hxxps://translate[.]google[.]com/?sl=sv&tl=en&text=han letade hela bile men inte hittade henne &op=translate

Analysis

max time kernel
215s
max time network
215s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
19-04-2024 06:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://translate.google.com/?sl=sv&tl=en&text=han letade hela bile men inte hittade henne &op=translate

Score

8^/10

upx

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4092317236-2027488869-1227795436-1000\Control Panel\International\Geo\Nation	TLauncher-2.919-Installer-1.3.4.exe

Executes dropped EXE 2 IoCs

pid	Process
3968	TLauncher-2.919-Installer-1.3.4.exe
4128	irsetup.exe

Loads dropped DLL 3 IoCs

pid	Process
4128	irsetup.exe
4128	irsetup.exe
4128	irsetup.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x00090000000234e1-586.dat	upx
behavioral1/memory/4128-595-0x0000000000D80000-0x0000000001169000-memory.dmp	upx
behavioral1/memory/4128-1231-0x0000000000D80000-0x0000000001169000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4092317236-2027488869-1227795436-1000\{46CFBF79-4BCE-458C-999E-C263235583E0}	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 557289.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
340	msedge.exe
340	msedge.exe
4740	msedge.exe
4740	msedge.exe
3836	identity_helper.exe
3836	identity_helper.exe
4464	msedge.exe
4464	msedge.exe
2832	msedge.exe
2832	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 29 IoCs

