe	74
PID 2916 wrote to memory of 1424	2916	RdrCEF.exe	74
PID 2916 wrote to memory of 1424	2916	RdrCEF.exe	74
PID 2916 wrote to memory of 1424	2916	RdrCEF.exe	74
PID 2916 wrote to memory of 1424	2916	RdrCEF.exe	74
PID 2916 wrote to memory of 1424	2916	RdrCEF.exe	74
PID 2916 wrote to memory of 1424	2916	RdrCEF.exe	74
PID 2916 wrote to memory of 1424	2916	RdrCEF.exe	74
PID 2916 wrote to memory of 1424	2916	RdrCEF.exe	74
PID 2916 wrote to memory of 1424	2916	RdrCEF.exe	74
PID 2916 wrote to memory of 1424	2916	RdrCEF.exe	74
PID 2916 wrote to memory of 1424	2916	RdrCEF.exe	74
PID 2916 wrote to memory of 1424	2916	RdrCEF.exe	74
PID 2916 wrote to memory of 1424	2916	RdrCEF.exe	74
PID 2916 wrote to memory of 1424	2916	RdrCEF.exe	74
PID 2916 wrote to memory of 1424	2916	RdrCEF.exe	74
PID 2916 wrote to memory of 1424	2916	RdrCEF.exe	74
PID 2916 wrote to memory of 1424	2916	RdrCEF.exe	74
PID 2916 wrote to memory of 1424	2916	RdrCEF.exe	74
PID 2916 wrote to memory of 1424	2916	RdrCEF.exe	74
PID 2916 wrote to memory of 1424	2916	RdrCEF.exe	74
PID 2916 wrote to memory of 1424	2916	RdrCEF.exe	74
PID 2916 wrote to memory of 1424	2916	RdrCEF.exe	74
PID 2916 wrote to memory of 1424	2916	RdrCEF.exe	74
PID 2916 wrote to memory of 1424	2916	RdrCEF.exe	74
PID 2916 wrote to memory of 1424	2916	RdrCEF.exe	74
PID 2916 wrote to memory of 1424	2916	RdrCEF.exe	74
PID 2916 wrote to memory of 1424	2916	RdrCEF.exe	74
PID 2916 wrote to memory of 1424	2916	RdrCEF.exe	74
PID 2916 wrote to memory of 1424	2916	RdrCEF.exe	74
PID 2916 wrote to memory of 1424	2916	RdrCEF.exe	74
PID 2916 wrote to memory of 1424	2916	RdrCEF.exe	74
PID 2916 wrote to memory of 1424	2916	RdrCEF.exe	74
PID 2916 wrote to memory of 1424	2916	RdrCEF.exe	74
PID 2916 wrote to memory of 1424	2916	RdrCEF.exe	74
PID 2916 wrote to memory of 1424	2916	RdrCEF.exe	74
PID 2916 wrote to memory of 4488	2916	RdrCEF.exe	75
PID 2916 wrote to memory of 4488	2916	RdrCEF.exe	75
PID 2916 wrote to memory of 4488	2916	RdrCEF.exe	75
PID 2916 wrote to memory of 4488	2916	RdrCEF.exe	75
PID 2916 wrote to memory of 4488	2916	RdrCEF.exe	75
PID 2916 wrote to memory of 4488	2916	RdrCEF.exe	75
PID 2916 wrote to memory of 4488	2916	RdrCEF.exe	75
PID 2916 wrote to memory of 4488	2916	RdrCEF.exe	75
PID 2916 wrote to memory of 4488	2916	RdrCEF.exe	75
PID 2916 wrote to memory of 4488	2916	RdrCEF.exe	75
PID 2916 wrote to memory of 4488	2916	RdrCEF.exe	75
PID 2916 wrote to memory of 4488	2916	RdrCEF.exe	75
PID 2916 wrote to memory of 4488	2916	RdrCEF.exe	75
PID 2916 wrote to memory of 4488	2916	RdrCEF.exe	75
PID 2916 wrote to memory of 4488	2916	RdrCEF.exe	75
PID 2916 wrote to memory of 4488	2916	RdrCEF.exe	75
PID 2916 wrote to memory of 4488	2916	RdrCEF.exe	75
PID 2916 wrote to memory of 4488	2916	RdrCEF.exe	75
PID 2916 wrote to memory of 4488	2916	RdrCEF.exe	75
PID 2916 wrote to memory of 4488	2916	RdrCEF.exe	75

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Johnston chamber #94562.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3504
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2916
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=6E5F037C5D229F25B8157F45F1813A44 --mojo-platform-channel-handle=1632 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1424
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=A68C291AE4D5F8CD65248D2A53C3CC53 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=A68C291AE4D5F8CD65248D2A53C3CC53 --renderer-client-id=2 --mojo-platform-channel-handle=1652 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4488
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=7B06BCB1DF5507CCB1DB4B69859838C0 --mojo-platform-channel-handle=2224 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4544
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=40AA14581CFC1039BB515F7A37DD1E99 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=40AA14581CFC1039BB515F7A37DD1E99 --renderer-client-id=5 --mojo-platform-channel-handle=1808 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4092
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=37374AA239EC193A7A5E01A30DE7930C --mojo-platform-channel-handle=2584 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4880
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=98B70FD2B9856220D7451294B9F6344B --mojo-platform-channel-handle=2804 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3104
- C:\Windows\SysWOW64\LaunchWinApp.exe
  "C:\Windows\system32\LaunchWinApp.exe" "https://new.express.adobe.com/webpage/SuD4Q3oTXIWKd"
  2⤵
  PID:3400

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5040

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:4420

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:4768

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3680

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4648

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4264

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5620
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:5700
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5700.0.1624320602\716879539" -parentBuildID 20221007134813 -prefsHandle 1672 -prefMapHandle 1644 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e9f0fa14-d504-49b5-abba-e00ea081d99c} 5700 "\\.\pipe\gecko-crash-server-pipe.5700" 1764 216d6107f58 gpu
    3⤵
    PID:5900
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5700.1.303144850\2013910808" -parentBuildID 20221007134813 -prefsHandle 2108 -prefMapHandle 2104 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ed590ba1-c488-443d-bb35-ebbc2bab8130} 5700 "\\.\pipe\gecko-crash-server-pipe.5700" 2120 216c9d6f258 socket
    3⤵
    PID:5976
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5700.2.797216398\28622278" -childID 1 -isForBrowser -prefsHandle 3128 -prefMapHandle 3124 -prefsLen 20866 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {61c3da37-6afb-4428-8b05-3d56e5d9ff59} 5700 "\\.\pipe\gecko-crash-server-pipe.5700" 3100 216d8eb9958 tab
    3⤵
    PID:5380
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5700.3.1789689488\1876554373" -childID 2 -isForBrowser -prefsHandle 3496 -prefMapHandle 3488 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f6b73f7a-d986-45d4-8542-840f6b541f07} 5700 "\\.\pipe\gecko-crash-server-pipe.5700" 3504 216d9e17958 tab
    3⤵
    PID:5296
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5700.4.630075706\1233382530" -childID 3 -isForBrowser -prefsHandle 4252 -prefMapHandle 4248 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {db89fc96-7ea0-4f64-9f8d-46be5866d384} 5700 "\\.\pipe\gecko-crash-server-pipe.5700" 4264 216da69d958 tab
    3⤵
    PID:6132
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5700.5.2036357504\712170553" -childID 4 -isForBrowser -prefsHandle 4916 -prefMapHandle 4912 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {20550e37-fc11-46fd-9677-14d234b1092c} 5700 "\\.\pipe\gecko-crash-server-pipe.5700" 4924 216c9d67b58 tab
    3⤵
    PID:3216
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5700.6.1550447767\1601429022" -childID 5 -isForBrowser -prefsHandle 5052 -prefMapHandle 5056 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {234451f0-3972-497b-969c-f146b9e9d97d} 5700 "\\.\pipe\gecko-crash-server-pipe.5700" 5040 216db2bc058 tab
    3⤵
    PID:4788
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5700.7.2095120553\26343202" -childID 6 -isForBrowser -prefsHandle 5244 -prefMapHandle 5248 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b6e2d7cd-b81d-4ac9-a957-f0d6bdfde2b4} 5700 "\\.\pipe\gecko-crash-server-pipe.5700" 5236 216db2bb458 tab
    3⤵
    PID:4760
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5700.8.735604431\1173297147" -childID 7 -isForBrowser -prefsHandle 5728 -prefMapHandle 5632 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6aa52172-cc42-46cc-8e63-a85c304a1616} 5700 "\\.\pipe\gecko-crash-server-pipe.5700" 5736 216dc940558 tab
    3⤵
    PID:6572
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5700.9.1759618597\207822128" -childID 8 -isForBrowser -prefsHandle 9248 -prefMapHandle 9252 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e854be89-16af-406b-9c1c-8f761b69f683} 5700 "\\.\pipe\gecko-crash-server-pipe.5700" 9240 216da69d358 tab
    3⤵
    PID:6384

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:6204

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:5488

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff990039758,0x7ff990039768,0x7ff990039778
  2⤵
  PID:6408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1532 --field-trial-handle=1808,i,664679336335270041,14058940590945406210,131072 /prefetch:2
  2⤵
  PID:6644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1672 --field-trial-handle=1808,i,664679336335270041,14058940590945406210,131072 /prefetch:8
  2⤵
  PID:6632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2088 --field-trial-handle=1808,i,664679336335270041,14058940590945406210,131072 /prefetch:8
  2⤵
  PID:6124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2852 --field-trial-handle=1808,i,664679336335270041,14058940590945406210,131072 /prefetch:1
  2⤵
  PID:1076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2860 --field-trial-handle=1808,i,664679336335270041,14058940590945406210,131072 /prefetch:1
  2⤵
  PID:3556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4404 --field-trial-handle=1808,i,664679336335270041,14058940590945406210,131072 /prefetch:1
  2⤵
  PID:3332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4848 --field-trial-handle=1808,i,664679336335270041,14058940590945406210,131072 /prefetch:8
  2⤵
  PID:7232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5020 --field-trial-handle=1808,i,664679336335270041,14058940590945406210,131072 /prefetch:8
  2⤵
  PID:7308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5048 --field-trial-handle=1808,i,664679336335270041,14058940590945406210,131072 /prefetch:8
  2⤵
  PID:7316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4936 --field-trial-handle=1808,i,664679336335270041,14058940590945406210,131072 /prefetch:1
  2⤵
  PID:7472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2892 --field-trial-handle=1808,i,664679336335270041,14058940590945406210,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:7216

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5348

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
36KB

MD5
b30d3becc8731792523d599d949e63f5

SHA1
19350257e42d7aee17fb3bf139a9d3adb330fad4

SHA256
b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

SHA512
523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
56KB

MD5
752a1f26b18748311b691c7d8fc20633

SHA1
c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

SHA256
111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

SHA512
a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
92263568bb5254b99ac7ba8169acbd7c

SHA1
bfc66e7d3634e02201d476327c1a0f23457844ef

SHA256
d19000095f407964c20d24ee9dd65d5c15b6ec5ce72f34cc785bd2f0739fd78a

SHA512
fe12d2baea27b6e052d49215730dbb147bae73a775eb84e2674ff79e25b153b2c31b70036c7ab18e2fc99c78eeea49e420cfbd3a30b68998740afbe73ed143fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

Filesize
4KB

MD5
1bfe591a4fe3d91b03cdf26eaacd8f89

SHA1
719c37c320f518ac168c86723724891950911cea

SHA256
9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

SHA512
02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
471B

MD5
b5330510caec4b5eabef274841cad8fd

SHA1
2c42af4603e502bba28a78b1afd905de645f308d

SHA256
38c116e1ac3a73e781ed8844600990690a59e642063ed9c89a00252d0351bc72

SHA512
ac8b5801b02f7607ebe101a49e3d1ee4b49e213ac28dd7b2e08abae7d345a27ee829652e8f4444510e465b26b7306e80637ac65a48f8eadc84e3d45b59d36ce4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
400B

MD5
1529e60c008c3f0339a992a0e07a1e4a

SHA1
ea15a6b417a74c1f85ed94274c0aa2427427c8d8

SHA256
962944845a18c5caa6c8932ba1c377af2740eef4883ab0e6bbbbf626dfea79db

SHA512
9cdf09fefcd6669748eb55cd05ddd4cca7a0f0a8d08857e33c97d72a4239283c51d23b925dd9d4b943fdf3fc00fe13d25911baa74b2c2fc1ff3db67af0c09b49

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Filesize
12KB

MD5
47b007a47509cfaf1480df03a45818e5

SHA1
ca4b460945c950549c27e481b1c366d5d2c69e33

SHA256
053935765f5f0d67f21754b2a18198e13588eb6bfda4ca7ff634850fac0ff815

SHA512
25e5dba36917de555f34f72e47aa6f407c9ad3f5a072e75702fa0da114f3f9ad9525a6b20e3506bccb092bec6ee693252bec00f93b284e967429add16097a033

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
17KB

MD5
d92b44bb36b6263952e31d490fbdbf41

SHA1
9fdae866a75aad4b93e4f26b744b26eaea7bc3b2

SHA256
546263658f02eebe300f0670ae4fe99ee06847923b5c34272bbb2f71082e2a5f

SHA512
4d090ee47c6d29e916db70c21b30c94512b01c0291ceb9deea56731a63290ffb367bab68e7c9078236085af4d38a06d23ba583805afe4d808a0f7706ac1e3cd6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000044