pid	Process
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe

Suspicious use of FindShellTrayWindow 40 IoCs

pid	Process
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe
340	msedge.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3968	TLauncher-2.919-Installer-1.3.4.exe
4128	irsetup.exe
4128	irsetup.exe
4128	irsetup.exe
4128	irsetup.exe
4128	irsetup.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 340 wrote to memory of 4176	340	msedge.exe	86
PID 340 wrote to memory of 4176	340	msedge.exe	86
PID 340 wrote to memory of 4260	340	msedge.exe	87
PID 340 wrote to memory of 4260	340	msedge.exe	87
PID 340 wrote to memory of 4260	340	msedge.exe	87
PID 340 wrote to memory of 4260	340	msedge.exe	87
PID 340 wrote to memory of 4260	340	msedge.exe	87
PID 340 wrote to memory of 4260	340	msedge.exe	87
PID 340 wrote to memory of 4260	340	msedge.exe	87
PID 340 wrote to memory of 4260	340	msedge.exe	87
PID 340 wrote to memory of 4260	340	msedge.exe	87
PID 340 wrote to memory of 4260	340	msedge.exe	87
PID 340 wrote to memory of 4260	340	msedge.exe	87
PID 340 wrote to memory of 4260	340	msedge.exe	87
PID 340 wrote to memory of 4260	340	msedge.exe	87
PID 340 wrote to memory of 4260	340	msedge.exe	87
PID 340 wrote to memory of 4260	340	msedge.exe	87
PID 340 wrote to memory of 4260	340	msedge.exe	87
PID 340 wrote to memory of 4260	340	msedge.exe	87
PID 340 wrote to memory of 4260	340	msedge.exe	87
PID 340 wrote to memory of 4260	340	msedge.exe	87
PID 340 wrote to memory of 4260	340	msedge.exe	87
PID 340 wrote to memory of 4260	340	msedge.exe	87
PID 340 wrote to memory of 4260	340	msedge.exe	87
PID 340 wrote to memory of 4260	340	msedge.exe	87
PID 340 wrote to memory of 4260	340	msedge.exe	87
PID 340 wrote to memory of 4260	340	msedge.exe	87
PID 340 wrote to memory of 4260	340	msedge.exe	87
PID 340 wrote to memory of 4260	340	msedge.exe	87
PID 340 wrote to memory of 4260	340	msedge.exe	87
PID 340 wrote to memory of 4260	340	msedge.exe	87
PID 340 wrote to memory of 4260	340	msedge.exe	87
PID 340 wrote to memory of 4260	340	msedge.exe	87
PID 340 wrote to memory of 4260	340	msedge.exe	87
PID 340 wrote to memory of 4260	340	msedge.exe	87
PID 340 wrote to memory of 4260	340	msedge.exe	87
PID 340 wrote to memory of 4260	340	msedge.exe	87
PID 340 wrote to memory of 4260	340	msedge.exe	87
PID 340 wrote to memory of 4260	340	msedge.exe	87
PID 340 wrote to memory of 4260	340	msedge.exe	87
PID 340 wrote to memory of 4260	340	msedge.exe	87
PID 340 wrote to memory of 4260	340	msedge.exe	87
PID 340 wrote to memory of 4740	340	msedge.exe	88
PID 340 wrote to memory of 4740	340	msedge.exe	88
PID 340 wrote to memory of 1256	340	msedge.exe	89
PID 340 wrote to memory of 1256	340	msedge.exe	89
PID 340 wrote to memory of 1256	340	msedge.exe	89
PID 340 wrote to memory of 1256	340	msedge.exe	89
PID 340 wrote to memory of 1256	340	msedge.exe	89
PID 340 wrote to memory of 1256	340	msedge.exe	89
PID 340 wrote to memory of 1256	340	msedge.exe	89
PID 340 wrote to memory of 1256	340	msedge.exe	89
PID 340 wrote to memory of 1256	340	msedge.exe	89
PID 340 wrote to memory of 1256	340	msedge.exe	89
PID 340 wrote to memory of 1256	340	msedge.exe	89
PID 340 wrote to memory of 1256	340	msedge.exe	89
PID 340 wrote to memory of 1256	340	msedge.exe	89
PID 340 wrote to memory of 1256	340	msedge.exe	89
PID 340 wrote to memory of 1256	340	msedge.exe	89
PID 340 wrote to memory of 1256	340	msedge.exe	89
PID 340 wrote to memory of 1256	340	msedge.exe	89
PID 340 wrote to memory of 1256	340	msedge.exe	89
PID 340 wrote to memory of 1256	340	msedge.exe	89
PID 340 wrote to memory of 1256	340	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://translate.google.com/?sl=sv&tl=en&text=han letade hela bile men inte hittade henne &op=translate
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc6ba346f8,0x7ffc6ba34708,0x7ffc6ba34718
  2⤵
  PID:4176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,490434843274047552,3715985276585488323,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2028 /prefetch:2
  2⤵
  PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,490434843274047552,3715985276585488323,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,490434843274047552,3715985276585488323,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
  2⤵
  PID:1256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,490434843274047552,3715985276585488323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:2976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,490434843274047552,3715985276585488323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:3312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,490434843274047552,3715985276585488323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
  2⤵
  PID:680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,490434843274047552,3715985276585488323,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,490434843274047552,3715985276585488323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,490434843274047552,3715985276585488323,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,490434843274047552,3715985276585488323,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4652 /prefetch:8
  2⤵
  PID:636
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,490434843274047552,3715985276585488323,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4652 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,490434843274047552,3715985276585488323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:2720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,490434843274047552,3715985276585488323,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4028 /prefetch:1
  2⤵
  PID:1660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,490434843274047552,3715985276585488323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3604 /prefetch:1
  2⤵
  PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,490434843274047552,3715985276585488323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4016 /prefetch:1
  2⤵
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,490434843274047552,3715985276585488323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
  2⤵
  PID:2224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,490434843274047552,3715985276585488323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1
  2⤵
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,490434843274047552,3715985276585488323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:4492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2036,490434843274047552,3715985276585488323,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6052 /prefetch:8
  2⤵
  PID:1876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2036,490434843274047552,3715985276585488323,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6060 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,490434843274047552,3715985276585488323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,490434843274047552,3715985276585488323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6848 /prefetch:1
  2⤵
  PID:1128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2036,490434843274047552,3715985276585488323,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6924 /prefetch:8
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2036,490434843274047552,3715985276585488323,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5836 /prefetch:8
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2036,490434843274047552,3715985276585488323,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2832
- C:\Users\Admin\Downloads\TLauncher-2.919-Installer-1.3.4.exe
  "C:\Users\Admin\Downloads\TLauncher-2.919-Installer-1.3.4.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3968
- - C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
    "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1773458 "__IRAFN:C:\Users\Admin\Downloads\TLauncher-2.919-Installer-1.3.4.exe" "__IRCT:3" "__IRTSS:24067031" "__IRSID:S-1-5-21-4092317236-2027488869-1227795436-1000"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:4128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,490434843274047552,3715985276585488323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1048 /prefetch:1
  2⤵
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,490434843274047552,3715985276585488323,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,490434843274047552,3715985276585488323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7252 /prefetch:1
  2⤵
  PID:3724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,490434843274047552,3715985276585488323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6468 /prefetch:1
  2⤵
  PID:2320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,490434843274047552,3715985276585488323,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7176 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,490434843274047552,3715985276585488323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7000 /prefetch:1
  2⤵
  PID:2724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,490434843274047552,3715985276585488323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:3308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,490434843274047552,3715985276585488323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7328 /prefetch:1
  2⤵
  PID:1120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,490434843274047552,3715985276585488323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7680 /prefetch:1
  2⤵
  PID:440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,490434843274047552,3715985276585488323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7828 /prefetch:1
  2⤵
  PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,490434843274047552,3715985276585488323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7668 /prefetch:1
  2⤵
  PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,490434843274047552,3715985276585488323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7528 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,490434843274047552,3715985276585488323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8028 /prefetch:1
  2⤵
  PID:1272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,490434843274047552,3715985276585488323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
  2⤵
  PID:1132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,490434843274047552,3715985276585488323,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6308 /prefetch:1
  2⤵
  PID:1848

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1260

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3240

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
846ce533b9e20979bf1857f1afb61925

SHA1
4c6726618d10805940dba5e6cf849448b552bf68

SHA256
b81574d678f49d36d874dc062a1291092ab94164b92f7e30d42d9c61cc0e77c3

SHA512
8fb228fae89f063159dabc93871db205d836bdb4ec8f54a2f642bd0b1ac531eea0c21234a8ca75a0ae9a008d2399a9bf20a481f5d6a6eab53a533cd03aeaaa2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
104aab1e178489256a1425b28119ec93