Filesize
460KB

MD5
670df02bdac7363481d6dd09332d6ace

SHA1
36e25972b059cd0007607f37b4c377dcc85e8a64

SHA256
7095c217816dd29787d3175734c46944a5eb615a0dc122f0a3bf14008d679a45

SHA512
466f1bebee7c7b6f060a162cf61ff9d5754722b55dc3000f4df75dae8ba517dcb85aef7a7960314a0e1743432fa0961cebad69d1bb59f610f0a7b83ff0442ae6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
356ee8934a7076f57dcced03b86d5531

SHA1
7e2d04f9df9e6ac7ade165693ead4b3ef94be4ce

SHA256
8d41ad842c978197a9c78b0c0103824bfdaf969004aa97dc2f31674376b6fd5e

SHA512
e49462bb02a70fd6bf99d2e0827f74b187b6c49583a211370759a8a795e511eb7f447abae0893b798f3d3031936a22d582231c7357767abaab1f71c422aaf101

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_new.express.adobe.com_0.indexeddb.leveldb\000384.ldb

Filesize
1.3MB

MD5
32a36f9d1f1d0d7e43797beaafe0a97a

SHA1
f65d6b1fcaf1f430a6a7427f14fd96c522afc444

SHA256
aaaba6df6f005489c66d97a739b793c4fca4a5565cfe8c055a0aea7b517017c9

SHA512
9a80aa46a64a5b6ed9f225ef8664faa666fa4aa0b915cfa39b8730f23f12b8c56551b618ca2dadfb4604af1d8d775a7b7e9a5d8b4804114fd176f3b8f61cd6e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_new.express.adobe.com_0.indexeddb.leveldb\000407.ldb

Filesize
1.2MB

MD5
f7b48fff555e361dd8adf993fe32d49b

SHA1
525d6928801112718d54ef78822f9c7662ad9df4

SHA256
73f43d013803cf60bb9fa72fea225f5d675b03b849e506120e460604cf272da5

SHA512
f5e478417458a4875d0b40e314ee52b2320148e50ef8c6321edef81f4e78e35f06aa581cd91072fc53c25f30600cd66a8417aa934dd2cc617fcdcc0c32aaeeda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_new.express.adobe.com_0.indexeddb.leveldb\000482.ldb

Filesize
2.1MB

MD5
45635555eaa5c66e80c96c95ced959be

SHA1
13651644841449f34dbe2c4676980379f4845f53

SHA256
3667010133d1777299b855ec547abe494236c7e1849c631b1bff9773db5c53b7

SHA512
c8eb94f0525feccecb30ba5d1f6fb948d491f364056b133e4f87ab11b30f24aaa1ef7fa220594a75d06c482702790bf47474eecb6978d8df1c80ca6457cbd8cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_new.express.adobe.com_0.indexeddb.leveldb\000495.ldb

Filesize
1.2MB

MD5
369a9961a9e19a4e3fbf81cb2101053d

SHA1
f3c6d64d711fdf2350c0cb1eab8e7c4bf57d1fbf

SHA256
0806ab591ca6fd6b1cc5ee25971f1abb49fef2ddd4ad38c33db47757d6e3144f

SHA512
f2b52a6ea96f226d719aadede260b79b3f2769de889010683cd1c8fa4ef95632937cc883687732f03be8c99ddabe8b6519bcf1a28c4b3d1a22880befac293a9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_new.express.adobe.com_0.indexeddb.leveldb\000535.ldb

Filesize
2.2MB

MD5
59840769929e50483745c460047f4006

SHA1
21a960ee687b9e3a2e9d36112322dad753ecc79e

SHA256
8511a2558f75aed6763910a502941bb1a418f7bac48fd26e65fb6861353ce8e5

SHA512
bccbec172afa76a4e17748fa9e2a0d31e9f208ac5fa3a63d9c4ddf2332d68cfe4e81d5bc04a2460742ddc47ae6c5e32493dd0f2bf93a066a6c7d168e4d5e0e8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_new.express.adobe.com_0.indexeddb.leveldb\000536.ldb

Filesize
1.5MB

MD5
96acb2911ef45bc5514e258ed29a488e

SHA1
fcb8e8fdc1e5adff029e86879f233cba6edb6ead

SHA256
fa336615a5598b381e0b7925c24e07e9ff8dc0c3fb0a2a1cc5fa30f682866e0d

SHA512
c10597f908a1c79f136459c650bd02b5df40c98cba9ab2660d68e97847051587c6b5b3fad40657e52708cb96277e90f4d7b9c4dbdad89283ba0ba4b6394aaec0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_new.express.adobe.com_0.indexeddb.leveldb\000553.ldb

Filesize
2.2MB

MD5
c5bd9bb3ec0c87ff66e40b5fb2be4967

SHA1
65dc47d34ba9eefeb349bbce8eb7a85a7e310d8a

SHA256
72441cacecec6ff00ab5015b7c7722250f9e1543337aaaa5f954aa4d2bf1b92e

SHA512
a1d306515f411e4827a524eb0473f5342af0df4c8763aaddc7484a3fc0f1e3ca963cdb4569c2bde6faf8374c5188cc97119eaa15f986d6b13e5d01c8db70ac9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_new.express.adobe.com_0.indexeddb.leveldb\000566.ldb

Filesize
2.1MB

MD5
0bd7b8373f386bd0733da68411939ee2

SHA1
d2fbdfddbe1fa4f51b1fecd7c06be67a0e4edb1e

SHA256
b53d077033303f9d1eb066ba1dcfcf8cb701a4f19c740b7cbc5d80e393ac7051

SHA512
8eac750eaca178318b7e12a9a7a9b5827fbebdf3c90e9048b00aae3fc1e6869041dc5e4332899e40818b59fed0563604eda2d13b157e86cbbeab720f05f90c73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_new.express.adobe.com_0.indexeddb.leveldb\000572.ldb

Filesize
2.2MB

MD5
508294a0fd21ac1c7540444a9db1f668

SHA1
deae1a5e3197c376f25562e57a677f9740cd2898

SHA256
8aef2917cf9d8cea8ddb577cec8f41619fbe3721bfc574940064b3c182ad611c

SHA512
72a9bf7e15a16245d7265526d94f74ec4faf374330b8b1115fc6d375468ffad2f7392f60222007dc5cb7f76530b8ff989901eab30e00c2b2f3ee0f1c820d5863

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
86ae794b1ecab24a22994217441b3d80

SHA1
433ca73cd2ca7d11223208b7b73ad76a1acea49f

SHA256
fa0409ee85c7d909bb474d0d8a25a19481941556de0ec42a8bf7a56d379020b1

SHA512
18e7ff728613436512a6028533288acc82b455d6bc808ffc1bd24ff77eaf5232974d428161dd3ec4020d5d922f4dfdfe9f8635ac7838416e7bf7acfd9b1f9c1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
a09b05b4b0575baae14389d9fab47548