SHA1
0bcf8ad28df672c618cb832ba8de8f85bd858a6c

SHA256
b92c19f079ef5948cb58654ce76f582a480a82cddc5083764ed7f1eac27b8d01

SHA512
b4f930f87eb86497672f32eb7cc77548d8afb09ad9fdba0508f368d5710e3a75c44b1fd9f96c98c2f0bd08deb4afde28330b11cf23e456c92cc509d28677d2cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
67KB

MD5
d2d55f8057f8b03c94a81f3839b348b9

SHA1
37c399584539734ff679e3c66309498c8b2dd4d9

SHA256
6e273f3491917d37f4dbb6c3f4d3f862cada25c20a36b245ea7c6bd860fb400c

SHA512
7bcdbb9e8d005a532ec12485a9c4b777ddec4aee66333757cdae3f84811099a574e719d45eb4487072d0162fa4654349dd73705a8d1913834535b1a3e2247dc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
36KB

MD5
f1a0211f0bb527f989b86e10df23e75e

SHA1
15f35db2b8564b70c0df2843a0dee2a7d1fd1e8c

SHA256
e0089265707314ddd8b9ed8469b5576e36818983437199519121ab4a6a903d57

SHA512
65a9e786973cd5f988692a32aeff33bd5c989965d56e4d9987281a6344dc05758b2fba0e230dfa6a15e921058253d67a38c0e276ad336118cd56352036908f9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
1.1MB

MD5
1f557ae943b3a1e823b56cf9d410e7c3

SHA1
1340fc7fa2cf9fade7bebcc8b4dc62a1686aad54

SHA256
40f47bca0281df7ada22465ba6c706a9ccf9580288915aad5d42c2949521a7bb

SHA512
32d8f83a30ed7179a74ebc7bdcd454d2f5895592f078910564c8bf40490d92c24a836f50b359345cdf4f0288f9a922b0185beeccbc4007205ba50f585de20169

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
32KB

MD5
bbc7e5859c0d0757b3b1b15e1b11929d

SHA1
59df2c56b3c79ac1de9b400ddf3c5a693fa76c2d

SHA256
851c67fbabfda5b3151a6f73f283f7f0634cd1163719135a8de25c0518234fc2

SHA512
f1fecb77f4cdfe7165cc1f2da042048fd94033ca4e648e50ebc4171c806c3c174666bb321c6dda53f2f175dc310ad2459e8f01778acaee6e7c7606497c0a1dea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
74KB

MD5
bc9faa8bb6aae687766b2db2e055a494

SHA1
34b2395d1b6908afcd60f92cdd8e7153939191e4

SHA256
4a725d21a3c98f0b9c5763b0a0796818d341579817af762448e1be522bc574ed

SHA512
621386935230595c3a00b9c53ea25daa78c2823d32085e22363dc438150f1cb6b3d50be5c58665886fac2286ae63bf1f62c8803cb38a0cac201c82ee2db975c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
92KB

MD5
61865ba30bd70f3586fc72ce6bc05f66

SHA1
e397b947ae8e7600163fa5fa482b8f5943c5e60f

SHA256
38b18040d16744558601d37c8674bcb48ef370c2c9093ecc54684715e696147b

SHA512
2a027fb3a31764ea0d6e60264fc671f317b64572745dcf1e0475f1dc8b4952a437855fa720c7b737a3385424e958f5d9a17c6e63931ae119ee3c05980e8e4665

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
106KB

MD5
146fa7222c9dc44ed1dbfa20d6ec1975

SHA1
bd18be365ebd97afd7af74b865b7d9e50fcb46cf

SHA256
a304e05e2969af8002c960289200dc36777dd8469f385718c9c660c3d5c19ff8

SHA512
f761030db1ee72cf24c76803d9112075ed98a65de4c4f1e61d1d6853e314be322cab1c46106c7f58ac60717180a19f754c78bbdaed1af58fe6507bd6756d74eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
198KB

MD5
319e0c36436ee0bf24476acbcc83565c

SHA1
fb2658d5791fe5b37424119557ab8cee30acdc54

SHA256
f6562ea52e056b979d6f52932ae57b7afb04486b10b0ebde22c5b51f502c69d1

SHA512
ad902b9a010cf99bdedba405cad0387890a9ff90a9c91f6a3220cdceec1b08ecb97a326aef01b28d8d0aacb5f2a16f02f673e196bdb69fc68b3f636139059902

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\072dad19007287ae_0

Filesize
278B

MD5
3897d107142319d74b42efe49ef28cf4

SHA1
1aae7397d446ca83f14ba4e8945d67735887399a

SHA256
3ad44a106038763d902308fd0e26fdd91b317d1e887039dcc8b374a478ee730f

SHA512
dd73e573c7ff8d47542555294afc30c30a371a93e3994fb75eab078a67dd497bf152cf7bba98cdec20e7f3cb8bda03b360cff96c63fc737b50925ca523dd8ca1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8954f0cbfaf60fb5_0

Filesize
360KB

MD5
285f82e2e1692d15930fe205840ad5f7

SHA1
1bd0d18951cc8d4da6f8c5e7041d7728b5159c76

SHA256
29af7a45204596c7b742c06e4744148446431a48afc92ddf8d606eed508b5906

SHA512
b78a2153377b636678f5aa77b414dc858ef0786ccb53450743ed7fa2a29384ff88f246deb56448c63bef239abaac4b926e24a89ba4f8f136ecbedf4057f68cc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8975cd07bff7cff5_0

Filesize
285KB

MD5
854b719611e8e0de8d44e7bbe639af50

SHA1
d3fe76a91b3ae0ab4d3d8f3df3bd94d7cec3a00f

SHA256
a61e5d5f652c136413b08686e9bcd2e73a5e99e3a23b23145192e63410783281

SHA512
afb7bbd146c58f76744b2c45ecd8284117b683788e9f706a7293f6fa0ef14623881324427d520a54d478099bbacf19140039907b1f0e4e02e8098efeb5ccca86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\978e2cfd6caa4ca9_0

Filesize
264B

MD5
30f8c5440c8c2e07c3ea1a3ed6c6b060

SHA1
48503badc2e97cd2ac84cadef4daefbf5f178211

SHA256
6fd9a1d69371586cfdc1210d8c89a0e5dd6fd2eff742660923f29d067ea4a764

SHA512
5a9cbae932d3c501db1cba630a23b288a64382f59197f3a89d32beb253c169913669e48b86bf32f0154f6236fe8fcc5f90cf97c0bb76100b39223057dc595a1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\98726e29d6320f94_0

Filesize
221KB

MD5
3aab09a24597143ffefb142236445907

SHA1
c1fc51ea17995c2f1cce8e64f4836080534bd840

SHA256
7983ebef29fb2e93a710d9dd9bca8094bd84f3bee041ed561c76aac4b5d8d9ad

SHA512
75372c4252c66ac269d3b8e9df14f6c4ebc965df81aa2b8ccfbc3f7608ea9ddfe21c02734796ebe9a1bf36bed1271af440e1a4b606acdedd162508cd9118ee2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c65add0ab5beb30f_0

Filesize
292B

MD5
ac279e4a8eff024f08ef8a296bf53363

SHA1
14b4c69da308b0f5ebd6e29654c5300a6016349a

SHA256
c9f069591852c5f8fee1efc79777cb09a576dd5d2dcbfda1a20afac537477793

SHA512
ec2c9630abd8ca29d9533ac91aa7a712484306020ace3f5ccc3d0fd12406d3d21940da62f7fdb30c1177bc1bfff640aa8a089a83529f887754e6b0c55d4d8901

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
700ff9b16723ba8735e128b3cc4b8216

SHA1
b0d54e375edb253a4a7e4facb96e545aa9a21106

SHA256
5108b3757e124c567178a37a9dc5374a8cc8ddb98c35d136048b3cf5e92a6110

SHA512
3c26c6c58c7d1842e819f1222c51431a48cb0123561299d77a482b0ea1d2e6b2476035b24aa90b25fdbb671296323237697f00dc5454ad5d570efdc914c04919

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
30a401a7d49a6a5a1aa38271eca6ec9b

SHA1
cc54257298dc9e35e2d1bb1f1b98aa895a74e902

SHA256
998894b23595644f2b84338f7c78f4c67136523fa063a2cc1bff910a1c2e9dea

SHA512
c353ea43370ac1e6e9a4a23c57a0431efa67f519de53233ad966e21188e9e7408c69abadfd44d1094adb522cb0946cf30a329f7c9dee5b8dbf29cb3a45011dd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
17f5fb7faaf406bd457a07919619af01

SHA1
55fed4a9fac271019739784a6446d555ac722456

SHA256
f4c90665fdcc43a2b75a829a19c9da5f1aad64f7754ce6c91643cd8637e8b10b

SHA512
3a0e18ec18a63b7bb265f04cbc59947d15fbd4d12df7afaff80bb5e7cabb722365d9f2bdd0b87f9c3dd4b06124c512da534ce0aefa2d3a99549e32a178dd55fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
aeee5f5d3a343f2b01bd39be5d9a258f

SHA1
dfefbef832cf402e543a529ca8239b3527a76489

SHA256
6ce5ad253a1172e7f944aa49381d740f3e7145c0a2c887dee98f8a2adf91b8d6

SHA512
776f5269a499efb4b4229ae86fe4fbc7ba19cc2e38366979b5447307a44834926e36a91423ad69ee6256b5b29f971df9c5c952b053654672432817940e3122f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
e4fe3060485489ebe4fcab75068a031d

SHA1
382ee56637be5ef686b84b39f2d7e5591990475d

SHA256
3a9221a973916e3e05c31fd588d009ceb564ffd262ce8abbd5a9d283f1d24a52

SHA512
dff65aec90676c3dfaef1feb7579d1e71a083c155185d93c23e878b16c6d8841a595336725a29bd0263a458bb24ef36a39155e03cd23ed72aac35d51108b4ea8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
32062805dd2216116cf5db9fb0ce6df5

SHA1
e81cbd03518160a2212f9a7d8e8676163dacf644

SHA256
561cc7768689e9dc277a1ca4ab32f21d79969d95e2a62599b5779ad3a521d5e3

SHA512
9980ff0d383d39244d0cacbcd6c25436845195171726df08e463d4095702c5f4c661739e785cdfa3b76c8cbf41150ed5ee68a351f9393cb089e7549336d7536f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4ec76d905cfc7b367290c6e32cab9174