SHA1
a87429f21b155f4a9072794f1358d56864e4e0bf

SHA256
8939f5217a0ffd135c66809ab15214f4775f637ecf08e89acf4926dbbaf8c3cc

SHA512
fdb94f8520f1056e8088b293e07c21797b46b827e5fdd89bc72d393da75ac1494132188fe71b5f86e126379ec16f2ee38487791774625683a660309eaf7fbc37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
1613e82bd782bff69d8805a78a6adecb

SHA1
4b33d611f2259980af117827ed324dd89405be90

SHA256
576e68eb785869b95630bec92deb0c735ea90ba345785382243fce353d6c8853

SHA512
355b158e90be0b7640b15ba7da83a4eeae6ed55a1d1a77c33cddc056e98bb12f4dbed4d76bdd170d7e82cb1c6b932c2089f141bca531142b6250d0e99b402d5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
be3b9ecf35fd307f21b112fffeecb512

SHA1
172ce483dec254a7a8086b0f10315285499905fb

SHA256
e662c136fb344acd2c3e62a351eb0e37aebc4b51a0513dcf4248f2eb68f2b159

SHA512
db364e1bf91e810134c8e82cd060955446ffaf6f7450fdf68f93bc6d08f0f824cdb888b5fb038f7673df6c52b75a9db2093230fc76873e141945f3395f722512

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
a591db1e24ed736e6b62319d7901bf6c

SHA1
b0867e55b76fe7d2a8d440040d7c5192fb7e0616

SHA256
83245cfb5523031dbee66f0a66abca4f0bbf3e56c079306b0b90ff922b39c349

SHA512
3fac5ac7ed436aebc3e667d986984c76ed0ec6f4ade2dcf31310b030b5f7dfe8cb56262a475a9f71319eb93943f16669caf0691efaba728093329d24e3287b94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b097c8e281286cfa69693bf6e19883e5

SHA1
91082ba42e8965a09c6b5cba7b2b2274248f5bf0

SHA256
f4ff38736070de7b92614e27d5639e5e4801868af3bc556e2d2130f86249aaae

SHA512
e66984be3f5ec8ffbad85449edb48b38cd46d101e1357b928481a56d9ac2ea670f11be17ec1e84eafd9b6be996606afc15653a0b3d9ecd7d89df5329e4e41b25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
3c148a47628c3abec713e5cdda2d9bcc

SHA1
f7d0dc165200fbc919103ef10db74d0dd6b5bdff

SHA256
91250ea31e4d22769412de26536e8a3924a14946f551d2ea19625bc26c14947f

SHA512
19e510ea6e8f229bd883e81de4a4f275269781f1d43f35ccb401e5ab824b61dc901814bd7b4018d9f339e9b5a1c9e4ea7c2d2308227631c2d556548f89b12d17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\5c400b215596d3685ecad16b15a5823d3176828b\147a802d-76ae-4156-925a-07e58c203d89\index-dir\the-real-index

Filesize
72B

MD5
4b0d8e6ef15fcf8b4918971fdbff8a7e

SHA1
51f15a4ac566ccf16ecb26a313d134d41160a2e3

SHA256
c170544563c51bd7401bc8a58b5499e5d65ec19ecfe3eb97577d42f3d8906aaa

SHA512
3b5be07292717bdb6081982b4ba06dcc69c19c992467c170c51c7f34486562ba1332f4cc7cd885d860293ba02b144ebf22ac7218ba976b29909b74c19f11fda4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\5c400b215596d3685ecad16b15a5823d3176828b\147a802d-76ae-4156-925a-07e58c203d89\index-dir\the-real-index~RFe5924b5.TMP

Filesize
48B

MD5
bd41f36df0b8c56192344afdbf64e2bb

SHA1
b265361f7bbcb3bef33d3bc72108cf030f3e1567

SHA256
527213419d6ebfba196161da855a2b65aa7f0c30bf4a3419a016d26cbb4706f8

SHA512
7af60c34e380f2daa5dda22954451d784ff53f954eeb8f4ae39fe88b42e0d91a2be0463076b6e767c92eacf9903bd39aef59de44a4ea725ac340befa33d68468

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\5c400b215596d3685ecad16b15a5823d3176828b\index.txt

Filesize
138B

MD5
76cad297de421c968597104fba12ea62

SHA1
7e8aae1f421475148fa406ad3c0a1bfafab85cbf

SHA256
ed0b937ad194a6b65d58c324b2e5710aff31cf4a315cd9eb9a2c015d8394c131

SHA512
9489d428740a951302833a32a3bf480a0fef1e6d213fea31632c5641fab7aa198dd53c00531984360a3bcb28c2be9c4545e8769c43ecd39949fb8f2d1a50b7c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\5c400b215596d3685ecad16b15a5823d3176828b\index.txt~RFe5924e3.TMP

Filesize
144B

MD5
539a74fa478c47036f5dd58285b91256

SHA1
a00e081166132dadb727a3db71cf2fe1b17d9351

SHA256
b50a42acdfacc07a1944bc91dd1fe27fe5429fe5061614bae815890cdb2630bb

SHA512
a04393a5623ddfdbbceaff7538714d99f27012bdddbeddb35deed560c1734b6adc3070a1b318f70921aa88343736a2d6d4c966fe3ac33a0251cf538eea2b2893

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
260KB

MD5
84e2d8ea5713a95ecef007c31b9e8bbb

SHA1
d2f27bf2252a6939f8df3edf39d08ed5e53e3a3e

SHA256
13275e39c9d063e3fe6dd11ca8c49259a776fa0d65206e628d1edbfa65a147b1

SHA512
8437d3e6f6b6cea84683dda92d067200be65350bdbf46344b66d25caf5c8472a674d28710643589f40bc26e84f4f32a15b688d38a4c2d28aa7cf69b96cea713e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7HB61I1H\edgecompatviewlist[1].xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p7jdwo0d.default-release\cache2\doomed\32372

Filesize
12KB

MD5
294ff283d81887b4e7ab302a65dd6119

SHA1
a1b249123bdf34caf6ed519f4ed9ea67bd8a6e95

SHA256
9a4299caf43ef3baa3964950ef06a246eb4f27ad186554f2bfc5ac9b23b750de

SHA512
f49b60dc295943765af586d7cdd327842411b9760c2cd90081891d356e0eac872e94567ba17dc86d2bb75bb5b4f9a547ed105300f78903a0818315cc011e3c4f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p7jdwo0d.default-release\cache2\doomed\8122