SHA1
5f142cf8d1c40524bf6198b7ec3dea7060261829

SHA256
012f782921ec3a1d7bb1ffb7010ece2390e203341afac652afcfc253a38b20c8

SHA512
494ead2e439f3f3e25195c7052781c7d0e6d5dece946426206208b92a5cd726699bce96d61d21928aaf9cd85b4e6c24991c7562568b90710b0df1db9b3c3f2de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
cb504afffc71158060eab75290a87a27

SHA1
cdf1b23576068c31fc27929b5d31c5d32ccf58c0

SHA256
e75860c8fa5f5a1504f48aee43304fe174793ba3f596984970fd17fde43979c1

SHA512
864ef90e103352bc050ad28f447d490ccefe0e34de11f8f3e42a7e1a438e1213e16fa8018fac3b245f25d02c6e9d17118fc4f62f83e9c38902534881991f74bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1d3e71ba9ad26a2619a1347a6c053730

SHA1
8b10a96bd5b95f8517084dc71d76210da29b52ff

SHA256
8039b35514a358d144040836d214ae711f8608dfcce3acbc529d1fda5489dd75

SHA512
cd97fe718f57ccd577865db0270cfe3e40ac9140cdfc882265b24e39e376935dd8cfa69d6f939bec82ea5a369d31dd1b50195f5ccf27cdf81009411a1eb20f90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
08508e0ad7b1bb3ff64ce4148638518d

SHA1
311ddd93be53fd9d442f97c9e7c587c28417e4e1

SHA256
47982f8ff16c5214a7141633a728896e02428ea2ec865f7c4237c4663b585955

SHA512
f48182dc0cd273f2b377ff85aa215397f84dfda461e9d676fbebe2e3850832a19bc9b15786853181cb44d52d68ebc790a6b989d217a668e889fe3729c70a17c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
0eca7ed05aa6785bc568d1141b4cb44a

SHA1
f49ed7ffead6bb79c8f1112e6105562e64726a6c

SHA256
81990cc4b720f5965eade7b28bc088a1689ce7aed514a600b67c8c1248f75821

SHA512
6095058daad8d66962ec05cb9c511ea1f75901fc50cf8225706c23562abec458e92e12d3561d2090d9fd9acc9a264712e506f20d0608c9ebe603cd15e8cfaa80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
6d87468037292fed88e26b689827ba7c

SHA1
679f5cf9c39bc0f4468d0f966a0eaffb3ee7ae8e

SHA256
0290764918bf71303de170db05938fb5a8fda5dc6544accd8b5444a7da66656b

SHA512
bcfe9d33cf558c003e25bac70f04d33958c08e3f5bea8bcae938ab0e59dc5e92b435d95c530a08c16173de183fd3be7aa1e8a15bb0651cce6209c2a8c168aafb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
aa732fe3e95a69a57a2087d5a6a84f62

SHA1
98aa53cf53be793167ebb5dfc0b6278cb790e4f9

SHA256
2dc4c3ddceb2a4e3753dc9181ab88787a889da021d4349a9bf6617c4236eb963

SHA512
cc7ef60a4c977e214da397c9a9e8b14e05e70da9dd30254f79890cbfe2a3d887a6c2917f8749efdd745f154980e5dc1d0bc265a398dc67c8033254429842c9a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
41ab1eb486e8dc849e61bc2a8b97b829

SHA1
16005b5c4d4b0883ed6736b3a43ce88644432bcb

SHA256
f7357aa90c4920cace463db467d1c0c635d16a2810e26766b6971c48b3e1c02a

SHA512
adbe8da463fdbd45b974d41700a93a6558ad7977087a3366cb1fb650beb71329b40aa02c574f7fac73324e1a1d1965850c3a27d9e7c70ee20fb1355a6881eff6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
2109f7da4cdc43b0994a7fe4cf850223

SHA1
0b6e6d6aa99d172e0ff0b0c4a7c0de9735ea09ae

SHA256
d80ea7ec68dc325d15458834f458ef8d4af065ec5abd78eb7dc52709e3f98d10

SHA512
df1f9270df1d2245e0e7961a60ef8d8692e594b828f995088c948231f8baf56c4f367c4e71436cc66677ce711a869fd4df142b8853ea6233f80e5dc0dc03f48a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a66d559798704f0abcf66c5924ae6f67

SHA1
aad1d5e480da7895a833de8cd33a451b9fb0f1a7

SHA256
885a9c9b32f5e2e04eb95dfc3377b86f4705008d4b2bdbceedde8e5e3408bb17

SHA512
4ac32990f62c74d7397dbbdd42d9be4bceb64ddb97a7a6cabcdf7b3d8ffe930c885f92224f72d9946870bff85ed333971b72092a29a517f8e49eebe38d08462e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
f597db1b3a10503bfc16d3fa6a98ff4d

SHA1
6157df6693de3ff5e172ae82e4c61beb8a573e2e

SHA256
39b0aac027f5e7b0339a1006eb4dde9a534048b44cac6d4b9cadf385abdbdb07

SHA512
768b63bdef4902401476d34d6e182c96a3d2818b05f21006a2d98e4c10befe76fab224d5d6e344c419487beb29074f46e03b5157926add62eb12e13fee6f0198

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
fd7f9d634511848ce21a09e300ae8a53

SHA1
819d80ec598ebf78f5eb8ec1b0af085b8a61486a

SHA256
9321204270d19542018c52fc2ec4b4596e1856f0efc9511aa482cb8e0e05f929

SHA512
ae184ec6432e440806baaf073d1b18b023422ede32871953ae2952c50062fdb886a78b417ee39d473bfb702c4b8ab7043f8e1f3ebd828bff948710fddd5b09e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\d9e8af0704e633671c505a5d3b8272e40e9fb439\24043c43-b4fa-4eb6-b01f-be3bd5627c31\index-dir\the-real-index

Filesize
1KB

MD5
dd3423424614d8cf7216de01745aada8

SHA1
1d24783122fb8c3cfe0942c1d49a076b0df166f8

SHA256
89e75ddfda06906f8c7b576cdbddb771fc2b7c7df41f3aed7fca7c7a0de07bfc

SHA512
e1dcf47706a12d255f996b679dcc2db03ee9b27f20ff2bba71630775accb29ffd30c1be0c5be4b9cbabafd1df1eac9147bf436c5e423ebf9cf2ed9d4de3f0139

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\d9e8af0704e633671c505a5d3b8272e40e9fb439\24043c43-b4fa-4eb6-b01f-be3bd5627c31\index-dir\the-real-index~RFe5a905a.TMP

Filesize
48B

MD5
ee8177f28ecb0539d2cedd5bc8433a94

SHA1
0f7903b846d13576d683a470c7e7b709644ef075

SHA256
afd0e6e6f8afa632e7c002ac0994cc967850ed9857440ac35a07b25df9a8728d

SHA512
79b16c65fd9b87ab2ef0167fb7b573accaff580f1acdb6211aff67ab7fd23277e87b0e1d0c342c90f20c7606c9df440fd58c16782732b9b37f75f1418e12c749

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\d9e8af0704e633671c505a5d3b8272e40e9fb439\6374ed02-981b-4ee6-8ece-f1a63ccd2f37\index-dir\the-real-index

Filesize
96B

MD5
e1a2dacff4ac3007dd57345600ea4b3b

SHA1
f091e5c0bda318174166a0f5ddc8b71a0ca5680e

SHA256
c5505aa51123de46e8ebaa51a19bcb6c55ccf824a61059ab4e37c73e2b959fc6

SHA512
cdbea903f6b94417818e26456b9357c57e1acfff71ca0c7f6cd201975703ef68cb1363a18cedd93c5d7d2a69a1857d074a1f405f5e8392b49a612736a31ccf7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\d9e8af0704e633671c505a5d3b8272e40e9fb439\6374ed02-981b-4ee6-8ece-f1a63ccd2f37\index-dir\the-real-index~RFe59b3c6.TMP

Filesize
48B

MD5
79a967eea2b34a83ee35f33480b8866f

SHA1
f9063d5990e37b456d8867445779117698c734a3

SHA256
ea47d0706635c8580c2971a4b4137d1ec8ed67c9d12c69ffe2569aa1d6e85bac

SHA512
91b343eb86292f5c7d1f95db96f8468a06404cc8a54c2dafc47ad6ab1111af9500934f911680eb1cae574daf4be015508c203b64f4f0c6b19b3d6d0cdf932fde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\d9e8af0704e633671c505a5d3b8272e40e9fb439\index.txt

Filesize
90B

MD5
8b71d2a3f60fbbd5b7024bedf56c1e1b

SHA1
969c0d69cf7dfbc987ad536d2bc65aa454261bbe

SHA256
474ff1da195aaf4790ee20a13d5c5e1add05cb94f0f964b0e4087ad75912e954

SHA512
956af2f274319ffbda1cc747bc4e27a62658018cf5fbf5394514fda80188ef791207c175e4166881774730abc4eb1e8f4a255cce4b0332cc488e34108680d983

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\d9e8af0704e633671c505a5d3b8272e40e9fb439\index.txt

Filesize
85B

MD5
07e774bf2a8a8c7512886124000d088a

SHA1
33c8ba2891b6a1792921f00ac6e44e6903d7fc6d

SHA256
460c943b85bef0eb1a824a97a4f7a76abff0772e3daeef755febea6e55ce388c

SHA512
809dc2e3abfa44238b14abd4862ff21c6ef0e0a3bb6061e2cda2115af6ed259a24e98cdbb9cb9595d49e420c7de07177db83234677427e089e097b6d61696f80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\d9e8af0704e633671c505a5d3b8272e40e9fb439\index.txt

Filesize
152B

MD5
221bb4b0db0a8bea024378c94f9ac18e

SHA1
a85d241deca470293eca5d1bb85b813f9ca9e9a5

SHA256
a79a9f0aa80aaff0d3d0d6779bbfe0f74bed7759808da67151a56bc5b0e44757

SHA512
fd12a16ce93b01c2be398ce2ca56acc6c561e658e240f02666893d3fe464ec047673bf04d189b63d1060bf0d6e6b602382152e97caae9d90c69b276c0e75b257

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\d9e8af0704e633671c505a5d3b8272e40e9fb439\index.txt