Filesize
9KB

MD5
b0d70cdfbd1c40f76187112bf95c05e9

SHA1
291bcafacac8a8bcf3c7ba8fcfd36e41427480af

SHA256
b454ba9afc49b9a52c8ac8b17fb0154a4b50c6b29cd26823470edfcdc4c0544e

SHA512
14f55e47c6508465b081062ff5d7bc8a7e046eac1b8e4d8b17abf785ff3bf6e88da862dadb04228431965ebbb9cb33b5ea66c047302588b57bd5f48f2aa21ecb

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\367E54ZX\22835.889889201ead72713e41[1].js

Filesize
19KB

MD5
0f2a3721e9d59f541416f33b02e2fed2

SHA1
9ffc2e0db9a2953fec1073e2b99ba286389e4022

SHA256
b8a879006e4e661e6a29a8765920aac5f2ea9e2a30964d9f0da9322aae6c896c

SHA512
4bc25d95ff90e5a32f23d4a2949fcc2de9485fe95f08a36d3cdd6805a45238370fac8f508cb08e61dfec06ac94b058cbe9ad0e54448faa97e0597ce9500a2b37

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\367E54ZX\compiled-app-config.5286c6329a66207aed34[1].js

Filesize
183KB

MD5
711749a964ba91093540c32302682f87

SHA1
b3313f33e8a3bdfbabd53cc532576686f479cbc6

SHA256
ff99b6101cd8d707c5d29114d9047196142da71688bb254b6da09262c21cb998

SHA512
4fe6238306c489fc3fb1dadc7ac43cacf6c6e4236855fa9346d03e125046bd6a63aef39f3d3547ffa0b50b8d7038276dad1b2ad748f7bf10f85e97ee48a10b4d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\367E54ZX\l[1]

Filesize
144KB

MD5
9cbca1a5fed66ac4022a1c035d54359e

SHA1
b89c148cb3d8770ddc5a402ec5b8bf945afa7bad

SHA256
5740797c23841453a7a3b34f6b3e444296e4bca5446f63a8924ca194c8903622

SHA512
267b7e7bb6cdf89d2dcb961b27de89db1515e94864b559f24402c535fd00c7f7ee5d092d1af9d75a521ac011b37803d60b745d6e6cca636b1cfb0173f8ed39fb

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\367E54ZX\l[3]

Filesize
103KB

MD5
87c4c64b8a43188b2a7d108a661a5048

SHA1
dca2a37a3ec6582917225ecd710d2a9c89a079b4

SHA256
01cae409ac56357249119b1978adbc9f47c4f217325a58866fb2094efcc5ded7

SHA512
35f98a328757805a5801718670849d4558a8481e31ea8a2f09b2363a6d939b5b33a7d50617333b569e54d970f1218b28a2b2b43e40dfaa4d341690643b1333c5

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\367E54ZX\vendor-startup-otel.61091fbc50dafbacf2a0[1].js

Filesize
210KB

MD5
72b5eaef505593dd391f5c4b860ba763

SHA1
c2dae8e2b6d3175232408876f17cf9033f506e6b

SHA256
571f6ecee29bfd764a1eef64fad03bd720d3594ffff605d06837df2c6130cd08

SHA512
f71668740eb9f110df04d202626d09c3984ca3b7948d79d52cd93e8fb55749802d8ae45fb52d433c901e85103f0759dfc374b31b5a498de3773d32865796e805

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\367E54ZX\warmup[2].gif

Filesize
43B

MD5
325472601571f31e1bf00674c368d335

SHA1
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a

SHA256
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

SHA512
717ea0ff7f3f624c268eccb244e24ec1305ab21557abb3d6f1a7e183ff68a2d28f13d1d2af926c9ef6d1fb16dd8cbe34cd98cacf79091dddc7874dcee21ecfdc

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\4NCBQP20\476fdc8ce5[1].js

Filesize
56B

MD5
f1347fb5a48aa938d383eea39a3c09a7

SHA1
441ef0cb23ad23ed8515438065429315594d375f

SHA256
978cb457b9642722b602ab2f8442966b720f56959197ed53553128b628876c99

SHA512
2c8c493017f971c48c55b82d51bf76cc76c849c53b2e5dc20b1a743cfa12afa822668247230b04a613036b632c5ec5805f31c8300711278ff2d53bd56e7c89e0

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\4NCBQP20\49179.6ba2735d6f4ed78b8a1a[1].js

Filesize
62KB

MD5
2c53ee479ffbc9b35816ebfac08338b5

SHA1
cb735a7affca97e2c2a127964b4c4197bcfe6103

SHA256
e01d4026eb6c700a28a404bf69da3be72e9acdd5652d80a62ab749ea9c17adb9

SHA512
679967e8907f263ff32d3208a1199c8011aa0d6c47d295c48efae523997496be9710c3c85606c7ca4dd870fe850fce599bef3be0ab3c7f7f6b3e471e4431afcf

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\4NCBQP20\54841.ac6f76ca7d1981c4e1d4[1].js

Filesize
80KB

MD5
cb1a42d901f216672ae8b3cffaf0e827

SHA1
060af7ab50d6ee04ce2a7c690f142a6d67b525b4

SHA256
27867ef97c80006b465f5ac488ffee27259bd6648dc6b1a6c80e4fc3ee9f458f

SHA512
beb0d76887a46686c692312b3ef0168431f5e7ad5bc8be61d68aa544b4171b4f4044b757245e2a132962f3dd6b8143855c3bba9648be298643fcad509f6accfc

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\4NCBQP20\l[1]

Filesize
141KB

MD5
6cee353884ed58b54d8a3881fdeb5ceb

SHA1
7bd043db5231435c873091724206c290bfcb75a6

SHA256
73768afcdf411a4a3f8aae20b1e50e1e4899b041bf399be94b426a359f45aee0

SHA512
bfec19b1d054c1e8f90cc1d1bc8ab5e928f35bc99061e467bc1767d76fc9bc7d5164ed6f92c579fb7e10a0ac75f4faec124fec98be8c146c4169908866d21333

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\4NCBQP20\l[2]

Filesize
143KB

MD5
0a6801f69e768b9673e5a144e43aa143

SHA1
e97005cb344b9a663599baa8e21cc2ae3d954c44

SHA256
8e91e50f3a120fda0a69e20ae4da7db761e56aaeba0a50741620a49529efd369

SHA512
d97d03bc0cd6180e81918631dcc922ae9eadf6be3ce328cca96e174fa7ffed34dd9c008ac16d5ff788e01af1df6c3259fa37a2ca02078ed655b4966d834a7491

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\4NCBQP20\l[2]

Filesize
104KB

MD5
4a98b24757fa91ce45d8f1607c3e5e09

SHA1
e5721d15147dfcc58c01c199dd2e5c605a873531

SHA256
cf8cbf97a4ca917401fadad9fd4af1ad6ef52a4a3c87ca6c85c329cf59d52d95

SHA512
115da07a38ce9af39af4b36418697e0331c63f85e0d11436801fff2822db317f3898de7ef51d82205c90be680523b8413120f699316dd10953101a7cacd25169