Filesize
152B

MD5
cbb5032a879490284aaaa38004323377

SHA1
677bfde2ce5ec68245f774d9169130b537cb992b

SHA256
bc59c62b8184ff91794530cd6f6dbd464bcccd22f9ba0ad00a68df1b5efc589a

SHA512
cb46d6735bf399089a0b74b7241d9b31b59289c060f64ccb4bbd6153aac7ffb6204e297d0ff071bf907430579fafed659e215bd714cac4efc75b5033d16c2c4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
e32e79b103d27453fd7d498c5e688c64

SHA1
44d04e8fb7e17d38168d480a31da3bac58b77f91

SHA256
e1e04bec56169ddd7fd927bd9f496dc2f108709c2e5857057840b5e9ce04a60f

SHA512
53e24c3b4d57939f9acc86c9800877165aa9e0f7ea58439ce91b90b0700718f9938fbbd847a5d111bddcb98d605205c7323a4ea2281c4385c343372817027cf8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59b31a.TMP

Filesize
48B

MD5
b2712f612446d042b19e607f8d4f72cf

SHA1
8b0cfc1e64115461086e7fb74653bfb084aad7ea

SHA256
8eb6b1311ca351850d96fdc8a6d34e8b1c7e7db18e3562d359f796d7d62ac0a5

SHA512
6a8cbe544a3442a96f2e93ca850786ee1142d18c4ea354ebaf66f79903b42a62458504cbc4f5ef7b3a45a2cf901553876f259ee1213e1546824b7701b18524f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b13096ecf9e518c219f3cf98dba41f86

SHA1
3c47be07aff94159bd7a6c98fdde9ceb33c7def8

SHA256
242458079b8a2ab54c9dddb5f7d14cdc5b98d98907d9c16cc79db9fc54800312

SHA512
b186ab08272f35d7c707b68b82b9236c02439c30ce53d41423fc6aa557cdac120f4f6b7d32a17db972cc6c3bf96296a851807afcdd4fe38e8813576ec4fd3d93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a1b8b0dca0be3840ca0b1df0ee9f4466

SHA1
d80b193fc6d04dfcc79efadf7d43c2f12e5d60f8

SHA256
220ae17b2fe715a6da1d26906d774c742242f65e7d4633d5474953b7cd8bccb3

SHA512
a43a6f103622c4b04f23ca65458511bbe49ddf43a9af4baefe62c30496ad9ea656cd70499670d9e40d51475e1d02d9e13f51c60a7a6ad1a333f73bfef160a5ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d4fe160fd012f4df04c3ccc4d56f3e6b

SHA1
5cf6345b81713a1a04ee7eb1a50216abf33ddedd

SHA256
da90db2b0a5f03b2194b1726da115dd8e77d282d20be6a98e04d45da800b80b7

SHA512
1f36cdf74090a768a798805174bd52009094b8b0ac273b3ed951dde7e81930b731a59f3938983fd112e724c063444a9e66d6145de1c64b737bbf42626f543ab5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
014a90a73ef5c51302f7469b77d9d081

SHA1
86044d462c006fca8f54e9663fb53e1f6a3cca49

SHA256
5f8792d57a9b7576e750c9fee622d43c409c904c97bcb075db1d4143e1569659

SHA512
d471071f2fda4e8af629df3724ac921dc4695674fedf284d0abba6cb773abd23c8c6a9cad00245d0b4a805d35438087088d92f3e434ede9ac2127d2dcae9c78a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
11d17b4eeeea7ba480ecc57686703fa0

SHA1
8e0c619d0cb6ba22935380b355ae2db2fcd4c1f0

SHA256
a9c08ba2b429cf2fcefebf957ee237ac7cb0e51268764b6cbfdb8f30e9c80740

SHA512
817c4c43b59e76834b6d035b24aef79c1533cadd20286454e14bfb863d90d601634acd437f8851381dfb7cf45c1f50738ceedf0b11a2e0a3814793a86e0ac11a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d09ab39affe580dc58ffabf90f4d2de6

SHA1
fd2e3b45c931a18c2103578f16d321fa7cf8b740

SHA256
68153ac559b494f0b6cd0c3ef3e5794310d5d27cb5fdfb0050dd480d617417ab

SHA512
ca9b863a177b54516e6fe8a671c43ff597ff0d400e01067752303e277ab2d845df3d682f6d8caac569c886e771935c69100de1016ca0bb9e36a3904b4fa2d043

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3c0594e5779d8202b3f60da52ef530f6

SHA1
1c44cfcae4ff039582e4c66c661d482abb25beae

SHA256
dc7f06b6f507c764b9e6c2dcbbd321d5e13cb82b91094d2c30bfd1e6294a7493

SHA512
583be50ddda4f99a85c42125a14b5d5fc3a2a6174ddfcb2096f034ccacab9f886f0db314bab9adc6882db8cf18fa276e243ec53c37a6c58fb79e333ffac3e0f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
5556b36350d12cd73ba2190583e928e3