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\4NCBQP20\l[3]

Filesize
102KB

MD5
c759c7dd2cab85efe5760b324ad41520

SHA1
29c44b9bddb87b7e3e4fc3b1412fec4e67b57c8c

SHA256
798fac651c4386ad507fdd4f8a94793d7f7a19e4a2fc40b797a8f2d0142bc9a4

SHA512
989606002e327c6b84f2d80b1f123b92c6b488786be10145cfe033fad7456ade13e672fd109339a6e0da50381f8156ba48d9fbf6aa32f67c3085a8a82d0ea7ff

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\4NCBQP20\nr-spa-1216.min[1].js

Filesize
48KB

MD5
63e2df852d15ab21d7ff8fc4363222e8

SHA1
7ee401ba652db0a4ec960350e17216cda01e22fb

SHA256
545156adeae44dadc82b98d504f805ebe77fb79c928ef34eed1057bb9d4cb8fe

SHA512
baad17c762461527b270b57ef294e28beff92b3a66829b8ddd8788a791aebb0a40be849bfc79fcfc5cb0d7ffc7fd709ca6cd6a61cac878ce60f585d40f214970

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\4NCBQP20\vendor-startup-uuid.1c5451049e7d789afbb4[1].js

Filesize
15KB

MD5
d6483b135f6dcda03b2395e2b3d135ab

SHA1
39a21a36d0b5d0f8f0d50df546609746293cb1e1

SHA256
9aae449edee3e606bda98427ac8a482b7edd004e57a97bb42e8d8fd91b80edd3

SHA512
0f1a1314f317782f820ad04056fb80de26a480746bf3510d2850526f73b3e230d4d1144645685cb0c5217b03a81cb82b093b91ff1838d4664a523ba80f1662e7

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LBDZ7ULJ\65464.80c06516b9ad85317956[1].js

Filesize
3KB

MD5
be00a48435ecd28b76e3eb728e793d78

SHA1
6b30f71b63717c52d1fb31531dd45b17fc57d573

SHA256
f4eeb475615267ca1e22840b747c55cf5d1491d247031a1e8e9306e7fcdf2858

SHA512
b2048eed3203aaaf866450fb76636cbabbdf4feaed25548535b6d7186681833900a756f14a1ae9ceab6df1b7aa0920ef53ef6a4ec005063cc9d7930bf1483b83

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LBDZ7ULJ\hz-startup-ui-index.ed5bded8807f8eeb0d6c[1].js

Filesize
35KB

MD5
2c43c540183161210a8aba91fe1b8a2a

SHA1
8dcbf65a0816fdfcb92ae6ebd63ca55d988dd90e

SHA256
f49502ce457cc4eda6db49385390882b5caaef6d2cd8b7cac149cbf203bf17ac

SHA512
734056e6358b32fce7c5927f0afd62395c3ad45aa7c4cf1c55cf475dccfd6823768c45f0b498e41abafe5c4149d830225e683e6a746d56d4860022a65ed268fd

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LBDZ7ULJ\l[3]

Filesize
144KB

MD5
76955515613c2a9010814f3f425ae569

SHA1
3c037151268319f5120529872d5b97e633eae63f

SHA256
651fcd7eff36b41498f68eba2c728da9dd171bfd7de95f073ed5d63b97cfc9ea

SHA512
00cd6ede1f2ffafa509da360ea5b615310eafdfbe78c0cc0b884fda111f552178c673c44891756d8188baaa3319c82ae6d8375c39e67c202c63b87b96c67dff6

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\O1DH57DH\38349.128afb6f501d3153e060[1].js

Filesize
11KB

MD5
59109273a2ca1ccd449ad1c2d975bb65

SHA1
e7084ea125f4203cb359ff66eacb1dcb93fe5d2a

SHA256
7ba4c24b3b61171f86b5f7e3677b90344e8040ff33ece5fdf2b91d8a90784551

SHA512
77f2fda6bee409b92a51f8f8a058b0ad1a4cf0b31567d772027fea04ea82ebe68459fa88a66ce9e267cfa400692ff1abc4a267fe0a432c37bec78d4c46314ee3

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\O1DH57DH\js[1].js

Filesize
190KB

MD5
73583cfa272600d5d9d9c8b5fc647a6b

SHA1
50cb85a98344096161fa0e8d8659b08da6a818f7

SHA256
fe5d3d63d5a9a1b8adf9aa19e0087506979e21dd7886a73f6b3c654eba8da42c

SHA512
389a6642ab5c9071d7d243110afead5bdd38972d7868c46643d3218ef3abc4beb94f9e1780d355198ab70145c500c1dc84cfe9eff45e924d79f58c3b418653f6

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\O1DH57DH\l[3]

Filesize
104KB

MD5
1ec43733dbf0dbae117ef75db407df87

SHA1
1b2f13c05c222ffbf3f3b55a7aa24021c14e58fa

SHA256
b5700f4e047c0f51a89b6cff178bf84721d5247d26dc7599c6c262329fe2ee52

SHA512
4d1c9007379723a0abff5d1b321784c706e614d3f2234dbd2cf108378cc52dff5491b40686559a42293753963d95a3c2a9af613ac0c676e4c7fd1abae87158cb

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\O1DH57DH\vendor-startup-ims.97b919bf28332343b26d[1].js

Filesize
73KB

MD5
437e5149c64ccbbb440690b64259e542

SHA1
9df75acfd0c4ae59cb89863abfe9977d9701afb0

SHA256
b10254918517325228f9071346ac56def867d9afd700335f55ec56a94b64a4d1

SHA512
c1a48fd30c134b6b20a066f2edf95ac61965e330451c66e21c4530b1500fa44ec0a7fc565d35ba4cbb15876cae86528fa030dbee583dd9e83dc5127ace49bbb5

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\O1DH57DH\vendor-startup-lodash.54402876d804a652c176[1].js

Filesize
153KB

MD5
364349010902d0d4c3899ed391eef00d

SHA1
6f1929ac403fee4fe0f3d466e109d4d611c41a14

SHA256
0028bce233c7a4b713c326f197470c4e0cf800b23d433f8fc86f163a0c9b5677

SHA512
e077ba3103cfcacceaa28b5f07eeef5be354f277125a46a36afd139d1183f9198afa126b138b1c22ad3c98b9353236480a421cfff79157504f25806ce00bec32

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\3LCVC318\www.bing[1].xml

Filesize
2KB

MD5
e3a07adb29058ff35e929579242d92b3

SHA1
282bdf60dd36c59b2a7e68ca236a9f4def70e48b

SHA256
ac27e8a5519b251876edf34b547b6b101c8c3e1391895dd491e933e9f8bac299

SHA512
27f89861043b74f5abd2c54480251595e0ec2f2e078a8384ed0474766488eca8583fe10853fb21a9c55bcd6b8d75f33d8d8be5b6c1e8a33576c8fbcf0ed7cee2

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\PVWDH34W\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\Q9CEF8S6\project-x-beta-favicon.7a85d2313c216af3b57f[1].png

Filesize
3KB

MD5
07bccda32c52d63ea8dc216b3ff5fd85

SHA1
0bb2385936099f5dbc3f3cb575d08489ed2915bf

SHA256
413fe1116bab1415145b861990b658c6bd3cf060152826dc29bf93502a7d6305

SHA512
d1a2fc23f202ede19988141a229c24b0a0995371c9bb1a79ce6ecca0a3ca8cdda8b6cdf0b558852e00ac2b52e7ef2928938a9d8f914766ae179c87484ece9918

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
3.4MB

MD5
1aa127a62fc27cedfe67e2ff597388b7

SHA1
eb1831553ae497bc8f9d41aad7787b9b9d7c9d0d

SHA256
cebe8ab3bce0d46e11f6afde911fc37dd28a685fb8f1df15d1aadd0e7e95f191

SHA512
93cd81de7aeee718a3b9c9d1b972214fc6a96752a1dcaed10a609888d4aed5f0be911122dc01e61fe8fd0c0ecd687c5e588502f2c5c970ff04600628c97b5937

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
10KB

MD5
38e21bb4b9228de36ee2ad330cfe2f48

SHA1
ecfacf5a0d5c78a8c7c74bac60b444e906d4aa45

SHA256
5915b60e4e3b3969bdf21892be26b2dfd4904e90c9b288956db43edb96382f31

SHA512
be223b493ca5ce203647f44f8fdb968d2fdc85027c0386d1a0d167683fb1b6c6c5f3cb8c082bbefa76bc433e7ab438963da06f8134061b362d6bc679aed510a4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p7jdwo0d.default-release\bookmarkbackups\bookmarks-2024-03-18_11_d13IfFqqp4oGMLqJzotjgA==.jsonlz4

Filesize
945B

MD5
00d0f019a35801588dfa64a866500da6

SHA1
230baf7adaf1d9b074fb353a642cd9df1de417ec

SHA256
182c26bc619c4fad61b8232aaac34529160dc8babbcfb6b22f7c5f37855dfc83

SHA512
515609558862af5f42e4689e9a27f58e2a54478631c104751160074a7c7a7014f3a76638bd6beb74766fb0a484d80311602d8a01a8e816a450cebe414b58091a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p7jdwo0d.default-release\broadcast-listeners.json

Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p7jdwo0d.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
4953a7be3339ec554e5bddaa3fcc803f

SHA1
8e09588b6abc60c3d76e6f6728b3a3cde40a3d0c

SHA256
b5955c172127860da6b49546aa34bb00ce392bb41da29bd7e6be0e892f1a0447

SHA512
16740ab6f05398699edc46e57b8805d1e6bb892f6a9bd386ef2ca32167a95c42fb9b73b3ed2897bca12cbf3925b324bde5d7ebd7206b4473cad131dc4a6af53e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p7jdwo0d.default-release\datareporting\glean\pending_pings\3e5dea4e-3270-404e-966a-7d3ba38d26c7

Filesize
746B

MD5
3309e39e1665c8fb21cb1cdb1d1d0d76

SHA1
40786915cc0f160be347c2112de389cf9272082d

SHA256
0b2d822632883958eabc60eb1d3fdac5ecad11184feddc5d531368cb8a663f3b

SHA512
56fdfdd20132b9f83ff9e04c700213c62b409b501fc6ea1293a7135794a4c407ca90cc0fd1d09e348de72eb4de64ab72596ba5957f8433be31e801776ce7cb62

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p7jdwo0d.default-release\datareporting\glean\pending_pings\e9939ccb-64ce-4892-86dd-f438b2a91443

Filesize
10KB

MD5
1fd7473d65dc906ed046bcd751c48052

SHA1
38f3d7eab229a27f1db341dbb4fa42d06eb7d059

SHA256
4d829e60751322262cb10a8971394a3d00deaea4efa04ddf5de762b191b5d1de

SHA512
d2206899beaa5f59150a9ad7bb989c0ed780a66ae7ac54168cdfe4f679237f65d2a000ddb4294a46ea3b134024be5ec01d362eefbd90da8e9fd8bbb37e53278d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p7jdwo0d.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p7jdwo0d.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p7jdwo0d.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p7jdwo0d.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p7jdwo0d.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
3.3MB

MD5
9267efe2ecda6d797fb15791119ebc4f

SHA1
e460eeb7aa73ca892f4363effd5135641a2a32f4

SHA256
5d0fb744e616d156edc44ea046e974137eabfbdef9890fff2f234df34f8f1c79

SHA512
83755c00ab788f4af60cda6d5a985e866968c30d864ed43b4513eb8897de55bbc01a0b9b939cc943b404de1cb45306cfed0ae1881cb8ff1290312321db548d94

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p7jdwo0d.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p7jdwo0d.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p7jdwo0d.default-release\prefs-1.js

Filesize
6KB

MD5
530843fa167012b60cffdfc7dd2128ee

SHA1
d8b59c3c82f72a5b80843012f744df1616664133

SHA256
05dabfc844fbec166b37966cfc34af4b7301db34db2c82b0d2934ca08135a1b7

SHA512
e0fbbd0d317ec2ced3185f891729082f6d9b92245c1031962282e7c831a26afd41197af31f8984c81a46ca551f095df877c7ec84942b83f69dbfdd2a2dacc525

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p7jdwo0d.default-release\prefs-1.js

Filesize
7KB

MD5
f78f7553caa71cb2ab2d3a9f272d0a1e

SHA1
ad040bdba3eec854f59f81429192601115e4d324

SHA256
a7e73dfebf41771ae70b907e7295d1485f0ce617a4e9128848828dada64967f7

SHA512
6802d2bdf05a5e7272096c72a1fdeda624011c1c013384214a8cd68f29dff2f8549622b92fd458b262e21d8e8b914e13f04447d2708be82316f57b9c36b9e892

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p7jdwo0d.default-release\prefs-1.js

Filesize
6KB

MD5
f55f48189d158063d8fb1b34c36b7a90

SHA1
132022a3b0f9d061505eac7d9253d4ce35bb2ae6

SHA256
3d01388082bfa74b0be2d383380d40b14d4247786a9b4c0e40c4dd589b3fed43

SHA512
0892e6d8e6358a8d607149b46f58ac5b94d2bcd3de15d8eda8775c13f72b0783961a59ee37389d5084ac2c2353c81b86c8f5cc59722f7d027d12f9b98801d14e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p7jdwo0d.default-release\prefs-1.js