SHA1
5d91849aafd85c7068193d78e1239f966c9e1116

SHA256
6c05db1200d28afafdb15de69b05e8c8c61af2328f04c790de7b67456f783657

SHA512
0a529b0dc32fd16ab2df7cc1ac4b772f65d72e6f7ada60e120eb0226768ffa222f87d3ddec635d83fdd8d87f2a32be7ebb2c7c4ddcb0fb0b1819fde0092f7ee0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580d88.TMP

Filesize
1KB

MD5
d7ad1da17a16b0a252bdc7dcc46f857f

SHA1
d1b118955eb14e4f7e889f9701c981b90753d2f6

SHA256
93d8416fa356f31a59086f2ab2fa3cde1168808560e6010ce07cbbbf15b75c6a

SHA512
350be239e4bc9402e7184683ef4f79cd3c5afec7dfe43317a4c33481acc982b8c56d96b5646ae951503cc05ab3572a2bae52c1e8dd6f23c55f0d46732af61a65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
46a26d435f9d24e78b294fb2c16bcf7b

SHA1
be0628dd656e4470c176adbd40a9e016b187eb7b

SHA256
6522420d96e43038c62ee96a05f1717db10fa61a617d6b10f2d95100207e7952

SHA512
97369036a528b39516735070a8eb27907ffa939bb3f7ccf29c7ba9e9b35884321b26f1204bbc7a44206f424cd8b5e22c13ba864d080edfe32168164d1c8b7984

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\200.ico

Filesize
116KB

MD5
e043a9cb014d641a56f50f9d9ac9a1b9

SHA1
61dc6aed3d0d1f3b8afe3d161410848c565247ed

SHA256
9dd7020d04753294c8fb694ac49f406de9adad45d8cdd43fefd99fec3659e946

SHA512
4ae5df94fd590703b7a92f19703d733559d600a3885c65f146db04e8bbf6ead9ab5a1748d99c892e6bde63dd4e1592d6f06e02e4baf5e854c8ce6ea0cce1984f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\BrowserInstaller.exe

Filesize
1.6MB

MD5
83a8f0546164c9ba1a248acedefd6e5d

SHA1
7652f353ed74015e7e78bc9f9e305a48d336b6d1

SHA256
e7c5072ec60d32022b3c818c527ad86f4985837a4f0e9fc6477f54ae86d9f1c9

SHA512
111d11acdaef0036ff5cabeb16ed55bf4c681fa6eb3c006af450a0ebadae3e213a8f3abb0f4a9aecc8e893af7a79b4eb7f74a5fc3743e338c3e3136b5d7f9f2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd

Filesize
1.7MB

MD5
dabd469bae99f6f2ada08cd2dd3139c3

SHA1
6714e8be7937f7b1be5f7d9bef9cc9c6da0d9e9b

SHA256
89acf7a60e1d3f2bd7804c0cd65f8c90d52606d2a66906c8f31dce2e0ea66606

SHA512
9c5fd1c8f00c78a6f4fd77b75efae892d1cb6baa2e71d89389c659d7c6f8b827b99cecadb0d56c690dd7b26849c6f237af9db3d1a52ae8531d67635b5eff5915

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd

Filesize
97KB

MD5
da1d0cd400e0b6ad6415fd4d90f69666

SHA1
de9083d2902906cacf57259cf581b1466400b799

SHA256
7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575

SHA512
f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
1.2MB

MD5
697edb9b2b61b0e20e9a00656077dd01

SHA1
286b2d57292a43b438d9115a204251b347601f16

SHA256
1eaf7174a3b8cef9cb0c6e652b5c752d19dd85f4af3f2293e2b5d76ccaa40e01

SHA512
2def9d42c05b5ca232b34cfe212d49701b0a3f8ebddd778068016a4238eda0ec85c9b4c9f6496aec8ac49979ca876f171647c1764e147aebb0ef684115af027e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll

Filesize
325KB

MD5
c333af59fa9f0b12d1cd9f6bba111e3a

SHA1
66ae1d42b2de0d620fe0b7cc6e1c718c6c579ed0

SHA256
fad540071986c59ec40102c9ca9518a0ddce80cf39eb2fd476bb1a7a03d6eb34

SHA512
2f7e2e53ba1cb9ff38e580da20d6004900494ff7b7ae0ced73c330fae95320cf0ab79278e7434272e469cb4ea2cbbd5198d2cd305dc4b75935e1ca686c6c7ff4

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 557289.crdownload

Filesize
23.0MB

MD5
e5a7010c66f923fd0846665f3651cb9a

SHA1
dc1bf163581b6dfc767963ccea95d8096eaa0a4c

SHA256
59c3e95da20d4c986e840826e68b9adee47030967ebc0b1df48886c4f31f5b35

SHA512
d9cd0c45a1337f06385a51260f42076dd5bcb45a3834321f820158f81ad719fabc928962ef2bc23b2bb79f5f56f8237c9f28a5691e2a7ce3402152247ba36d7d

Download Submit
memory/4128-595-0x0000000000D80000-0x0000000001169000-memory.dmp

Filesize
3.9MB

Download
memory/4128-1232-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/4128-1185-0x0000000006430000-0x0000000006433000-memory.dmp

Filesize
12KB

Download
memory/4128-1183-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/4128-1231-0x0000000000D80000-0x0000000001169000-memory.dmp

Filesize
3.9MB

Download