Filesize
7KB

MD5
e7c6e7ebd1ded48140fae0c0d0c3c194

SHA1
d16399ddf52cbb74e71cf51ca4973e1412e764ba

SHA256
948bb94b8aaa5476522533506592af8168b7c00edeb584e25a9fcc5c04967911

SHA512
9359cea76398a12bc091b5ee38fbaf8dbec877224c5fe7c9cd709a9d7f6dcadfc4550b22f454e2917b5633e6b308eb96ee24c441c892d24d61a2d3f91ba1d5f2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p7jdwo0d.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p7jdwo0d.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
daeb3634e999759663eb716ee0fd5087

SHA1
c3f342d4db401e1f00919c4cc4652cf70fabf46a

SHA256
b729c5ece54d46fefb8b8371d55306d750d6a2d1cd5cc1c363a31320e015955c

SHA512
aaf038d3134d88df88770368ac1267db07853ebca428453eb88f01cec7b5bb77a1ea933debea19d11ec23a653c11fc62ef415f7b5ed110b4256a4677d89f989b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p7jdwo0d.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
f96ca4a536b7114c6e3fc8355d660b09

SHA1
c5c8c96ed0e43eeb267fed87f2268336f670ccce

SHA256
0d0cc6880e5be6693e9f602d352110c1af606a985d17c3b29ff4c65a098791d9

SHA512
4bd2979a44f6b56c43f3676e16e757ab36a5feb1f45a5dfcbb7f9ca9138c1222e47b20ef768ff66164a56c11d9c1f2d0ea89936ce3c2558fc12b23a6e592ffb0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p7jdwo0d.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
fe35232bae5a5c98418dfdeb51decd95

SHA1
4387c0614c401013a12801ad053a1c32f0fce56a

SHA256
5ab5d34225eefd03a6feeb97eea3f5716e139e2f053db28e6980fb17049e9c3b

SHA512
fbe58d0609b57147b604932f98bbdfbbb420e8a1e20e4b3ac48ced0b7470222eccea0b7cfa1b18645ba45bb356f224103139cc5fe32b0ad50ad601af94c337a3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p7jdwo0d.default-release\storage\default\https+++new.express.adobe.com\idb\3057407791PerseafbearteanDce.sqlite

Filesize
48KB

MD5
a0b73ca533a7cb87a6077a8958a62390

SHA1
a7ffcb8c21809b89b2a871676a5e6905c815eed7

SHA256
02bbd7700e9d8e0f43be46c5ec2cc435eb0af1881c3c2a1ebcc4da4876ccc874

SHA512
6a04ba3bb292c176c2799bedda403a771626b12f8cec0d70f185d0f3a9fe0a92dd976918375e4f2539b492ef0e3b48d39600e9a3302d544c4cf4e72d9ab211cd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p7jdwo0d.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
192KB

MD5
a4134fcc69dfa3d95c1f7aa96908c213

SHA1
191217d94333776ea4614d0393d8d8fa78fb0b04

SHA256
016a4f6225d1856b698e9f106b2f8e3bcab0794771076003d9639aadf597e82b

SHA512
2c274be6cbe1310441fcebe00f85e678314f0f05608e1e926c0cb173bfec6296c5284035e12b62592b24fe84a9150b40c8fb1c52ae2491a2241b6a804f446acd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p7jdwo0d.default-release\targeting.snapshot.json

Filesize
3KB

MD5
7f1e323768b7c4fcdcf9a3a1a348c049

SHA1
43d77ac517d0ebf991a14c272a64dff53ff8e4db

SHA256
24822eda5ce9540b254d73207dcedbd7cad1c3e5ae45b33d98caddd9c4ae5068

SHA512
460570b39af96669a604deefd920d1b2443191b0c28c1a1ef30625dac0b1df7c19ce4ee4be9939f638b14b01a0543ee7094c9ecb180eab23df7090761aaa0294

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p7jdwo0d.default-release\xulstore.json

Filesize
141B

MD5
1995825c748914809df775643764920f

SHA1
55c55d77bb712d2d831996344f0a1b3e0b7ff98a

SHA256
87835b1bd7d0934f997ef51c977349809551d47e32c3c9224899359ae0fce776

SHA512
c311970610d836550a07feb47bd0774fd728130d0660cbada2d2d68f2fcfbe84e85404d7f5b8ab0f71a6c947561dcffa95df2782a712f4dcb7230ea8ba01c34c

Download Submit
memory/4264-353-0x000002A75A300000-0x000002A75A320000-memory.dmp

Filesize
128KB

Download
memory/4264-379-0x000002A75A610000-0x000002A75A630000-memory.dmp

Filesize
128KB

Download
memory/4648-115-0x0000025DB27E0000-0x0000025DB27E2000-memory.dmp

Filesize
8KB

Download
memory/4648-120-0x0000025DB2920000-0x0000025DB2922000-memory.dmp

Filesize
8KB

Download
memory/4648-111-0x0000025DB27B0000-0x0000025DB27B2000-memory.dmp

Filesize
8KB

Download
memory/4648-94-0x0000025DB2420000-0x0000025DB2440000-memory.dmp

Filesize
128KB

Download
memory/4648-113-0x0000025DB27D0000-0x0000025DB27D2000-memory.dmp

Filesize
8KB

Download
memory/4648-108-0x0000025DB2790000-0x0000025DB2792000-memory.dmp

Filesize
8KB

Download
memory/4648-106-0x0000025DB2770000-0x0000025DB2772000-memory.dmp

Filesize
8KB

Download
memory/4648-128-0x0000025DB2A00000-0x0000025DB2A02000-memory.dmp

Filesize
8KB

Download
memory/4648-118-0x0000025DB2900000-0x0000025DB2902000-memory.dmp

Filesize
8KB

Download
memory/4648-1130-0x0000025DB3AE0000-0x0000025DB3BE0000-memory.dmp

Filesize
1024KB

Download
memory/4648-122-0x0000025DB29E0000-0x0000025DB29E2000-memory.dmp

Filesize
8KB

Download
memory/5040-212-0x000001909F6C0000-0x000001909F6C1000-memory.dmp

Filesize
4KB

Download
memory/5040-60-0x00000190991D0000-0x00000190991D2000-memory.dmp

Filesize
8KB

Download
memory/5040-213-0x000001909F6D0000-0x000001909F6D1000-memory.dmp

Filesize
4KB

Download
memory/5040-25-0x0000019099020000-0x0000019099030000-memory.dmp

Filesize
64KB

Download
memory/5040-41-0x0000019099840000-0x0000019099850000-memory.dmp

Filesize
64KB

Download
memory/5488-1290-0x0000026A449C0000-0x0000026A449C2000-memory.dmp

Filesize
8KB

Download
memory/5488-1292-0x0000026A449D0000-0x0000026A449D2000-memory.dmp

Filesize
8KB

Download